Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 6

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 571

Question

An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort?

A. Program evaluation review technique (PERT)
B. Counting source lines of code (SLOC)
C. Function point analysis
D. White box testing

Answer

C. Function point analysis

Explanation

Function point analysis is an indirect method of measuring the size of an application by considering the number and complexity of its inputs, outputs and files. It is useful for evaluating complex applications. PERT is a project management technique that helps with both planning and control. SLOC gives a direct measure of program size, but does not allow for the complexity that may be caused by having multiple, linked modules and a variety of inputs and outputs. White box testing involves a detailed review of the behavior of program code, and is a quality assurance technique suited to simpler applications during the design and build stage of development.

CISA Question 572

Question

Change control for business application systems being developed using prototyping could be complicated by the:

A. iterative nature of prototyping.
B. rapid pace of modifications in requirements and design.
C. emphasis on reports and screens.
D. lack of integrated tools.

Answer

B. rapid pace of modifications in requirements and design.

Explanation

Changes in requirements and design happen so quickly that they are seldom documented or approved. Choices A, C and D are characteristics of prototyping, but they do not have an adverse effect on change control.

CISA Question 573

Question

The reason for establishing a stop or freezing point on the design of a new system is to:

A. prevent further changes to a project in process.
B. indicate the point at which the design is to be completed.
C. require that changes after that point be evaluated for cost-effectiveness.
D. provide the project management team with more control over the project design.

Answer

C. require that changes after that point be evaluated for cost-effectiveness.

Explanation

Projects often have a tendency to expand, especially during the requirements definition phase. This expansion often grows to a point where the originally anticipated cost-benefits are diminished because the cost of the project has increased. When this occurs, it is recommended that the project be stopped or frozen to allow a review of all of the cost- benefits and the payback period.

CISA Question 574

Question

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?

A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development

Answer

B. PERT chart

Explanation

A PERT chart will help determine project duration once all the activities and the work involved with those activities are known. Function point analysis is a technique for determining the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries, logical internal files, etc. While this will help determine the size of individual activities, it will not assist in determining project duration since there are many overlapping tasks. Rapid application development is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality, while objectoriented system development is the process of solution specification and modeling.

CISA Question 575

Question

The most common reason for the failure of information systems to meet the needs of users is that:

A. user needs are constantly changing.
B. the growth of user requirements was forecast inaccurately.
C. the hardware system limits the number of concurrent users.
D. user participation in defining the system’s requirements was inadequate.

Answer

D. user participation in defining the system’s requirements was inadequate.

Explanation

Lack of adequate user involvement, especially in the system’s requirements phase, will usually result in a system that does not fully or adequately address the needs of the user. Only users can define what their needs are, and therefore what the system should accomplish.

CISA Question 576

Question

Which of the following risks could result from inadequate software baselining?

A. Scope creep
B. Sign-off delays
C. Software integrity violations
D. inadequate controls

Answer

A. Scope creep

Explanation

A software baseline is the cut-off point in the design and development of a system beyond which additional requirements or modifications to the design do not or cannot occur without undergoing formal strict procedures for approval based on a business cost-benefit analysis. Failure to adequately manage the requirements of a system through baselining can result in a number of risks. Foremost among these risks is scope creep, the process through which requirements change during development. Choices, C and D may not always result, but choice A is inevitable.

CISA Question 577

Question

Documentation of a business case used in an IT development project should be retained until:

A. the end of the system’s life cycle.
B. the project is approved.
C. user acceptance of the system.
D. the system is in production.

Answer

A. the end of the system’s life cycle.

Explanation

A business case can and should be used throughout the life cycle of the product. It serves as an anchor for new (management) personnel, helps to maintain focus and provides valuable information on estimates vs. actuals. Questions like, “why do we do that”, “What was the original intent” and “how did we perform against the plan” can be answered, and lessons for developing future business cases can be learned. During the development phase of a project one should always validate the business case, as it is a good management instrument.
After finishing a project and entering production, the business case and all the completed research are valuable sources of information that should be kept for further reference

CISA Question 578

Question

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

A. a clear business case has been approved by management.
B. corporate security standards will be met.
C. users will be involved in the implementation plan.
D. the new system will meet all required user functionality.

Answer

A. a clear business case has been approved by management.

Explanation

The first concern of an IS auditor should be to establish that the proposal meets the needs of the business, and this should be established by a clear business case. Although compliance with security standards is essential, as is meeting the needs of the users and having users involved in the implementation process, it is too early in the procurement process for these to be an IS auditor’s first concern.

CISA Question 579

Question

Which of the following is the PRIMARY objective of an IT performance measurement process?

A. Minimize errors
B. Gather performance data
C. Establish performance baselines
D. Optimize performance

Answer

D. Optimize performance

Explanation

An IT performance measurement process can be used to optimize performance, measure and manage products/services, assure accountability and make budget decisions. Minimizing errors is an aspect of performance, but not the primary objective of performance management.
Gathering performance data is a phase of IT measurement process and would be used to evaluate the performance against previously established performance baselines.

CISA Question 580

Question

Before implementing an IT balanced scorecard, an organization must:

A. deliver effective and efficient services.
B. define key performance indicators.
C. provide business value to IT projects.
D. control IT expenses.

Answer

B. define key performance indicators.

Explanation

A definition of key performance indicators is required before implementing an IT balanced scorecard. Choices A, C and D are objectives.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker