ExamGecko
Home / Isaca / CISA / List of questions
Ask Question

Isaca CISA Practice Test - Questions Answers, Page 25

Add to Whishlist

List of questions

Question 241

Report Export Collapse

Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

To optimize system resources
To optimize system resources
To follow system hardening standards
To follow system hardening standards
To optimize asset management workflows
To optimize asset management workflows
To ensure proper change control
To ensure proper change control
Suggested answer: D
Explanation:

Following a configuration management process to maintain applications is the primary reason for ensuring proper change control. Configuration management is a process of identifying, documenting, controlling, and verifying the configuration items and their interrelationships within an IT system or environment. Following a configuration management process can help to ensure that any changes to the applications are authorized, tested, documented, and tracked throughout their lifecycle. This will help to prevent unauthorized or improper changes that could affect the functionality, performance, or security of the applications. The other options are not the primary reasons for following a configuration management process, but rather possible benefits or outcomes of doing so.Reference:

CISA Review Manual (Digital Version), Chapter 4, Section 4.3.31

CISA Review Questions, Answers & Explanations Database, Question ID 225

asked 18/09/2024
Wojciech Oleksiak
39 questions

Question 242

Report Export Collapse

In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?

Configure data quality alerts to check variances between the data warehouse and the source system
Configure data quality alerts to check variances between the data warehouse and the source system
Require approval for changes in the extract/Transfer/load (ETL) process between the two systems
Require approval for changes in the extract/Transfer/load (ETL) process between the two systems
Include the data warehouse in the impact analysis (or any changes m the source system
Include the data warehouse in the impact analysis (or any changes m the source system
Restrict access to changes in the extract/transfer/load (ETL) process between the two systems
Restrict access to changes in the extract/transfer/load (ETL) process between the two systems
Suggested answer: C
Explanation:

Including the data warehouse in the impact analysis for any changes in the source system is the best way to prevent data quality issues caused by changes from a source system. A data warehouse is a centralized repository of integrated data from one or more source systems. An impact analysis is a technique of assessing the potential effects and consequences of a change on the existing system or environment. Including the data warehouse in the impact analysis can help to identify and mitigate any data quality issues that may arise from changes in the source system, such as data inconsistency, incompleteness, or inaccuracy. The other options are less effective ways to prevent data quality issues, as they may involve data quality alerts, approval for changes, or access restrictions.Reference:

CISA Review Manual (Digital Version), Chapter 5, Section 5.41

CISA Review Questions, Answers & Explanations Database, Question ID 226

asked 18/09/2024
Daniel Ramirez
52 questions

Question 243

Report Export Collapse

The GREATEST benefit of using a polo typing approach in software development is that it helps to:

minimize scope changes to the system.
minimize scope changes to the system.
decrease the time allocated for user testing and review.
decrease the time allocated for user testing and review.
conceptualize and clarify requirements.
conceptualize and clarify requirements.
Improve efficiency of quality assurance (QA) testing
Improve efficiency of quality assurance (QA) testing
Suggested answer: C
Explanation:

The greatest benefit of using a prototyping approach in software development is that it helps to conceptualize and clarify requirements. A prototyping approach is a method of creating a simplified or partial version of a software product to demonstrate its features and functionality. A prototyping approach can help to elicit, validate, and refine the requirements of the software product, as well as to obtain feedback from the users and stakeholders. The other options are not the greatest benefits of using a prototyping approach, but rather possible outcomes or advantages of doing so.Reference:

CISA Review Manual (Digital Version), Chapter 4, Section 4.3.11

CISA Review Questions, Answers & Explanations Database, Question ID 227

asked 18/09/2024
Mustafa BeÅŸparmak
40 questions

Question 244

Report Export Collapse

The GREATEST benefit of using a polo typing approach in software development is that it helps to:

minimize scope changes to the system.
minimize scope changes to the system.
decrease the time allocated for user testing and review.
decrease the time allocated for user testing and review.
conceptualize and clarify requirements.
conceptualize and clarify requirements.
Improve efficiency of quality assurance (QA) testing
Improve efficiency of quality assurance (QA) testing
Suggested answer: C
Explanation:

The greatest benefit of using a prototyping approach in software development is that it helps to conceptualize and clarify requirements. A prototyping approach is a method of creating a simplified or partial version of a software product to demonstrate its features and functionality. A prototyping approach can help to elicit, validate, and refine the requirements of the software product, as well as to obtain feedback from the users and stakeholders. The other options are not the greatest benefits of using a prototyping approach, but rather possible outcomes or advantages of doing so.Reference:

CISA Review Manual (Digital Version), Chapter 4, Section 4.3.11

CISA Review Questions, Answers & Explanations Database, Question ID 227

asked 18/09/2024
charles ratchagaraj
49 questions

Question 245

Report Export Collapse

To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?

Review IT staff job descriptions for alignment
Review IT staff job descriptions for alignment
Develop quarterly training for each IT staff member.
Develop quarterly training for each IT staff member.
Identify required IT skill sets that support key business processes
Identify required IT skill sets that support key business processes
Include strategic objectives m IT staff performance objectives
Include strategic objectives m IT staff performance objectives
Suggested answer: C
Explanation:

Identifying required IT skill sets that support key business processes is the first step to enable the alignment of IT staff development plans with IT strategy. An IT strategy is a plan that defines how IT will support the organization's goals and objectives. Identifying required IT skill sets means determining the knowledge, abilities, and competencies that IT staff need to perform their roles and responsibilities effectively and efficiently. This can help to align IT staff development plans with IT strategy, as well as to identify and address any skill gaps or needs within the IT workforce. The other options are not the first steps to enable alignment, but rather possible subsequent actions that may depend on the required IT skill sets.Reference:

CISA Review Manual (Digital Version), Chapter 5, Section 5.11

CISA Review Questions, Answers & Explanations Database, Question ID 229

asked 18/09/2024
Richard Drayer Camacho
41 questions

Question 246

Report Export Collapse

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

Discovery sampling
Discovery sampling
Judgmental sampling
Judgmental sampling
Variable sampling
Variable sampling
Stratified sampling
Stratified sampling
Suggested answer: A
Explanation:

Discovery sampling is an appropriate sampling method for an IS auditor who intends to launch an intensive investigation if one exception is found. Discovery sampling is a type of attribute sampling that determines the sample size based on an acceptable risk of not finding at least one occurrence of an attribute when a given rate of occurrence exists in a population. Discovery sampling can be used by an IS auditor who wants to detect fraud or errors that have a low probability but high impact on an audit objective. The other options are not appropriate sampling methods for this purpose, as they may involve judgmental sampling, variable sampling, or stratified sampling.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.31

CISA Review Questions, Answers & Explanations Database, Question ID 230

asked 18/09/2024
Firasat Siddiqui
50 questions

Question 247

Report Export Collapse

Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?

An increase in the number of identified false positives
An increase in the number of identified false positives
An increase in the number of detected Incidents not previously identified
An increase in the number of detected Incidents not previously identified
An increase in the number of unfamiliar sources of intruders
An increase in the number of unfamiliar sources of intruders
An increase in the number of internally reported critical incidents
An increase in the number of internally reported critical incidents
Suggested answer: B
Explanation:

Signature-based intrusion detection systems (IDS) are systems that compare network traffic with predefined patterns of known attacks, called signatures. The effectiveness of signature-based IDS depends on how well they can detect new or unknown attacks that are not in their signature database. Therefore, an increase in the number of detected incidents not previously identified is the best indicator of the effectiveness of signature-based IDS, as it shows that they can recognize novel or modified attacks.

asked 18/09/2024
shafinaaz hossenny
45 questions

Question 248

Report Export Collapse

An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?

Redundant pathways
Redundant pathways
Clustering
Clustering
Failover power
Failover power
Parallel testing
Parallel testing
Suggested answer: B
Explanation:

Clustering is a technique that allows multiple servers to work together as a single system, providing high availability, load balancing, and fault tolerance. Clustering can limit the potential impact of server failures in a distributed environment, as it can automatically switch the workload to another server in the cluster if one server fails, without interrupting the service. Redundant pathways, failover power, and parallel testing are also useful for improving the reliability and availability of servers, but they do not directly address the issue of server failures.

asked 18/09/2024
Carola Lotito
51 questions

Question 249

Report Export Collapse

IT disaster recovery time objectives (RTOs) should be based on the:

maximum tolerable loss of data.
maximum tolerable loss of data.
nature of the outage
nature of the outage
maximum tolerable downtime (MTD).
maximum tolerable downtime (MTD).
business-defined criticality of the systems.
business-defined criticality of the systems.
Suggested answer: D
Explanation:

IT disaster recovery time objectives (RTOs) are the maximum acceptable time that an IT system can be unavailable after a disaster before it causes unacceptable consequences for the business. IT RTOs should be based on the business-defined criticality of the systems, which reflects how important they are for supporting the business processes and functions. The maximum tolerable loss of data, the nature of the outage, and the maximum tolerable downtime (MTD) are also factors that affect the IT RTOs, but they are not the primary basis for determining them.

asked 18/09/2024
Nuno Silva
40 questions

Question 250

Report Export Collapse

Which of the following documents should specify roles and responsibilities within an IT audit organization?

Organizational chart
Organizational chart
Audit charier
Audit charier
Engagement letter
Engagement letter
Annual audit plan
Annual audit plan
Suggested answer: B
Explanation:

The audit charter is a document that defines the purpose, scope, authority, and responsibility of an IT audit organization. The audit charter should specify roles and responsibilities within an IT audit organization, such as who is accountable for approving the audit plan, who is responsible for conducting the audits, who is authorized to access the audit evidence, and who is accountable for reporting the audit results. The organizational chart, the engagement letter, and the annual audit plan are also important documents for an IT audit organization, but they do not specify roles and responsibilities as clearly and comprehensively as the audit charter.

asked 18/09/2024
Roberto Recine
53 questions
Total 1.402 questions
Go to page: of 141

Related questions