Exam Code: CISA (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Isaca CISA
Certification Provider: Isaca
Free Today! Guaranteed Training- Pass CISA Exam.
2016 May CISA Study Guide Questions:
Q191. - (Topic 3)
Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
A. Deleting database activity logs
B. Implementing database optimization tools
C. Monitoring database usage
D. Defining backup and recovery procedures
Since database activity logs record activities performed by the database administrator (DBA), deleting them should be performed by an individual other than the DBA. This is a compensating control to aid in ensuring an appropriate segregation of duties and is associated with the DBA's role. A DBA should perform the other activities as part of the normal operations.
Q192. - (Topic 4)
During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:
A. test the software for compatibility with existing hardware.
B. perform a gap analysis.
C. review the licensing policy.
D. ensure that the procedure had been approved.
In the case of a deviation from the predefined procedures, an IS auditor should first ensure that the procedure followed for acquiring the software is consistent with the business objectives and has been approved by the appropriate authorities. The other choices are not the first actions an IS auditor should take. They are steps that may or may not be taken after determining that the procedure used to acquire the software had been approved.
Q193. - (Topic 1)
Off-site data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from which of the following? Choose the BEST answer.
A. Financial reporting
B. Sales reporting
C. Inventory reporting
D. Transaction processing
Explanation: Off-site data storage should be kept synchronized when preparing for the recovery of timesensitive data such as that resulting from transaction processing.
Most up-to-date braindump 70-486:
Q194. - (Topic 1)
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report
A before-and-after maintenance report is the best answer because a visual review would provide the most positive verification that updating was proper.
Q195. - (Topic 3)
When an organization is outsourcing their information security function, which of the following should be kept in the organization?
A. Accountability for the corporate security policy
B. Defining the corporate security policy
C. Implementing the corporate security policy
D. Defining security procedures and guidelines
Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.
Q196. - (Topic 1)
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation
A global enterprise product reengineering (EPR) software package can be applied to a business to replace, simplify and improve the quality of IS processing. Documentation is intended to help understand how, why and which solutions that have been selected and implemented, and therefore must be specific to the project. Documentation is also intended to support quality assurance and must be comprehensive.
Accurate books for exam 70-486:
Q197. - (Topic 1)
What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.
A. Lack of funding
B. Inadequate user participation during system requirements definition
C. Inadequate senior management participation during system requirements definition
D. Poor IT strategic planning
Explanation: Inadequate user participation during system requirements definition is the most common reason for information systems to fail to meet the needs of users.
Q198. - (Topic 4)
An advantage in using a bottom-up vs. a top-down approach to software testing is that:
A. interface errors are detected earlier.
B. confidence in the system is achieved earlier.
C. errors in critical modules are detected earlier.
D. major functions and processing are tested earlier.
The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that there is no need for stubs or drivers and errors in critical modules are found earlier. The other choices in this question all refer to advantages of a top-down approach, which follows the opposite path, either in depth-first or breadth-first search order.
Q199. - (Topic 1)
Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?
A. Proper authentication
B. Proper identification AND authentication
C. Proper identification
D. Proper identification, authentication, AND authorization
Explanation: If proper identification and authentication are not performed during access control, no accountability can exist for any action performed.
Q200. - (Topic 3)
Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?
A. Time zone differences could impede communications between IT teams.
B. Telecommunications cost could be much higher in the first year.
C. Privacy laws could prevent cross-border flow of information.
D. Software development may require more detailed specifications.
Privacy laws prohibiting the cross-border flow of personally identifiable information would make it impossible to locate a data warehouse containing customer information in another country. Time zone differences and higher telecommunications costs are more manageable. Software development typically requires more detailed specifications when dealing with offshore operations.
see more Isaca CISA