CISA Exam-Test 26 /30 208 Sorry, Your time is over. CISA EXAM-TEST 26 1 / 30 1. Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: input controls. validation checks. database integrity checks. database commits and rollbacks. Database commits ensure that the data are saved after the transaction processing is completed. Rollback ensures that the processing that has been partially completed as part of the transaction is reversed back and not saved if the entire transaction does not complete successfully. 2 / 30 2. Which of the following security measures BEST ensures the integrity of information stored in a data warehouse? Data dictionary maintenance A read-only restriction Validated daily backups Change management procedures Because most data in a data warehouse are historic and do not need to be changed, applying read-only restrictions prevents data manipulation. 3 / 30 3. What often results in project scope creep when functional requirements are not defined as well as they could be? Project delays Inaccurate resource allocation Insufficient strategic planning Inadequate software baselining 4 / 30 4. An IS auditor finds that the data warehouse query performance decreases significantly at certain times of the day. Which of the following controls would be MOST relevant for the IS auditor to review? Read/write access log controls User spool and database limit controls Permanent table-space allocation Commitment and rollback controls User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes). In a data warehouse, because you are not running online transactions, commitment and rollback does not have an impact on performance. 5 / 30 5. Which of the following is widely accepted as one of the critical components in networking management? Topological mappings Application of monitoring Configuration management Proxy server troubleshooting Configuration management is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. Configuration management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services. 6 / 30 6. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: recommend that the database be normalized. review the conceptual data model. review the justification. review the stored procedures. If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons. 7 / 30 7. Which of the following is the PRIMARY purpose of using data analytics when auditing an enterprise resource planning (ERP) system for a large organization? To determine recovery point objectives (RPOs) To identify business processing errors To identify threats to the ERP To select sampling methods 8 / 30 8. What can be used to help identify and investigate unauthorized transactions? Expert systems Data-mining techniques Postmortem review Reasonableness checks 9 / 30 9. During maintenance of a relational database, several values of the foreign key in a transaction table have been corrupted. The consequence is that: the database will no longer accept input data. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed. the database will immediately stop execution and lose more information. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions. When the external key of a transaction is corrupted or lost, the application system will normally be incapable of directly attaching the master data to the transaction data. Normally, this will cause the system to undertake a sequential search and slow down the processing. If the concerned files are big, this slowdown will be unacceptable. This is a violation of referential integrity. 10 / 30 10. Which of the following is a network diagnostic tool that monitors and records network information? Online monitor Downtime report Help desk report Protocol analyzer Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. 11 / 30 11. In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? Public key Secondary key Primary key Foreign key In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. 12 / 30 12. Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? Parity check Cyclic redundancy check (CRC) Echo check Block sum check The cyclic redundancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and double-bit errors. 13 / 30 13. Which of the following is the PRIMARY purpose of conducting follow-up audits for material observations? To validate remediation efforts To validate the correctness of reported findings To assess the risk of the audit environment To assess evidence for management reporting 14 / 30 14. A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of: concurrent access. unauthorized access to data. a loss of data integrity. deadlocks. Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. 15 / 30 15. Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database? Authentication controls Read/write access log controls Data normalization controls Commitment and rollback controls Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will be completed entirely or not at all, (i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pretransaction state). 16 / 30 16. During the audit of a database server, which of the following would be considered the GREATEST exposure? Database activity is not fully logged. Default global security settings for the database remain unchanged. Old data have not been purged. The password on the administrator account does not expire. Default security settings for the database could allow issues such as blank user passwords or passwords that were the same as the username. 17 / 30 17. A benefit of quality of service (QoS) is that the: communications link will be supported by security controls to perform secure online transactions. participating applications will have bandwidth guaranteed. telecom carrier will provide the company with accurate service-level compliance reports. entire network's availability and performance will be significantly improved. The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic. 18 / 30 18. Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation? Proper identification, authentication, AND authorization Proper authentication Proper identification AND authentication Proper identification 19 / 30 19. Which of the following is MOST directly affected by network performance monitoring tools? Confidentiality Integrity Availability Completeness Network monitoring tools allow observation of network performance and problems. This allows the administrator to take corrective action when network problems are observed. Therefore, the characteristic that benefits the most from network monitoring is availability. 20 / 30 20. Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend? Define alternate processing procedures. Implement the changes users have suggested. Develop a baseline and monitor system usage. Prepare the maintenance manual. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made. 21 / 30 21. When storing data archives off-site, what must be done with the data to ensure data completeness? The data must be normalized. The data must be validated. The data must be synchronized The data must be parallel-tested. 22 / 30 22. What is an edit check to determine whether a field contains valid data? Completeness check Reasonableness check Accuracy check Redundancy check 23 / 30 23. An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes? Measurement against defined and documented procedures Use of Gantt charts and work breakdown structures Alignment of project performance to pay incentives Adoption of business case and earned value templates 24 / 30 24. A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that: analysis is required to determine if a pattern emerges that results in a service loss for a short period of time. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption. WAN capacity is adequate for the maximum traffic demands because saturation has not been reached. The peak at 96 percent could be the result of a one-off incident (e.g., a user downloading a large amount of data); therefore, analysis to establish whether this is a regular pattern and what causes this behavior should be carried out before expenditure on a larger line capacity is recommended. 25 / 30 25. A cyclic redundancy check (CRC) is commonly used to determine the: adequacy of encryption. integrity of a downloaded program. accuracy of data input. validity of data transfer. The accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a cyclic redundancy check (CRC). 26 / 30 26. Within the context of an IT-related governance framework, which type of organization would be considered MOST mature? An organization m a state of dynamic growth with continuously updated policies and procedures An organization with processes systematically managed by continuous improvement An organization with established sets of documented standard processes An organization in which processes are repeatable and results periodically reviewed 27 / 30 27. An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error and have not been rolled back. Which of the following transaction processing features has been violated? Isolation Consistency Atomicity Durability Atomicity guarantees that either the entire transaction is processed or none of it is. 28 / 30 28. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: review the capacity management process. review the adequacy of offsite storage. recommend the use of a compression algorithm. recommend the use of disk mirroring. Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. This will look at capacity from a strategic viewpoint and allow a plan to forecast and purchase additional equipment in a planned manner. 29 / 30 29. During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? Document the current procedure in detail, and make it available on the enterprise intranet. Implement a properly documented process for application role change requests. Hire additional staff to provide a segregation of duties (SoD) for application role changes. Implement an automated process for changing application roles. The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then, the IS director can make the changes to the application. 30 / 30 30. An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy? Percentage of new hires that have completed the training . Percentage of new hires who report incidents Number of reported incidents by new hires Number of new hires who have violated enterprise security policies Your score is LinkedIn Facebook Twitter Exit