Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 6

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 521

Question

The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

A. rules.
B. decision trees.
C. semantic nets.
D. dataflow diagrams.

Answer

B. decision trees.

Explanation

Decision trees use questionnaires to lead a user through a series of choices until a conclusion is reached. Rules refer to the expression of declarative knowledge through the use of if-then relationships. Semantic nets consist of a graph in which nodes represent physical or conceptual objects and the arcs describe the relationship between the nodes. Semantic nets resemble a dataflow diagram and make use of an inheritance mechanism to prevent duplication of data.

CISA Question 522

Question

Which of the following is the PRIMARY purpose for conducting parallel testing?

A. To determine if the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements

Answer

D. To ensure the new system meets user requirements

Explanation

The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements. Parallel testing may show that the old system is, in fact, better than the new system, but this is not the primary reason. Unit and system are completed before parallel testing. Program interfaces with files are tested for errors during system testing.

CISA Question 523

Question

An IS auditor’s PRIMARY concern when application developers wish to use a copy of yesterday’s production transaction file for volume tests is that:

A. users may prefer to use contrived data for testing.
B. unauthorized access to sensitive data may result.
C. error handling and credibility checks may not be fully proven.
D. the full functionality of the new process may not necessarily be tested.

Answer

B. unauthorized access to sensitive data may result.

Explanation

Unless the data are sanitized, there is a risk of disclosing sensitive data.

CISA Question 524

Question

An advantage of using sanitized live transactions in test data is that:

A. all transaction types will be included.
B. every error condition is likely to be tested.
C. no special routines are required to assess the results.
D. test transactions are representative of live processing.

Answer

D. test transactions are representative of live processing.

Explanation

Test data will be representative of live processing; however, it is unlikely that all transaction types or error conditions will be tested in this way.

CISA Question 525

Question

A decision support system (DSS):

A. is aimed at solving highly structured problems.
B. combines the use of models with nontraditional data access and retrieval functions.
C. emphasizes flexibility in the decision making approach of users.
D. supports only structured decision making tasks.

Answer

C. emphasizes flexibility in the decision making approach of users.

Explanation

DSS emphasizes flexibility in the decision making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions, and supports semi structured decision making tasks.

CISA Question 526

Question

Which of the following is an advantage of prototyping?

A. The finished system normally has strong internal controls.
B. Prototype systems can provide significant time and cost savings.
C. Change control is often less complicated with prototype systems.
D. it ensures that functions or extras are not added to the intended system.

Answer

B. Prototype systems can provide significant time and cost savings.

CISA Question 527

Question

When implementing an application software package, which of the following presents the GREATEST risk?

A. Uncontrolled multiple software versions
B. Source programs that are not synchronized with object code
C. incorrectly set parameters
D. Programming errors.

Answer

C. incorrectly set parameters

Explanation

Parameters that are not set correctly would be the greatest concern when implementing an application software package. The other choices, though important, are a concern of the provider, not the organization that is implementing the software itself.

CISA Question 528

Question

Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?

A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique

Answer

C. Rapid application development

Explanation

Rapid application development is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality. The program evaluation review technique (PERT) and critical path methodology (CPM) are both planning and control techniques, while function point analysis is used for estimating the complexity of developing business applications.

CISA Question 529

Question

The phases and deliverables of a system development life cycle (SDLC) project should be determined:

A. during the initial planning stages of the project.
B. after early planning has been completed, but before work has begun.
C. throughout the work stages, based on risks and exposures.
D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.

Answer

A. during the initial planning stages of the project.

Explanation

It is extremely important that the project be planned properly and that the specific phases and deliverables be identified during the early stages of the project.

CISA Question 530

Question

Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?

A. inheritance
B. Dynamic warehousing
C. Encapsulation
D. Polymorphism

Answer

C. Encapsulation

Explanation

Encapsulation is a property of objects, and it prevents accessing either properties or methods that have not been previously defined as public.
This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only that which belongs to that interface can be accessed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker