ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 42

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?

Question 411

Report
Export
Collapse

Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?

A.
Have an independent party review the source calculations
A.
Have an independent party review the source calculations
Answers
B.
Execute copies of EUC programs out of a secure library
B.
Execute copies of EUC programs out of a secure library
Answers
C.
implement complex password controls
C.
implement complex password controls
Answers
D.
Verify EUC results through manual calculations
D.
Verify EUC results through manual calculations
Answers
Suggested answer: B

Explanation:

The best way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC) is to execute copies of EUC programs out of a secure library. This will ensure that the original EUC programs are protected from unauthorized changes and that the copies are run in a controlled environment. A secure library is a repository of EUC programs that have been tested, validated, and approved by the appropriate authority. Executing copies of EUC programs out of a secure library can also help with version control, backup, and recovery of EUC programs. Having an independent party review the source calculations, implementing complex password controls, and verifying EUC results through manual calculations are not as effective as executing copies of EUC programs out of a secure library, as they do not prevent or detect unintentional modifications of complex calculations in EUC.Reference:End-User Computing (EUC) Risks: A Comprehensive Guide,End User Computing (EUC) Risk Management

Question 412

Report
Export
Collapse

Which of the following BEST enables the effectiveness of an agile project for the rapid development of a new software application?

A.
Project segments are established.
A.
Project segments are established.
Answers
B.
The work is separated into phases.
B.
The work is separated into phases.
Answers
C.
The work is separated into sprints.
C.
The work is separated into sprints.
Answers
D.
Project milestones are created.
D.
Project milestones are created.
Answers
Suggested answer: C

Explanation:

The best way to enable the effectiveness of an agile project for the rapid development of a new software application is to separate the work into sprints. Sprints are short, time-boxed iterations that deliver a potentially releasable product increment at the end of each sprint. Sprints allow agile teams to work in a flexible and adaptive manner, respond quickly to changing customer needs and feedback, and deliver value faster and more frequently. Sprints also help teams to plan, execute, review, and improve their work in a collaborative and transparent way. Project segments, phases, and milestones are not specific to agile projects and do not necessarily enable the effectiveness of an agile project.Reference:Agile Project Management [What is it & How to Start] - Atlassian,CISA Review Manual (Digital Version).

Question 413

Report
Export
Collapse

Which of the following would BEST ensure that a backup copy is available for restoration of mission critical data after a disaster''

A.
Use an electronic vault for incremental backups
A.
Use an electronic vault for incremental backups
Answers
B.
Deploy a fully automated backup maintenance system.
B.
Deploy a fully automated backup maintenance system.
Answers
C.
Periodically test backups stored in a remote location
C.
Periodically test backups stored in a remote location
Answers
D.
Use both tape and disk backup systems
D.
Use both tape and disk backup systems
Answers
Suggested answer: C

Explanation:

The best way to ensure that a backup copy is available for restoration of mission critical data after a disaster is to periodically test backups stored in a remote location. Testing backups is essential to verify that the backup copies are valid, complete, and recoverable. Testing backups also helps to identify any issues or errors that may affect the backup process or the restoration of data. Storing backups in a remote location is important to protect the backup copies from physical damage, theft, or unauthorized access that may occur at the primary site. Using an electronic vault for incremental backups, deploying a fully automated backup maintenance system, or using both tape and disk backup systems are not sufficient to ensure that a backup copy is available for restoration of mission critical data after a disaster, as they do not address the need for testing backups or storing them in a remote location.Reference:Backup and Recovery of Data: The Essential Guide | Veritas,The Truth About Data Backup for Mission-Critical Environments - DATAVERSITY.

Question 414

Report
Export
Collapse

Which of the following is the BEST way to ensure that an application is performing according to its specifications?

A.
Unit testing
A.
Unit testing
Answers
B.
Pilot testing
B.
Pilot testing
Answers
C.
System testing
C.
System testing
Answers
D.
Integration testing
D.
Integration testing
Answers
Suggested answer: D

Explanation:

Integration testing is the best way to ensure that an application is performing according to its specifications, because it tests the interaction and compatibility of different modules or components of the application.Unit testing, pilot testing and system testing are also important, but they do not cover the whole functionality and integration of the application as well as integration testing does.Reference:CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.3

Question 415

Report
Export
Collapse

Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?

A.
The IT strategy is modified in response to organizational change.
A.
The IT strategy is modified in response to organizational change.
Answers
B.
The IT strategy is approved by executive management.
B.
The IT strategy is approved by executive management.
Answers
C.
The IT strategy is based on IT operational best practices.
C.
The IT strategy is based on IT operational best practices.
Answers
D.
The IT strategy has significant impact on the business strategy
D.
The IT strategy has significant impact on the business strategy
Answers
Suggested answer: B

Explanation:

The best evidence that an organization's IT strategy is aligned to its business objectives is that the IT strategy is approved by executive management. This implies that the IT strategy has been reviewed and validated by the senior leaders of the organization, who are responsible for setting and overseeing the business objectives.The IT strategy may be modified in response to organizational change, based on IT operational best practices, or have significant impact on the business strategy, but these are not sufficient indicators of alignment without executive approval.Reference:CISA Review Manual (Digital Version)1, Chapter 1, Section 1.2.1

Question 416

Report
Export
Collapse

Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?

A.
Perimeter firewall
A.
Perimeter firewall
Answers
B.
Data loss prevention (DLP) system
B.
Data loss prevention (DLP) system
Answers
C.
Web application firewall
C.
Web application firewall
Answers
D.
Network segmentation
D.
Network segmentation
Answers
Suggested answer: D

Explanation:

Network segmentation is the best security measure to reduce the risk of propagation when a cyberattack occurs, because it divides the network into smaller subnetworks that are isolated from each other and have different access controls and security policies. This limits the spread of malicious traffic and prevents attackers from accessing sensitive data or systems in other segments.A perimeter firewall, a data loss prevention (DLP) system, and a web application firewall are also useful security measures, but they do not prevent propagation within the network as effectively as network segmentation does.Reference:CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.3

Question 417

Report
Export
Collapse

A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:

A.
the provider has alternate service locations.
A.
the provider has alternate service locations.
Answers
B.
the contract includes compensation for deficient service levels.
B.
the contract includes compensation for deficient service levels.
Answers
C.
the provider's information security controls are aligned with the company's.
C.
the provider's information security controls are aligned with the company's.
Answers
D.
the provider adheres to the company's data retention policies.
D.
the provider adheres to the company's data retention policies.
Answers
Suggested answer: C

Explanation:

The most important thing for the company to verify when outsourcing the printing of customer statements is whether the provider's information security controls are aligned with the company's. This is because customer statements contain sensitive personal and financial information that need to be protected from unauthorized access, disclosure, modification or destruction. The provider's information security controls should be consistent with the company's policies, standards and regulations, and should be audited periodically to ensure compliance.The other options are also relevant, but not as critical as information security.Reference:CISA Review Manual (Digital Version)1, Chapter 3, Section 3.2.2

Question 418

Report
Export
Collapse

Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?

A.
Assign the security risk analysis to a specially trained member of the project management office.
A.
Assign the security risk analysis to a specially trained member of the project management office.
Answers
B.
Deploy changes in a controlled environment and observe for security defects.
B.
Deploy changes in a controlled environment and observe for security defects.
Answers
C.
Include a mandatory step to analyze the security impact when making changes.
C.
Include a mandatory step to analyze the security impact when making changes.
Answers
D.
Mandate that the change analyses are documented in a standard format.
D.
Mandate that the change analyses are documented in a standard format.
Answers
Suggested answer: C

Explanation:

The best way to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software is to include a mandatory step to analyze the security impact when making changes. This will help to identify and mitigate any security risks or vulnerabilities that may arise from the changes, and to ensure that the software meets the security requirements and standards.The other options are not as effective, because they either delegate the security analysis to someone outside the development team, rely on post-deployment testing, or focus on documentation rather than analysis.Reference:CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.5

Question 419

Report
Export
Collapse

When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;

A.
data analytics findings.
A.
data analytics findings.
Answers
B.
audit trails
B.
audit trails
Answers
C.
acceptance lasting results
C.
acceptance lasting results
Answers
D.
rollback plans
D.
rollback plans
Answers
Suggested answer: A

Explanation:

When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system, it is most effective for an IS auditor to review data analytics findings. Data analytics is a technique that uses software tools and statistical methods to analyze large volumes of data and identify patterns, anomalies, errors or inconsistencies. Data analytics can help to compare the source and target data sets, validate the data quality and integrity, and detect any data loss or corruption during the migration process.The other options are not as effective, because audit trails only record the actions performed on the data, acceptance testing results only verify the functionality of the new system, and rollback plans only provide contingency measures in case of migration failure.Reference:CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.6

Question 420

Report
Export
Collapse

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?

A.
The quality of the data is not monitored.
A.
The quality of the data is not monitored.
Answers
B.
Imported data is not disposed frequently.
B.
Imported data is not disposed frequently.
Answers
C.
The transfer protocol is not encrypted.
C.
The transfer protocol is not encrypted.
Answers
D.
The transfer protocol does not require authentication.
D.
The transfer protocol does not require authentication.
Answers
Suggested answer: A

Explanation:

The most critical finding that the IS auditor should consider when reviewing processes for importing market price data from external data providers is that the quality of the data is not monitored. This is because market price data is essential for financial transactions, risk management, valuation and reporting, and any errors or inaccuracies in the data can have significant impact on the organization's performance, reputation and compliance. The IS auditor should ensure that the organization has established quality criteria and controls for the imported data, such as validity, completeness, timeliness, consistency and accuracy, and that the data is regularly checked and verified against these criteria.The other findings are also important, but not as critical as data quality.Reference:CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.7

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms