10 tips on How to CISA Test Like a Badass [271 to 280]

CISA Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!


The particular CISA software regarding Exambible may verify any testee if they should learn the Isaca CISA knowledge securely and also genuine answers. The particular Exambible CISA products are contain numerous select. Applicant can pick different package goods for that CISA pdf file or CISA vce software according to their own understand from the CISA circumstance.

2016 Jul CISA download

Q271. - (Topic 1) 

The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n): 

A. Implementor 

B. Facilitator 

C. Developer 

D. Sponsor 

Answer: B 

Explanation: The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator. 

Q272. - (Topic 3) 

From a control perspective, the key element in job descriptions is that they: 

A. provide instructions on how to do the job and define authority. 

B. are current, documented and readily available to the employee. 

C. communicate management's specific job performance expectations. 

D. establish responsibility and accountability for the employee's actions. 

Answer: D 


From a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management's specific expectations for job performance outlines the standard of performance and would not necessarily include controls. 

Q273. - (Topic 3) 

A poor choice of passwords and transmission over unprotected communications lines are examples of: 

A. vulnerabilities. 

B. threats. 

C. probabilities. 

D. impacts. 

Answer: A 


Vulnerabilities represent characteristics of information resources that may be exploited by a threat. Threats are circumstances or events with the potential to cause harm to information resources. Probabilities represent the likelihood of the occurrence of a threat, while impacts represent the outcome or result of a threat exploiting a vulnerability. 

Q274. - (Topic 1) 

How is the risk of improper file access affected upon implementing a database system? 

A. Risk varies. 

B. Risk is reduced. 

C. Risk is not affected. 

D. Risk is increased. 

Answer: D 

Explanation: Improper file access becomes a greater risk when implementing a database system. 

Q275. - (Topic 2) 

During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to: 

A. address audit objectives. 

B. collect sufficient evidence. 

C. specify appropriate tests. 

D. minimize audit resources. 

Answer: A 


ISACA auditing standards require that an IS auditor plan the audit work to address the audit objectives. Choice B is incorrect because the auditor does not collect evidence in the planning stage of an audit. Choices C and D are incorrect because theyare not the primary goals of audit planning. The activities described in choices B, C and D are all undertaken to address audit objectives and are thus secondary to choice A. 

CISA  exam cram

Up to date CISA torrent:

Q276. - (Topic 1) 

Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false? 

A. True 

B. False 

Answer: A 

Explanation: Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. 

Q277. - (Topic 2) 

The extent to which data will be collected during an IS audit should be determined based on the: 

A. availability of critical and required information. 

B. auditor's familiarity with the circumstances. 

C. auditee's ability to find relevant evidence. 

D. purpose and scope of the audit being done. 

Answer: D 


The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor's familiarity with the area being audited. Collecting all the required evidence is a required element of an IS audit, and thescope of the audit should not be limited by the auditee's ability to find relevant evidence. 

Q278. - (Topic 2) 

During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should: 

A. ask the auditee to sign a release form accepting full legal responsibility. 

B. elaborate on the significance of the finding and the risks of not correcting it. 

C. report the disagreement to the audit committee for resolution. 

D. accept the auditee's position since they are the process owners. 

Answer: B 


If the auditee disagrees with the impact of a finding, it is important for an IS auditor to elaborate and clarify the risks and exposures, as the auditee may not fully appreciate the magnitude of the exposure. The goal should be to enlighten the auditee or uncover new information of which an IS auditor may not have been aware. Anything that appears to threaten the auditee will lessen effective communications and set up an adversarial relationship. By the same token, an IS auditor should not automatically agree just because the auditee expresses an alternate point of view. 

Q279. - (Topic 3) 

When segregation of duties concerns exist between IT support staff and end users, what would be a suitable compensating control? 

A. Restricting physical access to computing equipment 

B. Reviewing transaction and application logs 

C. Performing background checks prior to hiring IT staff 

D. Locking user sessions after a specified period of inactivity 

Answer: B 


Only reviewing transaction and application logs directly addresses the threat posed by poor segregation of duties. The review is a means of detecting inappropriate behavior and also discourages abuse, because people who may otherwise be tempted to exploit the situation are aware of the likelihood of being caught. Inadequate segregation of duties is more likely to be exploited via logical access to data and computing resources rather than physical access. Choice C is a useful control to ensure ITstaff are trustworthy and competent but does not directly address the lack of an optimal segregation of duties. Choice D acts to prevent unauthorized users from gaining system access, but the issue of a lack of segregation of duties is more the misuse (deliberately or inadvertently} of access privileges that have officially been granted. 

Q280. - (Topic 3) 

An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task? 

A. Report the risks to the CIO and CEO immediately 

B. Examine e-business application in development 

C. Identify threats and likelihood of occurrence 

D. Check the budget available for risk management 

Answer: C 


An IS auditor must identify the assets, look for vulnerabilities, and then identify the threats and the likelihood of occurrence. Choices A, B and D should be discussed with the CIO, and a report should be delivered to the CEO. The report should include the findings along with priorities and costs. 

see more Isaca CISA