Download New Updated (July) Isaca CISA Actual Test 411-420

Ensurepass

 

QUESTION 411

A benefit of open system architecture is that it:

 

A.

facilitates interoperability.

B.

facilitates the integration of proprietary components.

C.

will be a basis for volume discounts from equipment vendors.

D.

allows for the achievement of more economies of scale for equipment.

 

Correct Answer: A

Explanation:

Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers’ systems cannot or will not interface with existing
systems.

 

 

QUESTION 412

Which of the following would an IS auditor consider to be the MOST important when evaluating an organization’s IS strategy? That it:

 

A.

has been approved by line management.

B.

does not vary from the IS department’s preliminary budget.

C.

complies with procurement procedures.

D.

supports the business objectives of the organization.

 

Correct Answer: D

Explanation:

Strategic planning sets corporate or department objectives into motion. Both long-term and short-term strategic plans should be consistent with the organization’s broader plans and business objectives for attaining these goals. Choice A is incorrectsince line management prepared the plans.

 

 

QUESTION 413

Which of the following is the PRIMARY objective of an IT performance measurement process?

 

A.

Minimize errors

B.

Gather performance data

C.

Establish performance baselines

D.

Optimize performance

 

Correct Answer: D

Explanation:

An IT performance measurement process can be used to optimize performance, measure and manage products/services, assure accountability and make budget decisions. Minimizing errors is an aspect of performance, but not the primary objective of performance management. Gathering performance data is a phase of IT measurement process and would be used to evaluate the performance against previously established performance baselines.

 

 

QUESTION 414

With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?

 

A.

Outsourced activities are core and provide a differentiated advantage to the organization.

B.

Periodic renegotiation is specified in the outsourcing contract.

C.

The outsourcing contract fails to cover every action required by the arrangement.

D.

Similar activities are outsourced to more than one vendor.

 

Correct Answer: A

Explanation:

An organization’s core activities generally should not be outsourced, because they are what the organization does best; an IS auditor observing that should be concerned. An IS auditor should not be concerned about the other conditions because specification of periodic renegotiation in the outsourcing contract is a best practice. Outsourcing contracts cannot be expected to cover every action and detail expected of the parties involved, while multisourcing is an acceptable way to reduce risk.

 

 

QUESTION 415

Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

 

A.

Deleting database activity logs

B.

Implementing database optimization tools

C.

Monitoring database usage

D.

Defining backup and recovery procedures

 

Correct Answer: A

Explanation:

Since database activity logs record activities performed by the database administrator (DBA), deleting them should be performed by an individual other than the DBA. This is a compensating control to aid in ensuring an appropriate segregation of duties and is associated with the DBA’s role. A DBA should perform the other activities as part of the normal operations.

 

 

QUESTION 416

To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?

 

A.

O/S and hardware refresh frequencies

B.

Gain-sharing performance bonuses

C.

Penalties for noncompliance

D.

Charges tied to variable cost metrics

 

Correct Answer: B

Explanation:

Because the outsourcer will share a percentage of the achieved savings, gain-sharing performance bonuses provide a financial incentive to go above and beyond the stated terms of the contract and can lead to cost savings for the client. Refresh frequencies and penalties for noncompliance would only encourage the outsourcer to meet minimum requirements. Similarly, tying charges to variable cost metrics would not encourage the outsourcer to seek additional efficiencies that might benefit the client.

 

 

QUESTION 417

An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:

 

A.

report that the control is operating effectively since deactivation happens within the time frame stated in the IS policy.

B.

verify that user access rights have been granted on a need-to-have basis.

C.

recommend changes to the IS policy to ensure deactivation of user IDs upon termination.

D.

recommend that activity logs of terminated users be reviewed on a regular basis.

 

Correct Answer: C

Explanation:

Although a policy provides a reference for performing IS audit assignments, an IS auditor needs to review the adequacy and the appropriateness of the policy. If, in the opinion of the auditor, the time frame defined for deactivation is inappropriate,the auditor needs to communicate this to management and recommend changes to the policy. Though the deactivation happens as stated in the policy, it cannot be concluded that the control is effective. Best practice would require that the ID of a terminated user be deactivated immediately. Verifying that user access rights have been granted on a need-to-have basis is necessary when permissions are granted. Recommending that activity logs of terminated users be reviewed on a regular basis is a good practice, but not as effective as deactivation upon termination.

 

 

QUESTION 418

Which of the following BEST supports the prioritization of new IT projects?

 

A.

Internal control self-assessment (CSA)

B.

Information systems audit

C.

Investment portfolio analysis

D.

Business risk assessment

 

Correct Answer: C

Explanation:

It is most desirable to conduct an investment portfolio analysis, which will present not only a clear focus on investment strategy, but will provide the rationale for terminating nonperforming IT projects. Internal control self-assessment {CSA} may highlight noncompliance to the current policy, but may not necessarily be the best source for driving the prioritization of IT projects. Like internal CSA, IS audits may provide only part of the picture for the prioritization of IT projects. Businessrisk analysis is part of the investment portfolio analysis but, by itself, is not the best method for prioritizing new IT projects.

 

 

QUESTION 419

Effective IT governance requires organizational structures and processes to ensure that:

 

A.

the organization’s strategies and objectives extend the IT strategy.

B.

the business strategy is derived from an IT strategy.

C.

IT governance is separate and distinct from the overall governance.

D.

the IT strategy extends the organization’s strategies and objectives.

 

Correct Answer: D

Explanation:

Effective IT governance requires that board and executive management extend governance to IT and provide the leadership, organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategiesand objectives, and that the strategy is aligned with business strategy. Choice A is incorrect because it is the IT strategy that extends the organizational objectives, not the opposite. IT governance is not an isolated discipline; it must become anintegral part of the overall enterprise governance.

 

 

QUESTION 420

In reviewing the IS short-range (tactical) plan, an IS auditor should determine whether:

 

A.

there is an integration of IS and business staffs within projects.

B.

there is a clear definition of the IS mission and vision.

C.

a strategic information technology planning methodology is in place.

D.

the plan correlates business objectives to IS goals and objectives.

 

Correct Answer: A

Explanation:

The integration of IS and business staff in projects is an operational issue and should be considered while reviewing the short-range plan. A strategic plan would provide a framework for the IS short-range plan. Choices B, C and D are areas covered by a strategic plan.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …