Download New Updated (July) Isaca CISA Actual Test 531-540

Ensurepass

 

QUESTION 531

A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor’s main concern about the new process?

 

A.

Whether key controls are in place to protect assets and information resources

B.

If the system addresses corporate customer requirements

C.

Whether the system can meet the performance goals (time and resources)

D.

Whether owners have been identified who will be responsible for the process

 

Correct Answer: A

Explanation:

The audit team must advocate the inclusion of the key controls and verify that the controls are in plac
e before implementing the new process. Choices B, C and D are objectives that the business process reengineering (BPR) process should achieve, butthey are not the auditor’s primary concern.

 

 

QUESTION 532

Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?

 

A.

Develop a baseline and monitor system usage.

B.

Define alternate processing procedures.

C.

Prepare the maintenance manual.

D.

implement the changes users have suggested.

 

Correct Answer: A

Explanation:

An IS auditor should recommend the development of a performance baseline and monitor the system’s performance, against the baseline, to develop empirical data upon which decisions for modifying the system can be made. Alternate processing proceduresand a maintenance manual will not alter a system’s performance. Implementing changes without knowledge of thecause(s)forthe perceived poor performance may not result in a more efficient system.

 

 

QUESTION 533

Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

 

A.

Intrusion detection systems

B.

Data mining techniques

C.

Firewalls

D.

Packet filtering routers

 

Correct Answer: B

Explanation:

Data mining is a technique used to detect trends or patterns of transactions or datA. If the historical pattern of charges against a credit card account is changed, then it is a flag that the transaction may have resulted from a fraudulent use of the card.

 

 

 

 

QUESTION 534

When implementing an application software package, which of the following presents the GREATEST risk?

 

A.

Uncontrolled multiple software versions

B.

Source programs that are not synchronized with object code

C.

incorrectly set parameters

D.

Programm
ing errors.

 

Correct Answer: C

Explanation:

Parameters that are not set correctly would be the greatest concern when implementing an application software package. The other choices, though important, are a concern of the provider, not the organization that is implementing the software itself.

 

 

QUESTION 535

Which of the following data validation edits is effective in detecting transposition and transcription errors?

 

A.

Range check

B.

Check digit

C.

Validity check

D.

Duplicate check

 

Correct Answer: B

Explanation:

A check digit is a numeric value that is calculated mathematically and is appended to data to ensure that the original data have not been altered, e.g., an incorrect, but valid, value substituted for the original. This control is effective in detecting transposition and transcription errors. A range check is checking data that matches a predetermined range of values. A validity check is programmed checking of the data validity in accordance with predetermined criteriA. In a duplicate check, newor fresh transactions are matched to those previously entered to ensure that they are not already in the system.

 

 

QUESTION 536

What process uses test data as part of a comprehensive test of program controls in a continuous online manner?

 

A.

Test data/deck

B.

Base-case system evaluation

C.

Integrated test facility (ITF)

D.

Parallel simulation

 

Correct Answer: B

Explanation:

A base-case system evaluation uses test data sets developed as part of comprehensive testing programs, it is used to verify correct systems operations before acceptance, as well as periodic validation. Test data/deck simulates transactions through real programs. An ITF creates fictitious files in the database with test transactions processed simultaneously with live input. Parallel simulation is the production of data processed using computer programs that simulate application program logic.

 

QUESTION 537

An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

 

A.

check to ensure that the type of transaction is valid for the card type.

B.

verify the format of the number entered then locate it on the database.

C.

ensure that the transaction entered is within the cardholder’s credit limit.

D.

confirm that the card is not shown as lost or stolen on the master file.

 

Correct Answer: B

Explanation:

The initial validation should confirm whether the card is valid. This validity is established through the card number and PIN entered by the user. Based on this initial validation, all other validations will proceed. A validation control in data capture will ensure that the data entered is valid (i.e., it can be processed by the system). If the data captured in the initial validation is not valid (if the card number or PIN do not match with the database), then the card will be rejected or captured per the controls in place. Once initial validation is completed, then other validations specific to the card and cardholder would be performed.

 

 

QUESTION 538

Which of the following would help to ensure the portability of an application connected to a database?

 

A.

Verification of database import and export procedures

B.

Usage of a structured query language (SQL)

C.

Analysis of stored procedures/triggers

D.

Synchronization of the entity-relation model with the database physical schema

 

Correct Answer: B

Explanation:

The use of SQL facilitates portability. Verification of import and export procedures with other systems ensures better interfacing with other systems, analyzing stored procedures/triggers ensures proper access/performance, and reviewing the design entity- relation model will be helpful, but none of these contribute to the portability of an application connecting to a database.

 

 

QUESTION 539

Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

 

A.

increase the time allocated for system testing

B.

implement formal software inspections

C.

increase the development staff

D.

Require the sign-off of all project deliverables

 

Correct Answer: B

Explanation:

Inspections of code and design are a proven software quality technique. An advantage of this approach is that defects are identified before they propagate through the development life cycle. This reduces the cost of correction as less rework is involved. Allowing more time for testing may discover more defects; however, little is revealed as to why the quality problems are occurring and the cost of the extra testing, and the cost of rectifying the defects found will be greater than if they had been discovered earlier in the development process. The ability of the development staff can have a bearing on the quality of what is produced; however, replacing staff can be expensive and disruptive, and the presence of a competent staff cannot guarantee quality in the absence of effective quality management processes. Sign-off of deliverables may help detect defects if signatories are diligent about reviewing deliverable content; however, this is difficult to enforce. Deliverable reviews normally do not go down to the same level of detail as software inspections.

 

 

QUESTION 540

The MAIN purpose of a transaction audit trail is to:

 

A.

reduce the use of storage media.

B.

determine accountability and responsibility for processed transactions.

C.

help an IS auditor trace transactions.

D.

provide useful information for capacity planning.

 

Correct Answer: B

Explanation:

Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used totrace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …