Download New Updated (July) Isaca CISA Actual Test 461-470

Ensurepass

 

QUESTION 461

By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:

 

A.

reliable products are guaranteed.

B.

programmers’ efficiency is improved.

C.

security requirements are designed.

D.

predictable software processes are followed.

 

Correct Answer: D

Explanation:

By evaluating the organization’s development projects against the CMM, an IS auditor determines whether the development organization follows a stable, predictable software process. Although the likelihood of success should increase as the software processes mature toward the optimizing level, mature processes do n
ot guarantee a reliable product. CMM does not evaluate technical processes such as programming nor does it evaluate security requirements or other application controls.

 

 

QUESTION 462

Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?

 

A.

Accuracy of the source data

B.

Credibility of the data source

C.

Accuracy of the extraction process

D.

Accuracy of the data transformation

 

Correct Answer: A

Explanation:

Accuracy of source data is a prerequisite for the quality of the data in a data warehouse. Credibility of the data source, accurate extraction processes and accurate transformation routines are all important, but would not change inaccurate data intoquality (accurate) data.

 

 

QUESTION 463

The GREATEST benefit in implementing an expert system is the:

 

A.

capturing of the knowledge and experience of individuals in an organization.

B.

sharing of knowledge in a central repository.

C.

enhancement of personnel productivity and performance.

D.

reduction of employee turnover in key departments.

 

Correct Answer: A

Explanation:

The basis for an expert system is the capture and recording of the knowledge and experience of individuals in an organization. Coding and entering the knowledge in a central repository, shareable within the enterprise, is a means of facilitating the expert system. Enhancing personnel productivity and performance is a benefit; however, it is not as important as capturing the knowledge and experience. Employee turnover is not necessarily affected by an expert system.

 

 

QUESTION 464

An advantage in using a bottom-up vs. a top-down approach to software testing is that:

 

A.

interface errors are detected earlier.

B.

confidence in the system is achieved earlier.

C.

errors in critical modules are detected earlier.

D.

major functions and processing are tested earlier.

 

Correct Answer: C

Explanation:

The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that there is no need for stubs or drivers and errors in critical modules are found earlier. The other choices in this question all refer to advantages of a top-down approach, which follows the opposite path, either in depth-first or breadth-first search order.

 

 

QUESTION 465

A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?

 

A.

Key verification

B.

One-for-one checking

C.

Manual recalculations

D.

Functional acknowledgements

Correct Answer: D

Explanation:

Acting as an audit trail for EDI transactions, functional acknowledgements are one of the main controls used in data mapping. All the other choices are manual input controls, whereas data mapping deals with automatic integration of data in the receiving company.

 

 

QUESTION 466

The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:

 

A.

integrity.

B.

authenticity.

C.

authorization.

D.

nonrepudiation.

 

Correct Answer: A

Explanation:

A checksum calculated on an amount field and included in the EDI communication can be used to identify unauthorized modifications. Authenticity and authorization cannot be established by a checksum alone and need other controls. Nonrepudiation can beensured by using digital signatures.

 

 

QUESTION 467

During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:

 

A.

review access control configuration.

B.

evaluate interface testing.

C.

review detailed design documentation.

D.

evaluate system testing.

 

Correct Answer: A

Explanation:

Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, onewould not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.

 

 

QUESTION 468

Information for detecting unauthorized input from a terminal would be BEST provided by the:

 

A.

console log printout.

B.

transaction journal.

C.

automated suspense file listing.

D.

user error report.

 

Correct Answer: B

Explanation:

The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input. A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error occurred, while the user error report would only list input that resulted in an edit error.

 

 

QUESTION 469

At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

 

A.

report the error as a finding and leave further exploration to the auditee’s discretion.

B.

attempt to resolve the error.

C.

recommend that problem resolution be escalated.

D.

ignore the error, as it is not possible to get objective evidence for the software error.

 

Correct Answer: C

Explanation:

When an IS auditor observes such conditions, it is best to fully apprise the auditee and suggest that further problem resolutions be attempted. Recording it as a minor error and leaving it to the auditee’s discretion would be inappropriate, and neglecting the error would indicate that the auditor has not taken steps to further probe the issue to its logical end.

 

 

QUESTION 470

Which of the following is an advantage of prototyping?

 

A.

The finished system normally has strong internal controls.

B.

Prototype systems can provide significant time and cost savings.

C.

Change control is often less complicated with prototype systems.

D.

it ensures that functions or extras are not added to the intended system.

 

Correct Answer: B

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …