The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 931
- Question
- Answer
- Explanation
- CISA Question 932
- Question
- Answer
- Explanation
- CISA Question 933
- Question
- Answer
- Explanation
- CISA Question 934
- Question
- Answer
- Explanation
- CISA Question 935
- Question
- Answer
- Explanation
- CISA Question 936
- Question
- Answer
- Explanation
- CISA Question 937
- Question
- Answer
- Explanation
- CISA Question 938
- Question
- Answer
- Explanation
- CISA Question 939
- Question
- Answer
- Explanation
- CISA Question 940
- Question
- Answer
- Explanation
CISA Question 931
Question
Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?
A. Embedded audit module
B. Integrated test facility
C. Snapshots
D. Audit hooks
Answer
D. Audit hooks
Explanation
The audit hook technique involves embedding code in application systems for the examination of selected transactions. This helps an IS auditor to act before an error or an irregularity gets out of hand. An embedded audit module involves embedding specially-written software in the organization’s host application system so that application systems are monitored on a selective basis. An integrated test facility is used when it is not practical to use test data, and snapshots are used when an audit trail is required.
CISA Question 932
Question
In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?
A. Testing whether inappropriate personnel can change application parameters
B. Tracing purchase orders to a computer listing
C. Comparing receiving reports to purchase order details
D. Reviewing the application documentation
Answer
A. Testing whether inappropriate personnel can change application parameters
Explanation
To determine purchase order validity, testing access controls will provide the best evidence. Choices B and C are based on after-the-fact approaches, while choice D does not serve the purpose because what is in the system documentation may not be the same as what is happening.
CISA Question 933
Question
An IS auditor performing a review of an application’s controls would evaluate the:
A. efficiency of the application in meeting the business processes.
B. impact of any exposures discovered.
C. business processes served by the application.
D. application’s optimization.
Answer
B. impact of any exposures discovered.
Explanation
An application control review involves the evaluation of the application’s automated controls and an assessment of any exposures resulting from the control weaknesses. The other choices may be objectives of an application audit but are not part of an audit restricted to a review of controls.
CISA Question 934
Question
The BEST method of proving the accuracy of a system tax calculation is by:
A. detailed visual review and analysis of the source code of the calculation programs
B. recreating program logic using generalized audit software to calculate monthly totals.
C. preparing simulated transactions for processing and comparing the results to predetermined results.
D. automatic flowcharting and analysis of the source code of the calculation programs.
Answer
C. preparing simulated transactions for processing and comparing the results to predetermined results.
Explanation
Preparing simulated transactions for processing and comparing the results to predetermined results is the best method for proving accuracy of a tax calculation.
Detailed visual review, flowcharting and analysis of source code are not effective methods, and monthly totals would not address the accuracy of individual tax calculations.
CISA Question 935
Question
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of
the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?
A. Design further tests of the calculations that are in error.
B. Identify variables that may have caused the test results to be inaccurate.
C. Examine some of the test cases to confirm the results.
D. Document the results and prepare a report of findings, conclusions and recommendations.
Answer
C. Examine some of the test cases to confirm the results.
Explanation
An IS auditor should next examine cases where incorrect calculations occurred and confirm the results. After the calculations have been confirmed, further tests can be conducted and reviewed. Report preparation, findings and recommendations would not be made until all results are confirmed.
CISA Question 936
Question
Which of the following is an advantage of an integrated test facility (ITF)?
A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction.
B. Periodic testing does not require separate test processes.
C. It validates application systems and tests the ongoing operation of the system.
D. The need to prepare test data is eliminated.
Answer
B. Periodic testing does not require separate test processes.
Explanation
An integrated test facility creates a factitious entity in the database to process test transactions simultaneously with live input. Its advantage is that periodic testing does not require separate test processes. However, careful planning is necessary, and test data must be isolated from production data.
CISA Question 937
Question
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
A. evaluate the record retention plans for off-premises storage.
B. interview programmers about the procedures currently being followed.
C. compare utilization records to operations schedules.
D. review data file access records to test the librarian function.
Answer
B. interview programmers about the procedures currently being followed.
Explanation
Asking programmers about the procedures currently being followed is useful in determining whether access to program documentation is restricted to authorized persons. Evaluating the record retention plans for off-premises storage tests the recovery procedures, not the access control over program documentation. Testing utilization records or data files will not address access security over program documentation.
CISA Question 938
Question
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?
A. Availability of online network documentation
B. Support of terminal access to remote hosts
C. Handling file transfer between hosts and interuser communications
D. Performance management, audit and control
Answer
A. Availability of online network documentation
Explanation
Network operating system user features include online availability of network documentation. Other features would be user access to various resources of network hosts, user authorization to access particular resources, and the network and host computers used without special user actions or commands. Choices B, C and D are examples of network operating systems functions.
CISA Question 939
Question
An IS auditor reviews an organizational chart PRIMARILY for:
A. an understanding of workflows.
B. investigating various communication channels.
C. understanding the responsibilities and authority of individuals.
D. investigating the network connected to different employees.
Answer
C. understanding the responsibilities and authority of individuals.
Explanation
An organizational chart provides information about the responsibilities and authority of individuals in the organization. This helps an IS auditor to know if there is a proper segregation of functions. A workflow chart would provide information about the roles of different employees. A network diagram will provide information about the usage of various communication channels and will indicate the connection of users to the network.
CISA Question 940
Question
Which of the following forms of evidence for the auditor would be considered the MOST reliable?
A. An oral statement from the auditee
B. The results of a test performed by an IS auditor
C. An internally generated computer accounting report
D. A confirmation letter received from an outside source
Answer
D. A confirmation letter received from an outside source
Explanation
Evidence obtained from outside sources is usually more reliable than that obtained from within the organization. Confirmation letters received from outside parties, such as those used to verify accounts receivable balances, are usually highly reliable. Testing performed by an auditor may not be reliable, if the auditor did not have a good understanding of the technical area under review.