Download New Updated (July) Isaca CISA Actual Test 431-440

Ensurepass

 

QUESTION 431

Following best practices, formal plans for implementation of new information systems are developed during the:

 

A.

development phase.

B.

design phase.

C.

testing phase.

D.

deployment phase.

 

Correct Answer: B

Explanation:

Planning for implementation should begin well in advance of the actual implementation date. A formal implementation plan should be constructed in the design phase and revised as the development progresses.

 

 

QUESTION 432

In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as:

 

A.

isolation.

B.

consistency.

C.

atomicity.

D.

durability.

 

Correct Answer: C

Explanation:

The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out. Consistency ensures that all integrity conditions in the databasebe mai
ntained with each transaction. Isolation ensures that each transaction is isolated from other transactions; hence, each transaction only accesses data that are part of a consistent database state. Durability ensures that, when a transaction has been reported back to a user as complete, the resultant changes to the database will survive subsequent hardware or software failures.

 

 

QUESTION 433

The most common reason for the failure of information systems to meet the needs of users is that:

 

A.

user needs are constantly changing.

B.

the growth of user requirements was forecast inaccurately.

C.

the hardware system limits the number of concurrent users.

D.

user participation in defining the system’s requirements was inadequate.

 

Correct Answer: D

Explanation:

Lack of adequate user involvement, especially in the system’s requirements phase, will usually result in a system that does not fully or adequately address the needs of the user. Only users can define what their needs are, and therefore what the system should accomplish.

 

 

QUESTION 434

During the system testing phase of an application development project the IS auditor should review the:

 

A.

conceptual design specifications.

B.

vendor contract.

C.

error reports.

D.

program change requests.

 

Correct Answer: C

Explanation:

Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in recognizing erroneous data and review the procedures for resolving errors. Aconceptual design specification is a document prepared during the requirements definition phase. A vendor contract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase.

 

 

QUESTION 435

When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

 

A.

not be concerned since there may be other compensating controls to mitigate the risks.

B.

ensure that overrides are automatically logged and subject to review.

C.

verify whether all such overrides are referred to senior management for approval.

D.

recommend that overrides not be permitted.

 

Correct Answer: B

Explanation:

If input procedures allow overrides of data validation and editing, automatic logging should occur. A management individual who did not initiate the override should review this log. An IS auditor should not assume that compensating controls exist. Aslong as the overrides are policy-compliant, there is no need for senior management approval or a blanket prohibition.

 

 

 

 

QUESTION 436

A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

 

A.

validation controls.

B.

internal credibility checks.

C.

clerical control procedures.

D.

automated systems balancing.

 

Correct Answer: D

Explanation:

Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction. Validation controls and internal credibility checksare certainly valid controls, but will not detect and report lost transactions. In addition, although a clerical procedure could be used to summarize and compare inputs and outputs, an automated process is less susceptible to error.

 

 

QUESTION 437

Which of the following should be included in a feasibility study for a project to implement an EDI process?

 

A.

The encryption algorithm format

B.

The detailed internal control procedures

C.

The necessary communication protocols

D.

The proposed trusted third-party agreement

 

Correct Answer: C

Explanation:

Encryption algorithms, third-party agreements and internal control procedures are too detailed for this phase. They would only be outlined and any cost or performance implications shown. The communications protocols must be included, as there may besignificant cost implications if new hardware and software are involved, and risk implications if the technology is new to the organization.

 

 

QUESTION 438

An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are inplace. The BEST response the auditor can make is to:

 

A.

review the integrity of system access controls.

B.

accept management’s statement that effective access controls are in place.

C.

stress the importance of having a system control framework in place.

D.

review the background checks of the accounts payable staff.

 

Correct Answer: C

Explanation:

Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time. Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed, intelligent design should permit additional detective and corrective controls to be established that don’t have high ongoing costs, e.g., automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective access controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive. The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur.

 

 

QUESTION 439

When using an integrated test facility (ITF), an IS auditor should ensure that:

 

A.

production data are used for testing.

B.

test data are isolated from production data.

C.

a test data generator is used.

D.

master files are updated with the test data.

 

Correct Answer: B

Explanation:

An integrated test facility (ITF) creates a fictitious file in the database, allowing for test transactions to be processed simultaneously with live datA. While this ensures that periodic testing does not require a separate test process, there is a need to isolate test data from production datA. An IS auditor is not required to use production data or a test data generator. Production master files should not be updated with test data.

 

 

QUESTION 440

Which of the following system and data conversion strategies provides the GREATEST redundancy?

 

A.

Direct cutover

B.

Pilot study

C.

Phased approach

D.

Parallel run

 

Correct Answer: D

Explanation:

Parallel runs are the safest-though the most expensive-approach, because both the old and new systems are run, thus incurring what might appear to be double costs. Direct cutover is actually quite risky, since it does not provide for a ‘shake down period’ nor does it provide an easy fallback option. Both a pilot study and a phased approach are performedincrementally, making rollback procedures difficult to execute.

 

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …