Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 26

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 2711

Question

Who provides the funding to the project and works closely with the project manager to define critical success factor (CSF)?

A. Project Sponsor
B. Security Officer
C. User Management
D. Senior Management

Answer

A. Project Sponsor

Explanation

Project sponsor provides funding for the project and works closely with the project manager to define critical success factor(CSFs) and metrics for measuring the success of the project. It is crucial that success is translated to measurable and quantifiable terms. Data and application ownership are assigned to a project sponsor. A project sponsor is typically the senior manager in charge of the primary business unit that the application will support.

For the CISA exam you should know the information below about roles and responsibilities of groups/individuals that may be involved in the development process are summarized below:
Senior Management – Demonstrate commitment to the project and approves the necessary resources to complete the project. This commitment from senior management helps ensure involvement by those needed to complete the project.
User Management – Assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirement definitions, test case development, acceptance testing and user training. User management is concerned primarily with the following questions:
Are the required functions available in the software?
How reliable is the software?
How effective is the software?
Is the software easy to use?
How easy is to transfer or adapt old data from preexisting software to this environment?
Is it possible to add new functions?
Does it meet regulatory requirement?
Project Steering Committee – Provides overall directions and ensures appropriate representation of the major stakeholders in the project’s outcome. The project steering committee is ultimately responsible for all deliverables, project costs and schedules. This committee should be compromised of senior representative from each business area that will be significantly impacted by the proposed new system or system modifications.
System Development Management – Provides technical support for hardware and software environment by developing, installing and operating the requested system.
Project Manager – Provides day-to-day management and leadership of the project, ensures that project activities remain in line with the overall directions, ensures appropriate representation of the affected departments, ensures that the project adheres local standards, ensures that deliverable meet the quality expectation of key stakeholder, resolve interdepartmental conflict, and monitors and controls cost of the project timetables.
Project Sponsor – Project sponsor provides funding for the project and works closely with the project manager to define critical success factor(CSFs) and metrics for measuring the success of the project. It is crucial that success is translated to measurable and quantifiable terms.
Data and application ownership are assigned to a project sponsor. A project sponsor is typically the senior manager in charge of the primary business unit that the application will support.
System Development Project Team – Completes assigned tasks, communicates effectively with user by actively involving them in the development process, works according to local standards, and advise the project manager of necessary plan deviations.
User Project Team – Completes assigned tasks, communicate effectively with the system developers by actively involving themselves in the development process as Subject Matter Expert (SME) and works according to local standards, and advise the project manager of expected and actual project deviations.
Security Officer – Ensures that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures: consult throughout the life cycle on appropriate security measures that should be incorporated into the system.
Quality Assurance – Personnel who review result and deliverables within each phase and at the end of each phase, and confirm compliance with requirements.
Their objective is to ensure that the quality of the project by measuring adherence of the project staff to the organization’s software development life cycle (SDLC), advise on the deviation and propose recommendation for process improvement or greater control points when deviation occur.

The following were incorrect answers:
Security Officer – Ensures that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures: consult throughout the life cycle on appropriate security measures that should be incorporated into the system.
User Management – Assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirement definitions, test case development, acceptance testing and user training.
Senior Management – Demonstrate commitment to the project and approves the necessary resources to complete the project. This commitment from senior management helps ensure involvement by those needed to complete the project.

CISA Question 2712

Question

For an auditor, it is very important to understand the different forms of project organization and their implication in the control of project management activities. In which of the following project organization form is management authority shared between the project manager and the department head?

A. Influence project organization
B. Pure project organization
C. Matrix project organization
D. Forward project organization

Answer

C. Matrix project organization

Explanation

For CISA exam you should know the information below about Project Organizational Forms.
Three major forms of organizational alignment for project management within business organization are observe:
Influence project organization – The project manager has only a staff function without formal management authority. The project manager is only allowed to advise peers and team members as to which activities should be completed.
Pure project organization – The project manager has formal authority over those taking part in the project. Often this is bolstered by providing a special working area for the project team that is separated from their normal office space.
Matrix project organization – Management authority is shared between the project manager and the department head.
Request for the major project should be submitted to and prioritize by the IS steering committee. A project manager should be identified and appointed by the IS steering committee. The project manager, who need not be an IS staff member

The following were incorrect answers:
Influence project organization – The project manager has only a staff function without formal management authority. The project manager is only allowed to advise peers and team members as to which activities should be completed.
Pure project organization – The project manager has formal authority over those taking part in the project. Often this is bolstered by providing a special working area for the project team that is separated from their normal office space.
Forward project organization- Not a valid type of project organization form.

CISA Question 2713

Question

Which of the following is the BEST way to detect software license violations?

A. Implementing a corporate policy on copyright infringements and software use.
B. Requiring that all PCs be diskless workstations.
C. Installing metering software on the LAN so applications can be accessed through the metered software.
D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Answer

D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Explanation

The best way to prevent and detect software license violations is to regularly scan used PCs, either from the LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC.
Other options are not detective.
A corporate policy is not necessarily enforced and followed by all employees.
Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.

CISA Question 2714

Question

Which of the following characteristics pertaining to databases is not true?

A. A data model should exist and all entities should have a significant name.
B. Justifications must exist for normalized data.
C. No NULLs should be allowed for primary keys.
D. All relations must have a specific cardinality.

Answer

B. Justifications must exist for normalized data.

Explanation

Justifications should be provided when data is renormalized, not when it is normalized, because it introduces risk of data inconsistency.
Renormalization is usually introduced for performance purposes.

CISA Question 2715

Question

What is the most effective means of determining that controls are functioning properly within an operating system?

A. Interview with computer operator
B. Review of software control features and/or parameters
C. Review of operating system manual
D. Interview with product vendor

Answer

B. Review of software control features and/or parameters

Explanation

Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging.
Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system’s integrity.
The operating system manual should provide information as to what settings can be used but will not likely give any hint as to how parameters are actually set.
The product vendor and computer operator are not necessarily aware of the detailed setting of all parameters.
The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented.
A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, miscon figurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment.

CISA Question 2716

Question

Which of the following is NOT a defined ISO basic task related to network management?

A. Fault management
B. Accounting resources
C. Security management
D. Communications management

Answer

D. Communications management

Explanation

Fault management: Detects the devices that present some kind of fault.
Configuration management: Allows users to know, define and change remotely the configuration of any device.
Accounting resources: Holds the records of the resource usage in the WAN.
Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed.
Security management: Detects suspicious traffic or users and generates alarms accordingly.

CISA Question 2717

Question

Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption?

A. Application layer
B. Session layer
C. Presentation layer
D. Transport layer

Answer

C. Presentation layer

Explanation

The presentation layer (ISO/OSI layer 6) performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption, text compression and reformatting. The function of the presentation layer is to ensure that the format of the data submitted by the application layer conforms to the applicable network standard.

CISA Question 2718

Question

Which of the following is not a common method of multiplexing data?

A. Analytical multiplexing
B. Time-division multiplexing
C. Asynchronous time-division multiplexing
D. Frequency division multiplexing

Answer

A. Analytical multiplexing

Explanation

Generally, the methods for multiplexing data include the following:
Time-division multiplexing (TDM): information from each data channel is allocated bandwidth based on pre-assigned time slots, regardless of whether there is data to transmit.
Asynchronous time-division multiplexing (ATDM): information from data channels is allocated bandwidth as needed, via dynamically assigned time slots.
Frequency division multiplexing (FDM): information from each data channel is allocated bandwidth based on the signal frequency of the traffic.
Statistical multiplexing: Bandwidth is dynamically allocated to any data channels that have information to transmit.

CISA Question 2719

Question

Why would a database be renormalized?

A. To ensure data integrity
B. To increase processing efficiency
C. To prevent duplication of data
D. To save storage space

Answer

B. To increase processing efficiency

Explanation

A database is renormalized when there is a need to improve processing efficiency.
There is, however, a risk to data integrity when this occurs. Since it implies the introduction of duplication, it will not likely allow saving of storage space.

CISA Question 2720

Question

Which of the following transmission media would NOT be affected by cross talk or interference?

A. Copper cable
B. Radio System
C. Satellite radio link
D. Fiber optic cables

Answer

D. Fiber optic cables

Explanation

Only fiber optic cables are not affected by crosstalk or interference.

For your exam you should know the information about transmission media:
Copper Cable – Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Copper has been used in electric wiring since the invention of the electromagnet and the telegraph in the 1820s.The invention of the telephone in 1876 created further demand for copper wire as an electrical conductor.
Copper is the electrical conductor in many categories of electrical wiring. Copper wire is used in power generation, power transmission, power distribution, telecommunications, electronics circuitry, and countless types of electrical equipment. Copper and its alloys are also used to make electrical contacts. Electrical wiring in buildings is the most important market for the copper industry. Roughly half of all copper mined is used to manufacture electrical wire and cable conductors.

Copper Cable

Coaxial cable – Coaxial cable, or coax (pronounced ‘ko.aks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket. The term coaxial comes from the inner conductor and the outer shield sharing a geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who patented the design in 1880.Coaxial cable differs from other shielded cable used for carrying lower-frequency signals, such as audio signals, in that the dimensions of the cable are controlled to give a precise, constant conductor spacing, which is needed for it to function efficiently as a radio frequency transmission line.
Coaxial cable is expensive and does not support many LAN’s. It supports data and video.

Coaxial Cable

Fiber optics – An optical fiber cable is a cable containing one or more optical fibers that are used to carry light. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. Different types of cable are used for different applications, for example long distance telecommunication, or providing a high-speed data connection between different parts of a building.
Fiber optics used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video.

Radio System – Radio systems are used for short distance, cheap and easy to tap.
Radio is the radiation (wireless transmission) of electromagnetic signals through the atmosphere or free space.
Information, such as sound, is carried by systematically changing (modulating) some property of the radiated waves, such as their amplitude, frequency, phase, or pulse width. When radio waves strike an electrical conductor, the oscillating fields induce an alternating current in the conductor. The information in the waves can be extracted and transformed back into its original form.

Fiber Optics

Microwave radio system – Microwave transmission refers to the technology of transmitting information or energy by the use of radio waves whose wavelengths are conveniently measured in small numbers of centimeter; these are called microwaves.
Microwaves are widely used for point-to-point communications because their small wavelength allows conveniently-sized antennas to direct them in narrow beams, which can be pointed directly at the receiving antenna. This allows nearby microwave equipment to use the same frequencies without interfering with each other, as lower frequency radio waves do. Another advantage is that the high frequency of microwaves gives the microwave band a very large information-carrying capacity; the microwave band has a bandwidth 30 times that of all the rest of the radio spectrum below it. A disadvantage is that microwaves are limited to line of sight propagation; they cannot pass around hills or mountains as lower frequency radio waves can.
Microwave radio transmission is commonly used in point-to-point communication systems on the surface of the Earth, in satellite communications, and in deep space radio communications. Other parts of the microwave radio band are used for radars, radio navigation systems, sensor systems, and radio astronomy.
Microwave radio systems are carriers for voice data signal, cheap and easy to tap.

Microwave Radio System

Satellite Radio Link – Satellite radio is a radio service broadcast from satellites primarily to cars, with the signal broadcast nationwide, across a much wider geographical area than terrestrial radio stations. It is available by subscription, mostly commercial free, and offers subscribers more stations and a wider variety of programming options than terrestrial radio.
Satellite radio link uses transponder to send information and easy to tap.

The following answers are incorrect:
Copper Cable – Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Radio System – Radio systems are used for short distance, cheap and easy to tap.
Satellite Radio Link – Satellite radio link uses transponder to send information and easy to tap.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker