CISA pdf(311 to 320) for consumer: Jul 2016 Edition

CISA Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

https://www.2passeasy.com/dumps/CISA/

Exam Code: CISA (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Isaca CISA
Certification Provider: Isaca
Free Today! Guaranteed Training- Pass CISA Exam.

2016 Jul CISA exams

Q311. - (Topic 4) 

Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the: 

A. existence of a set of functions and their specified properties. 

B. ability of the software to be transferred from one environment to another. 

C. capability of software to maintain its level of performance under stated conditions. 

D. relationship between the performance of the software and the amount of resources used. 

Answer: A 

Explanation: 

Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs. Choice B refers to portability, choice C refers to reliability andchoice D refers to efficiency. 


Q312. - (Topic 1) 

Which of the following best characterizes "worms"? 

A. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email 

B. Programming code errors that cause a program to repeatedly dump data 

C. Malicious programs that require the aid of a carrier program such as email 

D. Malicious programs that masquerade as common applications such as screensavers or macro-enabled Word documents 

Answer: A 

Explanation: Worms are malicious programs that can run independently and can propagate without the aid of a carrier program such as email. 


Q313. - (Topic 1) 

How does the SSL network protocol provide confidentiality? 

A. Through symmetric encryption such as RSA 

B. Through asymmetric encryption such as Data Encryption Standard, or DES 

C. Through asymmetric encryption such as Advanced Encryption Standard, or AES 

D. Through symmetric encryption such as Data Encryption Standard, or DES 

Answer: D 

Explanation: The SSL protocol provides confidentiality through symmetric encryption such as Data Encryption Standard, or DES. 


Q314. - (Topic 1) 

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do? Choose the BEST answer. 

A. Lack of IT documentation is not usually material to the controls tested in an IT audit. 

B. The auditor should at least document the informal standards and policies. Furthermore, the IS auditor should create formal documented policies to be implemented. 

C. The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented. 

D. The auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should create formal documented policies to be implemented. 

Answer: C 

Explanation: If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, the auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented. 


Q315. - (Topic 4) 

An appropriate control for ensuring the authenticity of orders received in an EDI application is to: 

A. acknowledge receipt of electronic orders with a confirmation message. 

B. perform reasonableness checks on quantities ordered before filling orders. 

C. verify the identity of senders and determine if orders correspond to contract terms. 

D. encrypt electronic orders. 

Answer: C 

Explanation: 

An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern. Acknowledging the receipt of electronic orders with a confirming message is good practice but will not authenticate orders from customers. Performing reasonableness checkson quantities ordered before placing orders is a control for ensuring the correctness of the company's orders, not the authenticity of its customers' orders. Encrypting sensitive messages is an appropriate step but does not apply to messages received. 


CISA  test

Rebirth CISA real exam:

Q316. - (Topic 1) 

Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer. 

A. Documented routines 

B. Authorized routines 

C. Accepted routines 

D. Approved routines 

Answer: B 

Explanation: Processing controls ensure that data is accurate and complete, and is processed only through authorized routines. 


Q317. - (Topic 1) 

Run-to-run totals can verify data through which stage(s) of application processing? 

A. Initial 

B. Various 

C. Final 

D. Output 

Answer: B 

Explanation: Run-to-run totals can verify data through various stages of application processing. 


Q318. - (Topic 2) 

The PRIMARY purpose of audit trails is to: 

A. improve response time for users. 

B. establish accountability and responsibility for processed transactions. 

C. improve the operational efficiency of the system. 

D. provide useful information to auditors who may wish to track transactions 

Answer: B 

Explanation: 

Enabling audit trails helps in establishing the accountability and responsibility of processed transactions by tracing transactions through the system. The objective of enabling software to provide audit trails is not to improve system efficiency, since it often involves additional processing which may in fact reduce response time for users. Enabling audit trails involves storage and thus occupies disk space. Choice D is also a valid reason; however, it is not the primary reason. 


Q319. - (Topic 1) 

As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence? 

A. The same value. 

B. Greater value. 

C. Lesser value. 

D. Prior audit reports are not relevant. 

Answer: C 

Explanation: Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization's IT process than evidence directly collected. 


Q320. - (Topic 1) 

Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer. 

A. IT strategic plan 

B. Business continuity plan 

C. Business impact analysis 

D. Incident response plan 

Answer: B 

Explanation: Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of a business continuity plan. 



see more Isaca CISA