The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 501
- Question
- Answer
- Explanation
- CISA Question 502
- Question
- Answer
- Explanation
- CISA Question 503
- Question
- Answer
- Explanation
- CISA Question 504
- Question
- Answer
- Explanation
- CISA Question 505
- Question
- Answer
- Explanation
- CISA Question 506
- Question
- Answer
- Explanation
- CISA Question 507
- Question
- Answer
- Explanation
- CISA Question 508
- Question
- Answer
- Explanation
- CISA Question 509
- Question
- Answer
- Explanation
- CISA Question 510
- Question
- Answer
- Explanation
CISA Question 501
Question
Which of the following is an advantage of the top-down approach to software testing?
A. Interface errors are identified early
B. Testing can be started before all programs are complete
C. it is more effective than other testing approaches
D. Errors in critical modules are detected sooner
Answer
A. Interface errors are identified early
Explanation
The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D are advantages of the bottom-up approach to system testing.
CISA Question 502
Question
During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:
A. test data covering critical applications.
B. detailed test plans.
C. quality assurance test specifications.
D. user acceptance testing specifications
Answer
D. user acceptance testing specifications
Explanation
A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user. The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase.
CISA Question 503
Question
Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?
A. Bottom up
B. Sociability testing
C. Top-down
D. System test
Answer
C. Top-down
Explanation
The top-down approach to testing ensures that interface errors are detected early and that testing of major functions is conducted early. A bottom-up approach to testing begins with atomic units, such as programs and modules, and works upward until a complete system test has taken place. Sociability testing and system tests take place at a later stage in the development process.
CISA Question 504
Question
During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A. buffer overflow.
B. brute force attack.
C. distributed denial-of-service attack.
D. war dialing attack.
Answer
A. buffer overflow.
Explanation
Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute force attack is used to crack passwords. A distributed denial- of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.
CISA Question 505
Question
Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?
A. A sufficient quantity of data for each test case
B. Data representing conditions that are expected in actual processing
C. Completing the test on schedule
D. A random sample of actual data
Answer
B. Data representing conditions that are expected in actual processing
Explanation
Selecting the right kind of data is key in testing a computer system. The data should not only include valid and invalid data but should be representative of actual processing; quality is more important than quantity. It is more important to have adequate test data than to complete the testing on schedule. It is unlikely that a random sample of actual data would cover all test conditions and provide a reasonable representation of actual data.
CISA Question 506
Question
The waterfall life cycle model of software development is most appropriately used when:
A. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.
B. requirements are well understood and the project is subject to time pressures.
C. the project intends to apply an object-oriented design and programming approach.
D. the project will involve the use of new technology.
Answer
A. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.
Explanation
Historically, the waterfall model has been best suited to the stable conditions described in choice A. When the degree of uncertainty of the system to be delivered and the conditions in which it will be used rises, the waterfall model has not been successful, in these circumstances, the various forms of iterative development life cycle gives the advantage of breaking down the scope of the overall system to be delivered, making the requirements gathering and design activities more manageable. The ability to deliver working software earlier also acts to alleviate uncertainty and may allow an earlier realization of benefits. The choice of a design and programming approach is not itself a determining factor of the type of software development life cycle that is appropriate. The use of new technology in a project introduces a significant element of risk. An iterative form of development, particularly one of the agile methods that focuses on early development of actual working software, is likely to be the better option to manage this uncertainty.
CISA Question 507
Question
By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:
A. reliable products are guaranteed.
B. programmers’ efficiency is improved.
C. security requirements are designed.
D. predictable software processes are followed.
Answer
D. predictable software processes are followed.
Explanation
By evaluating the organization’s development projects against the CMM, an IS auditor determines whether the development organization follows a stable, predictable software process. Although the likelihood of success should increase as the software processes mature toward the optimizing level, mature processes do not guarantee a reliable product. CMM does not evaluate technical processes such as programming nor does it evaluate security requirements or other application controls.
CISA Question 508
Question
The GREATEST benefit in implementing an expert system is the:
A. capturing of the knowledge and experience of individuals in an organization.
B. sharing of knowledge in a central repository.
C. enhancement of personnel productivity and performance.
D. reduction of employee turnover in key departments.
Answer
A. capturing of the knowledge and experience of individuals in an organization.
Explanation
The basis for an expert system is the capture and recording of the knowledge and experience of individuals in an organization. Coding and entering the knowledge in a central repository, shareable within the enterprise, is a means of facilitating the expert system. Enhancing personnel productivity and performance is a benefit; however, it is not as important as capturing the knowledge and experience. Employee turnover is not necessarily affected by an expert system.
CISA Question 509
Question
An IS auditor reviewing a proposed application software acquisition should ensure that the:
A. operating system (OS) being used is compatible with the existing hardware platform.
B. planned OS updates have been scheduled to minimize negative impacts on company needs.
C. OS has the latest versions and updates.
D. products are compatible with the current or planned OS.
Answer
D. products are compatible with the current or planned OS.
Explanation
Choices A, B and C are incorrect because none of them are related to the area being audited. In reviewing the proposed application, the auditor should ensure that the products to be purchased are compatible with the current or planned OS. Regarding choice, A, if the OS is currently being used, it is compatible with the existing hardware platform, because if it is not it would not operate properly. In choice B, the planned OS updates should be scheduled to minimize negative impacts on the organization. For choice C, the installed OS should be equipped with the most recent versions and updates (with sufficient history and stability).
CISA Question 510
Question
The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it:
A. facilitates user involvement.
B. allows early testing of technical features.
C. facilitates conversion to the new system.
D. shortens the development time frame.
Answer
D. shortens the development time frame.
Explanation
The greatest advantage of RAD is the shorter time frame for the development of a system. Choices A and B are true, but they are also true for the traditional systems development life cycle. Choice C is not necessarily always true.