Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 6

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 541

Question

Which of the following will BEST ensure the successful offshore development of business applications?

A. Stringent contract management practices
B. Detailed and correctly applied specifications
C. Awareness of cultural and political differences
D. Post implementation reviews

Answer

B. Detailed and correctly applied specifications

Explanation

When dealing with offshore operations, it is essential that detailed specifications be created. Language differences and a lack of interaction between developers and physically remote end users could create gaps in communication in which assumptions and modifications may not be adequately communicated. Contract management practices, cultural and political differences, and post implementation reviews, although important, are not as pivotal to the success of the project.

CISA Question 542

Question

Which of the following is the GREATEST risk when implementing a data warehouse?

A. increased response time on the production systems
B. Access controls that are not adequate to prevent data modification
C. Data duplication
D. Data that is not updated or current

Answer

B. Access controls that are not adequate to prevent data modification

Explanation

Once the data is in a warehouse, no modifications should be made to it and access controls should be in place to prevent data modification.
Increased response time on the production systems is not a risk, because a data warehouse does not impact production data. Based on data replication, data duplication is inherent in a data warehouse. Transformation of data from operational systems to a data warehouse is done at predefined intervals, and as such, data may not be current.

CISA Question 543

Question

What control detects transmission errors by appending calculated bits onto the end of each segment of data?

A. Reasonableness check
B. Parity check
C. Redundancy check
D. Check digits

Answer

C. Redundancy check

Explanation

A redundancy check detects transmission errors by appending calculated bits onto the end of each segment of data. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the data. A parity check is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission.
Check digits detect transposition and transcription errors.

CISA Question 544

Question

What process uses test data as part of a comprehensive test of program controls in a continuous online manner?

A. Test data/deck
B. Base-case system evaluation
C. Integrated test facility (ITF)
D. Parallel simulation

Answer

B. Base-case system evaluation

Explanation

A base-case system evaluation uses test data sets developed as part of comprehensive testing programs, it is used to verify correct systems operations before acceptance, as well as periodic validation. Test data/deck simulates transactions through real programs. An ITF creates fictitious files in the database with test transactions processed simultaneously with live input. Parallel simulation is the production of data processed using computer programs that simulate application program logic.

CISA Question 545

Question

A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

A. validation controls.
B. internal credibility checks.
C. clerical control procedures.
D. automated systems balancing.

Answer

D. automated systems balancing.

Explanation

Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction. Validation controls and internal credibility checks are certainly valid controls, but will not detect and report lost transactions. In addition, although a clerical procedure could be used to summarize and compare inputs and outputs, an automated process is less susceptible to error.

CISA Question 546

Question

Functional acknowledgements are used:

A. as an audit trail for EDI transactions.
B. to functionally describe the IS department.
C. to document user roles and responsibilities.
D. as a functional description of application software.

Answer

A. as an audit trail for EDI transactions.

Explanation

Functional acknowledgements are standard EDI transactions that tell trading partners that their electronic documents were received. Different types of functional acknowledgments provide various levels of detail and, therefore, can act as an audit trail for EDI transactions. The other choices are not relevant to the description of functional acknowledgements.

CISA Question 547

Question

To reduce the possibility of losing data during processing, the FIRST point at which control totals should be implemented is:

A. during data preparation.
B. in transit to the computer.
C. between related computer runs.
D. during the return of the data to the user department.

Answer

A. during data preparation.

Explanation

During data preparation is the best answer, because it establishes control at the earliest point.

CISA Question 548

Question

The editing/validation of data entered at a remote site would be performed MOST effectively at the:

A. central processing site after running the application system.
B. central processing sire during the running of the application system.
C. remote processing site after transmission of the data to the central processing site.
D. remote processing site prior to transmission of the data to the central processing site.

Answer

D. remote processing site prior to transmission of the data to the central processing site.

Explanation

It is important that the data entered from a remote site is edited and validated prior to transmission to the central processing site.

CISA Question 549

Question

Information for detecting unauthorized input from a terminal would be BEST provided by the:

A. console log printout.
B. transaction journal.
C. automated suspense file listing.
D. user error report.

Answer

B. transaction journal.

Explanation

The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input.
A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error occurred, while the user error report would only list input that resulted in an edit error.

CISA Question 550

Question

Before implementing controls, management should FIRST ensure that the controls:

A. satisfy a requirement in addressing a risk issue.
B. do not reduce productivity.
C. are based on a cost-benefit analysis.
D. are detective or corrective.

Answer

A. satisfy a requirement in addressing a risk issue.

Explanation

When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls.
Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker