ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 54

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Question 531

Report
Export
Collapse

Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?

A.
Integration testing
A.
Integration testing
Answers
B.
Regression testing
B.
Regression testing
Answers
C.
Automated testing
C.
Automated testing
Answers
D.
User acceptance testing (UAT)
D.
User acceptance testing (UAT)
Answers
Suggested answer: C

Explanation:

The best testing approach to facilitate rapid identification of application interface errors is automated testing. Automated testing is the use of software tools or scripts to execute predefined test cases, compare expected and actual outcomes, and report any discrepancies. Automated testing can help to speed up the testing process, increase test coverage, reduce human errors, and improve test accuracy and consistency. Automated testing can also help to detect interface errors that may occur due to incompatible data formats, communication protocols, or system configurations.Reference:

CISA Review Manual (Digital Version), Chapter 3, Section 3.3.11

CISA Online Review Course, Domain 2, Module 2, Lesson 1

Question 532

Report
Export
Collapse

An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor's NEXT action1?

A.
Make recommendations to IS management as to appropriate quality standards
A.
Make recommendations to IS management as to appropriate quality standards
Answers
B.
Postpone the audit until IS management implements written standards
B.
Postpone the audit until IS management implements written standards
Answers
C.
Document and lest compliance with the informal standards
C.
Document and lest compliance with the informal standards
Answers
D.
Finalize the audit and report the finding
D.
Finalize the audit and report the finding
Answers
Suggested answer: C

Explanation:

The auditor's next action after finding that there is an informal unwritten set of standards in the IS department is to document and test compliance with the informal standards. This is because the auditor's role is to evaluate the adequacy and effectiveness of the existing controls, regardless of whether they are formal or informal, written or unwritten. The auditor should also assess the risks and implications of having informal standards, such as lack of consistency, accountability, or traceability. The auditor should not make recommendations, postpone the audit, or finalize the audit without performing the audit procedures.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.21

CISA Online Review Course, Domain 1, Module 1, Lesson 12

Question 533

Report
Export
Collapse

Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

A.
Deviation detection
A.
Deviation detection
Answers
B.
Cluster sampling
B.
Cluster sampling
Answers
C.
Random sampling
C.
Random sampling
Answers
D.
Classification
D.
Classification
Answers
Suggested answer: D

Explanation:

The most useful analytical method when trying to identify groups with similar behavior or characteristics in a large population is classification. Classification is a technique that assigns data points to predefined categories or classes based on their features or attributes. Classification can help to discover patterns, trends, and relationships among the data and reveal the similarities or differences among the groups. Classification can also help to support decision making, prediction, or recommendation based on the data analysis.Reference:

CISA Review Manual (Digital Version), Chapter 3, Section 3.4.21

CISA Online Review Course, Domain 2, Module 3, Lesson 12

Question 534

Report
Export
Collapse

When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (Al) system, the IS auditor should be MOST concerned with the impact Al will have on

A.
employee retention
A.
employee retention
Answers
B.
enterprise architecture (EA)
B.
enterprise architecture (EA)
Answers
C.
future task updates
C.
future task updates
Answers
D.
task capacity output
D.
task capacity output
Answers
Suggested answer: B

Explanation:

The auditor should be most concerned with the impact AI will have on enterprise architecture (EA) when reviewing a project to replace multiple manual data entry systems with an AI system. EA is a comprehensive framework that defines the structure, components, relationships, and principles of an organization's IT environment. EA can help to align the IT strategy with the business strategy and ensure the coherence, consistency, and integration of the IT systems and services. Replacing manual data entry systems with an AI system may have significant implications for the EA, such as changing the business processes, data flows, security requirements, performance standards, or governance models. The auditor should assess whether the project has considered the impact of AI on EA and whether the EA has been updated accordingly.Reference:

CISA Review Manual (Digital Version), Chapter 1, Section 1.41

CISA Online Review Course, Domain 5, Module 1, Lesson 22

Question 535

Report
Export
Collapse

After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit Which of the following risks is MOST affected by this oversight?

A.
Inherent
A.
Inherent
Answers
B.
Operational
B.
Operational
Answers
C.
Audit
C.
Audit
Answers
D.
Financial
D.
Financial
Answers
Suggested answer: C

Explanation:

The risk that is most affected by this oversight is audit risk. Audit risk is the risk that the auditor may express an inappropriate opinion or conclusion based on the audit evidence obtained. Audit risk consists of inherent risk, control risk, and detection risk. Inherent risk is the risk that material errors or frauds exist in the audited area before considering the effectiveness of internal controls. Control risk is the risk that the internal controls fail to prevent or detect material errors or frauds. Detection risk is the risk that the auditor fails to identify material errors or frauds using the audit procedures performed. In this case, the auditor has overlooked evidence that could contradict a conclusion of the audit, which increases the detection risk and consequently the audit risk.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.31

CISA Online Review Course, Domain 1, Module 1, Lesson 32

Question 536

Report
Export
Collapse

An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?

A.
Degradation of services
A.
Degradation of services
Answers
B.
Limited tolerance for damage
B.
Limited tolerance for damage
Answers
C.
Decreased mean time between failures (MTBF)
C.
Decreased mean time between failures (MTBF)
Answers
D.
Single point of failure
D.
Single point of failure
Answers
Suggested answer: D

Explanation:

The greatest concern with this situation is that a business-critical application does not currently have any level of fault tolerance and thus has a single point of failure. A single point of failure is a component or element of a system that, if it fails, will cause the entire system to stop functioning. Fault tolerance is the ability of a system to continue operating without interruption or degradation in the event of a failure of one or more of its components or elements. Fault tolerance can be achieved by using techniques such as redundancy, replication, backup, or failover. A business-critical application should have a high level of fault tolerance to ensure its availability, reliability, and continuity.Reference:

CISA Review Manual (Digital Version), Chapter 5, Section 5.51

CISA Online Review Course, Domain 3, Module 3, Lesson 22

Question 537

Report
Export
Collapse

An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data Which of the following is the PRIMARY advantage of this approach?

A.
Audit transparency
A.
Audit transparency
Answers
B.
Data confidentiality
B.
Data confidentiality
Answers
C.
Professionalism
C.
Professionalism
Answers
D.
Audit efficiency
D.
Audit efficiency
Answers
Suggested answer: D

Explanation:

The primary advantage of this approach is that it improves audit efficiency. Audit efficiency is the measure of how well the audit resources are used to achieve the audit objectives. Audit efficiency can be enhanced by using methods or techniques that can save time, cost, or effort without compromising the quality or scope of the audit. By requesting direct access to data required to perform audit procedures instead of asking management to provide the data, the auditor can reduce the dependency on management's cooperation, availability, or timeliness. The auditor can also avoid potential delays, errors, or biases that may occur when management provides the data.Reference:

CISA Review Manual (Digital Version), Chapter 2, Section 2.41

CISA Online Review Course, Domain 1, Module 1, Lesson 42

Question 538

Report
Export
Collapse

A new system development project is running late against a critical implementation deadline Which of the following is the MOST important activity?

A.
Document last-minute enhancements
A.
Document last-minute enhancements
Answers
B.
Perform a pre-implementation audit
B.
Perform a pre-implementation audit
Answers
C.
Perform user acceptance testing (UAT)
C.
Perform user acceptance testing (UAT)
Answers
D.
Ensure that code has been reviewed
D.
Ensure that code has been reviewed
Answers
Suggested answer: C

Explanation:

Performing user acceptance testing (UAT) is the most important activity before implementing a new system, as it ensures that the system meets the user requirements and expectations, and that it is free of major defects.Documenting last-minute enhancements, performing a pre-implementation audit, and ensuring that code has been reviewed are also important activities, but they are not as critical as UAT.Reference:CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2

Question 539

Report
Export
Collapse

Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?

A.
Only new employees are required to attend the program
A.
Only new employees are required to attend the program
Answers
B.
Metrics have not been established to assess training results
B.
Metrics have not been established to assess training results
Answers
C.
Employees do not receive immediate notification of results
C.
Employees do not receive immediate notification of results
Answers
D.
The timing for program updates has not been determined
D.
The timing for program updates has not been determined
Answers
Suggested answer: B

Explanation:

The greatest concern for an IS auditor reviewing an online security awareness program is that metrics have not been established to assess training results. Without metrics, it is difficult to measure the effectiveness of the program and identify areas for improvement.The other findings are also issues that need to be addressed, but they are not as significant as the lack of metrics.Reference:CISA Review Manual (Digital Version), Chapter 5, Section 5.3.11

Question 540

Report
Export
Collapse

Which of the following should be of GREATEST concern to an IS auditor when auditing an organization's IT strategy development process?

A.
The IT strategy was developed before the business plan
A.
The IT strategy was developed before the business plan
Answers
B.
A business impact analysis (BIA) was not performed to support the IT strategy
B.
A business impact analysis (BIA) was not performed to support the IT strategy
Answers
C.
The IT strategy was developed based on the current IT capability
C.
The IT strategy was developed based on the current IT capability
Answers
D.
Information security was not included as a key objective m the IT strategic plan.
D.
Information security was not included as a key objective m the IT strategic plan.
Answers
Suggested answer: D

Explanation:

The greatest concern for an IS auditor when auditing an organization's IT strategy development process is that information security was not included as a key objective in the IT strategic plan. Information security is a vital component of IT strategy, as it ensures the confidentiality, integrity and availability of information assets, and supports the business objectives and regulatory compliance.The other options are not as significant as the lack of information security in the IT strategic plan.Reference:CISA Review Manual (Digital Version), Chapter 1, Section 1.31

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms