CISA Exam-Test 18 /30 186 Sorry, Your time is over. CISA EXAM-TEST 18 1 / 30 1. When a new system is to be implemented within a short time frame, it is MOST important to: ensure that the code has been documented and reviewed. add last-minute enhancements to functionalities. perform user acceptance testing. finish writing user manuals. It would be most important to complete the user acceptance testing to ensure that the system to be implemented is working correctly. 2 / 30 2. A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process? Whether the system can meet the performance goals (time and resources) Whether the system addresses corporate customer requirements Whether the new system will support separation of duties Whether key controls are in place to protect assets and information resources The audit team must advocate the inclusion of the key controls and verify that the controls are in place before implementing the new process. 3 / 30 3. The use of object-oriented design and development techniques would MOST likely: speed up the system development life cycle (SDLC). improve system performance. enhance control effectiveness. facilitate the ability to reuse modules. One of the major benefits of object-oriented design and development is the ability to reuse modules. 4 / 30 4. Which of the following statement is NOT true about Voice-Over IP (VoIP)? VoIP uses circuit switching technology VoIP is a technology where voice traffic is carried on top of existing data infrastructure Lower cost per call or even free calls, especially for long distance call Lower infrastructure cost 5 / 30 5. During which of the following phases in system development would user acceptance test plans normally be prepared? Implementation planning Feasibility study Requirements definition Postimplementation review During requirements definition, the project team will be working with the users to define their precise objectives and functional needs. At this time, the users should be working with the team to consider and document how the system functionality can be tested to ensure that it meets their stated needs. An IS auditor should know at what point user testing should be planned to ensure that it is most effective and efficient. 6 / 30 6. Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the: existence of a set of functions and their specified properties. relationship between the performance of the software and the amount of resources used ability of the software to be transferred from one environment to another. capability of software to maintain its level of performance under stated conditions. Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functionality of a system represents the tasks, operations and purpose of the system in achieving its objective (i.e., supporting a business requirement). 7 / 30 7. The GREATEST benefit of implementing an expert system is the: protection of proprietary knowledge in a secure central repository. enhancement of personnel productivity and performance. capturing of the knowledge and experience of individuals in an organization. reduction of employee turnover in key departments. The basis for an expert system is the capture and recording of the knowledge and experience of individuals in an organization. This will allow other users to access information formerly held only by experts 8 / 30 8. An advantage of using sanitized live transactions in test data is that: all transaction types will be included. no special routines are required to assess the results. every error condition is likely to be tested. test transactions are representative of live processing. Test data will be representative of live processing; however, it is important that all sensitive information in the live transaction file is sanitized to prevent improper data disclosure. 9 / 30 9. An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that: a backup server be loaded with all relevant software and data. a backup server be available to run ETCS operations with up-to-date data. the systems staff of the organization be trained to handle any event. source code of the ETCS application be placed in escrow. Whenever proprietary application software is purchased, the contract should provide for a source code escrow agreement. This will ensure that the purchasing company will have the opportunity to modify the software should the vendor cease to be in business. 10 / 30 10. A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern? Prototyping is being used to confirm that the system meets business requirements. Not all business functions will be available on initial implementation. Acceptance testing is to be managed by users. A quality plan is not part of the contracted deliverables. A quality plan is an essential element of all projects. It is critical that the contracted supplier be required to produce such a plan. The quality plan for the proposed development contract should be comprehensive and encompass all phases of the development and include which business functions will be included and when. 11 / 30 11. Which of the following functionality is NOT supported by SSL protocol? Integrity Confidentiality Availability Authentication 12 / 30 12. Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited? Perform log analysis. Implement key performance indicators (KPIs). Review service desk reports Conduct a penetration test 13 / 30 13. During an audit of a data classification policy, an IS auditor finds that many documents are inappropriately classified as confidential. Which of the following is the GREATEST concern? Industry security best practices are violated. Information may generally be overprotected. Information may be under protected. Data integrity issues may occur 14 / 30 14. In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: atomicity. consistency. durability. isolation. The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out. 15 / 30 15. Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics? Analyze, Identify, preserve and present Identify, Analyze, preserve and Present Preserve, Identify, Analyze and Present Identify, Preserve, Analyze and Present 16 / 30 16. During the development of an application, quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be: delays in problem resolution. improper documentation of testing. improper acceptance of a program. increased maintenance. The major risk of combining quality assurance testing and user acceptance testing is that the users may apply pressure to accept a program that meets their needs even though it does not meet quality assurance standards. 17 / 30 17. An IS auditor's PRIMARY concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: error handling and credibility checks may not be fully proven. users may prefer to use contrived data for testing. unauthorized access to sensitive data may result. the full functionality of the new process may not necessarily be tested. Unless the data are sanitized, there is a risk of disclosing sensitive data. 18 / 30 18. Which of the following is NOT a true statement about public key infrastructure (PKI)? The Certificate authority role is to issue digital certificates to end users The Registration authority (RA) acts as a verifier for Certificate Authority (CA) Root certificate authority's certificate is always self-signed The Registration authority role is to validate and issue digital certificates to end users 19 / 30 19. A decision support system (DSS) is used to help high-level management: support only structured decision-making tasks. solve highly structured problems. make decisions based on data analysis and interactive models. combine the use of decision models with predetermined criteria. A DSS emphasizes flexibility in the decision-making approach of management through data analysis and the use of interactive models, not fixed criteria. 20 / 30 20. Which of the following is an advantage of prototyping? Prototype systems can provide significant time and cost savings. Change control is often less complicated with prototype systems. The finished system normally has strong internal controls. It ensures that functions or extras are not added to the intended system. Prototype systems can provide significant time and cost savings through better user interaction and the ability to rapidly adapt to changing requirements; however, they also have several disadvantages, including loss of overall security focus, project oversight and implementation of a prototype that is not yet ready for production. 21 / 30 21. An IS auditor reviewing a proposed application software acquisition should ensure that the: product is compatible with the current or planned OS. operating system (OS) being used is compatible with the existing hardware platform. planned OS updates have been scheduled to minimize negative impacts on company needs. OS has the latest versions and updates. In reviewing the proposed application, the auditor should ensure that the products to be purchased are compatible with the current or planned OS. 22 / 30 22. Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization"? To prevent confidential data loss To identify data at rest and data in transit for encryption To provide options to individuals regarding use of their data To comply with legal and regulatory requirements 23 / 30 23. In computer forensics, which of the following is the process that allows bit-for-bit copy of a data to avoid damage of original data or information when multiple analysis may be performed? Imaging Data Protection Data Acquisition Extraction 24 / 30 24. An advantage in using a bottom-up vs. a top-down approach to software testing is that: errors in critical modules are detected earlier. major functions and processing are tested earlier. interface errors are detected earlier. confidence in the system is achieved earlier. The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that errors in critical modules are found earlier. 25 / 30 25. The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it: shortens the development time frame. allows early testing of technical features. facilitates user involvement. facilitates conversion to the new system. The greatest advantage and core objective of RAD is a shorter time frame for the development of a system. 26 / 30 26. Which of the following is the PRIMARY purpose for conducting parallel testing? To enable comprehensive unit and system testing To ensure the new system meets user requirements To highlight errors in the program interfaces with files To determine whether the system is cost-effective The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements by comparing the results of the old system with the new system to ensure correct processing. 27 / 30 27. Which of the following is MOST important for an IS auditor to consider when reviewing documentation for an organization's forensics policy? Access controls Assigned roles and responsibilities Evidence preservation Notification processes 28 / 30 28. Which of the following is the PRIMARY purpose of quality assurance (QA) within an IS audit department? To ensure conclusions are reliable and no false assurance is given To confirm audit practice is aligned with industry standards and benchmarks To regularly assess and improve audit methodology To enforce audit policies and identify any deviations 29 / 30 29. Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? Data mining techniques Packet filtering routers Firewalls Intrusion detection systems (IDSs) Data mining is a technique used to detect trends or patterns of transactions or data. If the historical pattern of charges against a credit card account is changed, then it is a flag that the transaction may have resulted from a fraudulent use of the card. 30 / 30 30. Which of the following should be included in a feasibility study for a project to implement an electronic data interchange (EDI) process? The proposed trusted third-party agreement The necessary communication protocols The detailed internal control procedures The encryption algorithm format The communications protocols must be included because there may be significant cost implications if new hardware and software are involved, and risk implications if the technology is new to the organization. Your score is LinkedIn Facebook Twitter Exit Jute Bags in Dubai | Jute Bags in UAE | Jute Bags in Sharjah