The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 541
- Question
- Answer
- Explanation
- CISA Question 542
- Question
- Answer
- Explanation
- CISA Question 543
- Question
- Answer
- Explanation
- CISA Question 544
- Question
- Answer
- Explanation
- CISA Question 545
- Question
- Answer
- Explanation
- CISA Question 546
- Question
- Answer
- Explanation
- CISA Question 547
- Question
- Answer
- Explanation
- CISA Question 548
- Question
- Answer
- Explanation
- CISA Question 549
- Question
- Answer
- Explanation
- CISA Question 550
- Question
- Answer
- Explanation
CISA Question 541
Question
Which of the following will BEST ensure the successful offshore development of business applications?
A. Stringent contract management practices
B. Detailed and correctly applied specifications
C. Awareness of cultural and political differences
D. Post implementation reviews
Answer
B. Detailed and correctly applied specifications
Explanation
When dealing with offshore operations, it is essential that detailed specifications be created. Language differences and a lack of interaction between developers and physically remote end users could create gaps in communication in which assumptions and modifications may not be adequately communicated. Contract management practices, cultural and political differences, and post implementation reviews, although important, are not as pivotal to the success of the project.
CISA Question 542
Question
Which of the following is the GREATEST risk when implementing a data warehouse?
A. increased response time on the production systems
B. Access controls that are not adequate to prevent data modification
C. Data duplication
D. Data that is not updated or current
Answer
B. Access controls that are not adequate to prevent data modification
Explanation
Once the data is in a warehouse, no modifications should be made to it and access controls should be in place to prevent data modification.
Increased response time on the production systems is not a risk, because a data warehouse does not impact production data. Based on data replication, data duplication is inherent in a data warehouse. Transformation of data from operational systems to a data warehouse is done at predefined intervals, and as such, data may not be current.
CISA Question 543
Question
What control detects transmission errors by appending calculated bits onto the end of each segment of data?
A. Reasonableness check
B. Parity check
C. Redundancy check
D. Check digits
Answer
C. Redundancy check
Explanation
A redundancy check detects transmission errors by appending calculated bits onto the end of each segment of data. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the data. A parity check is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission.
Check digits detect transposition and transcription errors.
CISA Question 544
Question
What process uses test data as part of a comprehensive test of program controls in a continuous online manner?
A. Test data/deck
B. Base-case system evaluation
C. Integrated test facility (ITF)
D. Parallel simulation
Answer
B. Base-case system evaluation
Explanation
A base-case system evaluation uses test data sets developed as part of comprehensive testing programs, it is used to verify correct systems operations before acceptance, as well as periodic validation. Test data/deck simulates transactions through real programs. An ITF creates fictitious files in the database with test transactions processed simultaneously with live input. Parallel simulation is the production of data processed using computer programs that simulate application program logic.
CISA Question 545
Question
A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:
A. validation controls.
B. internal credibility checks.
C. clerical control procedures.
D. automated systems balancing.
Answer
D. automated systems balancing.
Explanation
Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction. Validation controls and internal credibility checks are certainly valid controls, but will not detect and report lost transactions. In addition, although a clerical procedure could be used to summarize and compare inputs and outputs, an automated process is less susceptible to error.
CISA Question 546
Question
Functional acknowledgements are used:
A. as an audit trail for EDI transactions.
B. to functionally describe the IS department.
C. to document user roles and responsibilities.
D. as a functional description of application software.
Answer
A. as an audit trail for EDI transactions.
Explanation
Functional acknowledgements are standard EDI transactions that tell trading partners that their electronic documents were received. Different types of functional acknowledgments provide various levels of detail and, therefore, can act as an audit trail for EDI transactions. The other choices are not relevant to the description of functional acknowledgements.
CISA Question 547
Question
To reduce the possibility of losing data during processing, the FIRST point at which control totals should be implemented is:
A. during data preparation.
B. in transit to the computer.
C. between related computer runs.
D. during the return of the data to the user department.
Answer
A. during data preparation.
Explanation
During data preparation is the best answer, because it establishes control at the earliest point.
CISA Question 548
Question
The editing/validation of data entered at a remote site would be performed MOST effectively at the:
A. central processing site after running the application system.
B. central processing sire during the running of the application system.
C. remote processing site after transmission of the data to the central processing site.
D. remote processing site prior to transmission of the data to the central processing site.
Answer
D. remote processing site prior to transmission of the data to the central processing site.
Explanation
It is important that the data entered from a remote site is edited and validated prior to transmission to the central processing site.
CISA Question 549
Question
Information for detecting unauthorized input from a terminal would be BEST provided by the:
A. console log printout.
B. transaction journal.
C. automated suspense file listing.
D. user error report.
Answer
B. transaction journal.
Explanation
The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input.
A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error occurred, while the user error report would only list input that resulted in an edit error.
CISA Question 550
Question
Before implementing controls, management should FIRST ensure that the controls:
A. satisfy a requirement in addressing a risk issue.
B. do not reduce productivity.
C. are based on a cost-benefit analysis.
D. are detective or corrective.
Answer
A. satisfy a requirement in addressing a risk issue.
Explanation
When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls.
Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.