The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 531
- Question
- Answer
- Explanation
- CISA Question 532
- Question
- Answer
- Explanation
- CISA Question 533
- Question
- Answer
- Explanation
- CISA Question 534
- Question
- Answer
- Explanation
- CISA Question 535
- Question
- Answer
- Explanation
- CISA Question 536
- Question
- Answer
- Explanation
- CISA Question 537
- Question
- Answer
- Explanation
- CISA Question 538
- Question
- Answer
- Explanation
- CISA Question 539
- Question
- Answer
- Explanation
- CISA Question 540
- Question
- Answer
- Explanation
CISA Question 531
Question
Ideally, stress testing should be carried out in a:
A. test environment using test data.
B. production environment using live workloads.
C. test environment using live workloads.
D. production environment using test data.
Answer
C. test environment using live workloads.
Explanation
Stress testing is carried out to ensure a system can cope with production workloads. A test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment (choices Band D), and if only test data is used, there is no certainty that the system was stress tested adequately.
CISA Question 532
Question
Which of the following is the most important element in the design of a data warehouse?
A. Quality of the metadata
B. Speed of the transactions
C. Volatility of the data
D. Vulnerability of the system
Answer
A. Quality of the metadata
Explanation
Quality of the metadata is the most important element in the design of a data warehouse. A data warehouse is a copy of transaction data specifically structured for query and analysis. Metadata aim to provide a table of contents to the information stored in the data warehouse.
Companies that have built warehouses believe that metadata are the most important component of the warehouse.
CISA Question 533
Question
An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations.
Which of the following would be a strength of an IDE?
A. Controls the proliferation of multiple versions of programs
B. Expands the programming resources and aids available
C. Increases program and processing integrity
D. Prevents valid changes from being overwritten by other changes
Answer
B. Expands the programming resources and aids available
Explanation
A strength of an IDE is that it expands the programming resources and aids available. The other choices are IDE weaknesses.
CISA Question 534
Question
Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?
A. System testing
B. Acceptance testing
C. Integration testing
D. Unit testing
Answer
B. Acceptance testing
Explanation
Acceptance testing is the final stage before the software is installed and is available for use. The greatest impact would occur if the software fails at the acceptance testing level, as this could result in delays and cost overruns. System testing is undertaken by the developer team to determine if the software meets user requirements per specifications. Integration testing examines the units/modules as one integrated system and unit testing examines the individual units or components of the software. System, integration and unit testing are all performed by the developers at various stages of development; the impact of failure is comparatively less for each than failure at the acceptance testing stage.
CISA Question 535
Question
During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:
A. test the software for compatibility with existing hardware.
B. perform a gap analysis.
C. review the licensing policy.
D. ensure that the procedure had been approved.
Answer
D. ensure that the procedure had been approved.
Explanation
In the case of a deviation from the predefined procedures, an IS auditor should first ensure that the procedure followed for acquiring the software is consistent with the business objectives and has been approved by the appropriate authorities. The other choices are not the first actions an IS auditor should take. They are steps that may or may not be taken after determining that the procedure used to acquire the software had been approved.
CISA Question 536
Question
An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:
A. continuous improvement.
B. quantitative quality goals.
C. a documented process.
D. a process tailored to specific projects.
Answer
A. continuous improvement.
Explanation
An organization would have reached the highest level of the software CMM at level 5, optimizing. Quantitative quality goals can be reached at level 4 and below, a documented process is executed at level 3 and below, and a process tailored to specific projects can be achieved at level 3 or below.
CISA Question 537
Question
A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?
A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies
B. Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing
C. Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format
D. Reengineering the existing processing and redesigning the existing system
Answer
C. Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format
Explanation
EDI is the best answer. Properly implemented (e.g., agreements with trading partner’s transaction standards, controls over network security mechanisms in conjunction with application controls), EDI is best suited to identify and follow up on errors more quickly, given reduced opportunities for review and authorization.
CISA Question 538
Question
An appropriate control for ensuring the authenticity of orders received in an EDI application is to:
A. acknowledge receipt of electronic orders with a confirmation message.
B. perform reasonableness checks on quantities ordered before filling orders.
C. verify the identity of senders and determine if orders correspond to contract terms.
D. encrypt electronic orders.
Answer
C. verify the identity of senders and determine if orders correspond to contract terms.
Explanation
An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern. Acknowledging the receipt of electronic orders with a confirming message is good practice but will not authenticate orders from customers. Performing reasonableness checks on quantities ordered before placing orders is a control for ensuring the correctness of the company’s orders, not the authenticity of its customers’ orders. Encrypting sensitive messages is an appropriate step but does not apply to messages received.
CISA Question 539
Question
The MAIN purpose of a transaction audit trail is to:
A. reduce the use of storage media.
B. determine accountability and responsibility for processed transactions.
C. help an IS auditor trace transactions.
D. provide useful information for capacity planning.
Answer
B. determine accountability and responsibility for processed transactions.
Explanation
Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.
CISA Question 540
Question
Which of the following is the GREATEST risk to the effectiveness of application system controls?
A. Removal of manual processing steps
B. inadequate procedure manuals
C. Collusion between employees
D. Unresolved regulatory compliance issues
Answer
C. Collusion between employees
Explanation
Collusion is an active attack that can be sustained and is difficult to identify since even well-thought-out application controls may be circumvented. The other choices do not impact well-designed application controls.