Page 1

Isaca Exam CISA Certified Information Systems Auditor Verson: Demo

[ Total Questions: 10 ]

Isaca CISA : Braindumps Questions Topic 2, IS AUDIT PROCESS (80 PRACTICE QUESTIONS)

Question No : 1 - (Topic 2) An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit? A. Design further tests of the calculations that are in error. B. Identify variables that may have caused the test results to be inaccurate. C. Examine some of the test cases to confirm the results. D. Document the results and prepare a report of findings, conclusions and recommendations. Answer: C Explanation: An IS auditor should next examine cases where incorrect calculations occurred and confirm the results. After the calculations have been confirmed, further tests can be conducted and reviewed. Report preparation, findings and recommendations would notbe made until all results are confirmed.


Question No : 2 - (Topic 3) Which of the following is the MOST important function to be performed by IS management when a service has been outsourced? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance Answer: D Explanation: In an outsourcing environment, the company is dependent on the performance of the service provider. Therefore, it is critical the outsourcing provider's performance be monitored to ensure that services are delivered to the company as required. Payment of invoices is a finance function, which would be completed per contractual requirements. Participating in systems design is a byproduct of monitoring the outsourcing provider's 100% Success with Dumps4Download


Isaca CISA : Braindumps Questions performance, while renegotiating fees is usually a one-time activity.

Question No : 3 - (Topic 3) An IS auditor reviewing the risk assessment process of an organization should FIRST: A. identify the reasonable threats to the information assets. B. analyze the technical and organizational vulnerabilities. C. identify and rank the information assets. D. evaluate the effect of a potential security breach. Answer: C Explanation: Identification and ranking of information assets-e.g., data criticality, locations of assets-will set the tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organization's assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given controls, would impact the organization information assets.


Question No : 4 - (Topic 4) The specific advantage of white box testing is that it: A. verifies a program can operate successfully with other parts of the system. B. ensures a program's functional operating effectiveness without regard to the internal program structure. C. determines procedural accuracy or conditions of a program's specific logic paths. D. examines a program's functionality by executing it in a tightly controlled or virtual environment with restricted access to the host system. Answer: C Explanation: White box testing assesses the effectiveness of software program logic. Specifically, test data are used in determining procedural accuracy or conditions of a program's logic paths.

100% Success with Dumps4Download


Isaca CISA : Braindumps Questions Verifying the program can operate successfully with other parts of the system is sociability testing. Testing the program's functionality without knowledge of internal structures is black box testing. Controlled testing of programs in a semi-debugged environment, either heavily controlled step-by-step or via monitoring in virtual machines, is sand box testing.

Question No : 5 - (Topic 4) When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST? A. The project budget B. The critical path for the project C. The length of the remaining tasks D. The personnel assigned to other tasks Answer: B Explanation: Since adding resources may change the route of the critical path, the critical path must be reevaluated to ensure that additional resources will in fact shorten the project duration. Given that there may be slack time available on some of the other tasks not on the critical path, factors such as the project budget, the length of other tasks and the personnel assigned to them may or may not be affected.


Question No : 6 - (Topic 5) In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications Answer: C Explanation: While it would be preferred that strict separation of duties be adhered to and that additional

100% Success with Dumps4Download


Isaca CISA : Braindumps Questions staff is recruited as suggested in choice B, this practice is not always possible in small organizations. An IS auditor must look at recommended alternative processes. Of the choices, C is the only practical one that has an impact. An IS auditor should recommend processes that detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. Choice A, involving logging of changes to development libraries, would not detect changes to production libraries. Choice D is in effect requiring a third party to do the changes, which may not be practical in a small organization.


Question No : 7 - (Topic 6) Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)? A. Palm scan B. Face recognition C. Retina scan D. Hand geometry Answer: C Explanation: Retina scan uses optical technology to map the capillary pattern of an eye's retinA. This is highly reliable and has the lowest false-acceptance rate (FAR) among the current biometric methods. Use of palm scanning entails placing a hand on a scannerwhere a palm's physical characteristics are captured. Hand geometry, one of the oldest techniques, measures the physical characteristics of the user's hands and fingers from a three dimensional perspective. The palm and hand biometric techniques lackuniqueness in the geometry datA. In face biometrics, a reader analyzes the images captured for general facial characteristics. Though considered a natural and friendly biometric, the main disadvantage of face recognition is the lack of uniqueness, which means that people looking alike can fool the device.

Question No : 8 - (Topic 6) Disabling which of the following would make wireless local area networks more secure

100% Success with Dumps4Download


Isaca CISA : Braindumps Questions against unauthorized access? A. MAC (Media Access Control) address filtering B. WPA (Wi-Fi Protected Access Protocol) C. LEAP (Lightweight Extensible Authentication Protocol) D. SSID (service set identifier) broadcasting Answer: D Explanation: Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the name of the access point. Disabling MAC address filtering would reduce security. Using MAC filtering makes it more difficult to access a WLAN, because it would be necessary to catch traffic and forge the MAC address. Disabling WPA reduces security. Using WPA adds security by encrypting the traffic. Disabling LEAP reduces security. Using LEAP adds security by encrypting the wireless traffic.

Question No : 9 - (Topic 6) Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. integrity checkers D. Vaccines Answer: C Explanation: Integrity checkers compute a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check (CRC). When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in the program has occurred. A change in the program could mean a virus. Scanners look for sequences of bits called signatures that are typical of virus programs. They examine memory, disk boot sectors, executables and command files for bit patterns that match a known virus. Therefore, scanners need to be updated periodically to remain effective. Active monitors interpret DOS and ROM basic input-output system (BIOS) calls, looking for virus-like actions. Active monitors can be misleading, because they cannot distinguish between a user request and a program or virus request. As a result, users are asked to confirm actions like formatting a disk or deleting a file or set of files. Vaccines are known to be good antivirus software. However, they also need to be updated periodically to remain effective. 100% Success with Dumps4Download


Isaca CISA : Braindumps Questions

Topic 8, Mixed Questions

Question No : 10 - (Topic 8) Why is it not preferable for a firewall to treat each network frame or packet in isolation? A. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. B. Such a firewall is costly to setup. C. Such a firewall is too complicated to maintain. D. Such a firewall is CPU hungry. E. Such a firewall offers poor compatibility. F. None of the choices. Answer: A Explanation: A stateless firewall treats each network frame or packet in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.

100% Success with Dumps4Download


Released CISA Isaca Certified Information Systems Auditor Exam Dumps  

CISA braindumps is the most valid dumps material that can be valuable for you to pro your CISA exam by the principal endeavor. Each point ha...

Released CISA Isaca Certified Information Systems Auditor Exam Dumps  

CISA braindumps is the most valid dumps material that can be valuable for you to pro your CISA exam by the principal endeavor. Each point ha...