Proper study guides for Improve Isaca Isaca CISA certified begins with Isaca CISA preparation products which designed to deliver the Breathing CISA questions by making you pass the CISA test at your first time. Try the free CISA demo right now.
2016 Jul CISA practice test
Q231. - (Topic 1)
Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
Explanation: Database snapshots can provide an excellent audit trail for an IS auditor.
Q232. - (Topic 3)
An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:
A. documentation of staff background checks.
B. independent audit reports or full audit access.
C. reporting the year-to-year incremental cost reductions.
D. reporting staff turnover, development or training.
When the functions of an IS department are outsourced, an IS auditor should ensure that a provision is made for independent audit reports that cover all essential areas, or that the outsourcer has full audit access. Although it is necessary to document the fact that background checks are performed, this is not as important as provisions for audits. Financial measures such as year-to-year incremental cost reductions are desirable to have in a service level agreement (SLA); however, cost reductions are not as important as the availability of independent audit reports or full audit access. An SLA might include human relationship measures such as resource planning, staff turnover, development or training, but this is not as important as the requirements for independent reports or full audit access by the outsourcing organization.
Q233. - (Topic 4)
What process uses test data as part of a comprehensive test of program controls in a continuous online manner?
A. Test data/deck
B. Base-case system evaluation
C. Integrated test facility (ITF)
D. Parallel simulation
A base-case system evaluation uses test data sets developed as part of comprehensive testing programs, it is used to verify correct systems operations before acceptance, as well as periodic validation. Test data/deck simulates transactions through real programs. An ITF creates fictitious files in the database with test transactions processed simultaneously with live input. Parallel simulation is the production of data processed using computer programs that simulate application program logic.
Q234. - (Topic 2)
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:
A. information assets are overprotected.
B. a basic level of protection is applied regardless of asset value.
C. appropriate levels of protection are applied to information assets.
D. an equal proportion of resources are devoted to protecting all information assets.
Full risk assessment determines the level of protection most appropriate to a given level of risk, while the baseline approach merely applies a standard set of protection regardless of risk. There is a cost advantage in not overprotecting information. However, an even bigger advantage is making sure that no information assets are over- or underprotected. The risk assessment approach will ensure an appropriate level of protection is applied, commensurate with the level of risk and asset value and, therefore, considering asset value. The baseline approach does not allow more resources to be directed toward the assets at greater risk, rather than equally directing resources to all assets.
Q235. - (Topic 4)
Which of the following is the PRIMARY purpose for conducting parallel testing?
A. To determine if the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements
The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements. Parallel testing may show that the old system is, in fact, better than the new system, but this is not the primary reason. Unit and system testing are completed before parallel testing. Program interfaces with files are tested for errors during system testing.
Avant-garde CISA exam fees:
Q236. - (Topic 2)
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A. Multiple cycles of backup files remain available.
B. Access controls establish accountability for e-mail activity.
C. Data classification regulates what information should be communicated via e-mail.
D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
Backup files containing documents that supposedly have been deleted could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the e-mail. Data classification standards may be in place with regards to what should be communicated via e-mail, but the creation of the policy does not provide the information required for litigation purposes.
Q237. - (Topic 1)
Which of the following is a guiding best practice for implementing logical access controls?
A. Implementing the Biba Integrity Model
B. Access is granted on a least-privilege basis, per the organization's data owners
C. Implementing the Take-Grant access control model
D. Classifying data according to the subject's requirements
Explanation: Logical access controls should be reviewed to ensure that access is granted on a least-privilege basis, per the organization's data owners.
Q238. - (Topic 1)
What often results in project scope creep when functional requirements are not defined as well as they could be?
A. Inadequate software baselining
B. Insufficient strategic planning
C. Inaccurate resource allocation
D. Project delays
Explanation: Inadequate software baselining often results in project scope creep because functional requirements are not defined as well as they could be.
Q239. - (Topic 1)
What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?
A. Document existing internal controls
B. Perform compliance testing on internal controls
C. Establish a controls-monitoring steering committee
D. Identify high-risk areas within the organization
Explanation: When implementing continuous-monitoring systems, an IS auditor's first step is to identify highrisk areas within the organization.
Q240. - (Topic 2)
When developing a risk-based audit strategy, an IS auditor should conduct a risk
assessment to ensure that:
A. controls needed to mitigate risks are in place.
B. vulnerabilities and threats are identified.
C. audit risks are considered.
D. a gap analysis is appropriate.
In developing a risk-based audit strategy, it is critical that the risks and vulnerabilities be understood. This will determine the areas to be audited and the extent of coverage. Understanding whether appropriate controls required to mitigate risksare in place is a resultant effect of an audit. Audit risks are inherent aspects of auditing, are directly related to the audit process and are not relevant to the risk analysis of the environment to be audited. A gap analysis would normally be doneto compare the actual state to an expected or desirable state.
see more Isaca CISA