The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1251
- Question
- Answer
- Explanation
- CISA Question 1252
- Question
- Answer
- Explanation
- CISA Question 1253
- Question
- Answer
- Explanation
- CISA Question 1254
- Question
- Answer
- Explanation
- CISA Question 1255
- Question
- Answer
- Explanation
- CISA Question 1256
- Question
- Answer
- Explanation
- CISA Question 1257
- Question
- Answer
- Explanation
- CISA Question 1258
- Question
- Answer
- Explanation
- CISA Question 1259
- Question
- Answer
- Explanation
- CISA Question 1260
- Question
- Answer
- Explanation
CISA Question 1251
Question
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:
A. cold site.
B. warm site.
C. dial-up site.
D. duplicate processing facility.
Answer
A. cold site.
Explanation
A cold site is ready to receive equipment but does not offer any components at the site in advance of the need.
CISA Question 1252
Question
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check
Answer
B. Check digit
Explanation
A check digit is a numeric value that is calculated mathematically and is appended to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted. This control is effective in detecting transposition and transcription errors. A range check is checking data that matches a predetermined range of values. A validity check is programmed checking of the data validity in accordance with predetermined criteria. In a duplicate check, newer fresh transactions are matched to those previously entered to ensure that they are not already in the system.
CISA Question 1253
Question
Structured programming is BEST described as a technique that:
A. provides knowledge of program functions to other programmers via peer reviews.
B. reduces the maintenance time of programs by the use of small-scale program modules.
C. makes the readable coding reflect as closely as possible the dynamic execution of the program.
D. controls the coding and testing of the high-level functions of the program in the development process.
Answer
B. reduces the maintenance time of programs by the use of small-scale program modules.
Explanation
A characteristic of structured programming is smaller, workable units. Structured programming has evolved because smaller, workable units are easier to maintain. Structured programming is a style of programming which restricts the kinds of control structures. This limitation is not crippling. Any program can be written with allowed control structures. Structured programming is sometimes referred to as go-to-less programming, since a go-to statement is not allowed. This is perhaps the most well-known restriction of the style, since go-to statements were common at the time structured programming was becoming more popular.
Statement labels also become unnecessary, except in languages where subroutines are identified by labels.
CISA Question 1254
Question
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:
A. dials back to the user machine based on the user id and password using a telephone number from its database.
B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection.
C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database.
D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender’s database.
Answer
A. dials back to the user machine based on the user id and password using a telephone number from its database.
Explanation
A call-back system in a net centric environment would mean that a user with an id and password calls a remote server through a dial-up line first, and then the server disconnects and dials back to the user machine based on the user id and password using a telephone number from its database. Although the server can depend upon its own database, it cannot know the authenticity of the dialer when the user dials again. The server cannot depend upon the sender’s database to dial back as the same could be manipulated.
CISA Question 1255
Question
Which of the following is a benefit of using callback devices?
A. Provide an audit trail
B. Can be used in a switchboard environment
C. Permit unlimited user mobility
D. Allow call forwarding
Answer
A. Provide an audit trail
Explanation
A callback feature hooks into the access control software and logs all authorized and unauthorized access attempts, permitting the follow-up and further review of potential breaches. Call forwarding (choice D) is a means of potentially bypassing callback control. By dialing through an authorized phone number from an unauthorized phone number, a perpetrator can gain computer access. This vulnerability can be controlled through callback systems that are available.
CISA Question 1256
Question
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway
Answer
B. Bridge
Explanation
A bridge connects two separate networks to form a logical network (e.g., joining an Ethernet and token network) and has the storage capacity to store frames and act as a storage and forward device. Bridges operate at the OSI data link layer by examining the media access control header of a data packet.
CISA Question 1257
Question
Which of the following is MOST likely to result from a business process reengineering (BPR) Project?
A. An increased number of people using technology
B. Significant cost saving, through a reduction the complexity of information technology
C. A weaker organizational structures and less accountability
D. Increased information protection (IP) risk will increase
Answer
A. An increased number of people using technology
Explanation
A BPR project more often leads to an increased number of people using technology, and this would be a cause for concern. Incorrect answers:
B. As BPR is often technology oriented, and this technology is usually more complex and volatile than in the past, cost savings do not often materialize in this area.
D. There is no reason for IP to conflict with a BPR project, unless the project is not run properly.
CISA Question 1258
Question
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Blackbox test
B. Desk checking
C. Structured walk-through
D. Design and code
Answer
A. Blackbox test
Explanation
A blackbox test is a dynamic analysis tool for testing software modules. During the testing of software modules, a blackbox test works first in a cohesive manner as one single unit/entity, consisting of numerous modules and second, with the user data that flows across software modules. In some cases, this even drives the software behavior. In choices B, C and D, the software (design or code) remains static and someone closely examines it by applying their mind, without actually activating the software. Therefore, these cannot be referred to as dynamic analysis tools.
CISA Question 1259
Question
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report
Answer
D. A before-and-after maintenance report
Explanation
A before-and-after maintenance report is the best answer because a visual review would provide the most positive verification that updating was proper.
CISA Question 1260
Question
IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations
Answer
D. Inability to perform data intensive operations
Explanation
4GLs are usually not suitable for data intensive operations. Instead, they are used mainly for graphic user interface (GUI) design or as simple query/report generators.