The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 511
- Question
- Answer
- Explanation
- CISA Question 512
- Question
- Answer
- Explanation
- CISA Question 513
- Question
- Answer
- Explanation
- CISA Question 514
- Question
- Answer
- Explanation
- CISA Question 515
- Question
- Answer
- Explanation
- CISA Question 516
- Question
- Answer
- Explanation
- CISA Question 517
- Question
- Answer
- Explanation
- CISA Question 518
- Question
- Answer
- Explanation
- CISA Question 519
- Question
- Answer
- Explanation
- CISA Question 520
- Question
- Answer
- Explanation
CISA Question 511
Question
During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:
A. increased maintenance.
B. improper documentation of testing.
C. inadequate functional testing.
D. delays in problem resolution.
Answer
C. inadequate functional testing.
Explanation
The major risk of combining quality assurance testing and user acceptance testing is that functional testing may be inadequate. Choices A, B and D are not as important.
CISA Question 512
Question
Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:
A. existence of a set of functions and their specified properties.
B. ability of the software to be transferred from one environment to another.
C. capability of software to maintain its level of performance under stated conditions.
D. relationship between the performance of the software and the amount of resources used.
Answer
A. existence of a set of functions and their specified properties.
Explanation
Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs. Choice B refers to portability; choice C refers to reliability and choice D refers to efficiency.
CISA Question 513
Question
Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?
A. Intrusion detection systems
B. Data mining techniques
C. Firewalls
D. Packet filtering routers
Answer
B. Data mining techniques
Explanation
Data mining is a technique used to detect trends or patterns of transactions or data. If the historical pattern of charges against a credit card account is changed, then it is a flag that the transaction may have resulted from a fraudulent use of the card.
CISA Question 514
Question
The MOST likely explanation for the use of applets in an Internet application is that:
A. it is sent over the network from the server.
B. the server does not run the program and the output is not sent over the network.
C. they improve the performance of the web server and network.
D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine.
Answer
C. they improve the performance of the web server and network.
Explanation
An applet is a JAVA program that is sent over the network from the web server, through a web browser and to the client machine; the code is then run on the machine. Since the server does not run the program and the output is not sent over the network, the performance on the web server and network-over which the server and client are connected-drastically improves through the use of applets. Performance improvement is more important than the reasons offered in choices A and B. Since JAVA virtual machine (JVM) is embedded in most web browsers, the applet download through the web browser runs on the client machine from the web browser, not from the web server, making choice D incorrect.
CISA Question 515
Question
An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:
A. a backup server be available to run ETCS operations with up-to-date data.
B. a backup server be loaded with all the relevant software and data.
C. the systems staff of the organization be trained to handle any event.
D. source code of the ETCS application be placed in escrow.
Answer
D. source code of the ETCS application be placed in escrow.
Explanation
Whenever proprietary application software is purchased, the contract should provide for a source code agreement. This will ensure that the purchasing company will have the opportunity to modify the software should the vendor cease to be in business. Having a backup server with current data and staff training is critical but not as critical as ensuring the availability of the source code.
CISA Question 516
Question
When a new system is to be implemented within a short time frame, it is MOST important to:
A. finish writing user manuals.
B. perform user acceptance testing.
C. add last-minute enhancements to functionalities.
D. ensure that the code has been documented and reviewed.
Answer
B. perform user acceptance testing.
Explanation
It would be most important to complete the user acceptance testing to ensure that the system to be implemented is working correctly. The completion of the user manuals is similar to the performance of code reviews. If time is tight, the last thing one would want to do is add another enhancement, as it would be necessary to freeze the code and complete the testing, then make any other changes as future enhancements. It would be appropriate to have the code documented and reviewed, but unless the acceptance testing is completed, there is no guarantee that the system will work correctly and meet user requirement.
CISA Question 517
Question
Which of the following should be included in a feasibility study for a project to implement an EDI process?
A. The encryption algorithm format
B. The detailed internal control procedures
C. The necessary communication protocols
D. The proposed trusted third-party agreement
Answer
C. The necessary communication protocols
Explanation
Encryption algorithms, third-party agreements and internal control procedures are too detailed for this phase. They would only be outlined and any cost or performance implications shown. The communications protocols must be included, as there may be significant cost implications if new hardware and software are involved, and risk implications if the technology is new to the organization.
CISA Question 518
Question
The use of object-oriented design and development techniques would MOST likely:
A. facilitate the ability to reuse modules.
B. improve system performance.
C. enhance control effectiveness.
D. speed up the system development life cycle.
Answer
A. facilitate the ability to reuse modules.
Explanation
One of the major benefits of object-oriented design and development is the ability to reuse modules. The other options do not normally benefit from the object- oriented technique.
CISA Question 519
Question
During which of the following phases in system development would user acceptance test plans normally be prepared?
A. Feasibility study
B. Requirements definition
C. implementation planning
D. Postimplementation review
Answer
B. Requirements definition
Explanation
During requirements definition, the project team will be working with the users to define their precise objectives and functional needs. At this time, the users should be working with the team to consider and document hot the system functionality can be tested ensure it meets their stated needs. The feasibility study is too early for such detailed user involvement, and the implementation planning and postimplementation review phases are too late. An IS auditor should know at what point user testing should be planned to ensure it is most effective and efficient.
CISA Question 520
Question
An advantage in using a bottom-up vs. a top-down approach to software testing is that:
A. interface errors are detected earlier.
B. confidence in the system is achieved earlier.
C. errors in critical modules are detected earlier.
D. major functions and processing are tested earlier.
Answer
C. errors in critical modules are detected earlier.
Explanation
The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that there is no need for stubs or drivers and errors in critical modules are found earlier. The other choices in this question all refer to advantages of a top-down approach, which follows the opposite path, either in depth-first or breadth-first search order.