Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 991:

  Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor s BEST recommendation for a compensating control?

  A. Restrict payment authorization to senior staff members
  B. Review payment transaction history.
  C. Require written authorization for all payment transactions.
  D. Reconcile payment transactions with invoices.
  C. Require written authorization for all payment transactions.

  ---

  Explanation

• Question 992:

  A checksum is classified as which type of control?

  A. Corrective control
  B. Administrative control
  C. Detective control
  D. Preventive control
  D. Preventive control

  ---

  Explanation

• Question 993:

  A transaction processing system interfaces with the general ledger. Data analytics has identified that some transactions are being recorded twice in the general ledger. While management states a system fix has been implemented, what should the IS auditor recommend to validate the interface is working in the future?

  A. Perform periodic reconciliations.
  B. Ensure system owner sign-off for the system fix.
  C. Conduct functional testing.
  D. Improve user acceptance testing (UAT).
  A. Perform periodic reconciliations.

  ---

  Explanation

  A transaction processing system (TPS) is a system that captures, processes, and stores data related to business transactions1. A general ledger is a system that records the financial transactions of an organization in different accounts2. An interface is a connection point between two systems that allows data exchange3. A system fix is a change or update to a system that resolves a problem or improves its functionality4. The IS auditor should recommend to perform periodic reconciliations to validate the interface between the TPS and the general ledger is working in the future. A reconciliation is a process of comparing and verifying the data in two systems to ensure accuracy and consistency1. By performing periodic reconciliations, the IS auditor can detect and correct any errors or discrepancies in the data, such as duplicate transactions, missing transactions, or incorrect amounts. This way, the IS auditor can ensure the reliability and integrity of the financial data in both systems. The other options are not as effective as periodic reconciliations to validate the interface. System owner sign-off for the system fix is a form of approval that indicates the system owner agrees with the change and its expected outcome4. However, this does not guarantee that the system fix will work as intended or prevent future errors. Conducting functional testing is a process of verifying that the system performs its intended functions correctly and meets its requirements. However, this is usually done before or after the system fix is implemented, not on an ongoing basis. Improving user acceptance testing (UAT) is a process of evaluating whether the system meets the needs and expectations of the end users4. However, this is also done before or after the system fix is implemented, not on an ongoing basis. Therefore, option A is the correct answer.

  References: Transaction Interface: Organization, Process, and System Validation of Interfaces - Ensuring Data Integrity and Quality across Systems Oracle Payments Implementation Guide Receiving Transactions Inserted Into Interface Table as BATCH And PENDING Are Not Processed By Receiving Transaction Processor What Is a Transaction Processing System (TPS)? (Plus Types)

• Question 994:

  Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?

  A. Improved disaster recovery
  B. Better utilization of resources
  C. Stronger data security
  D. Increased application performance
  B. Better utilization of resources

  ---

  Explanation

  Visualization technology is the use of software and hardware to create graphical representations of data, such as charts, graphs, maps, images, etc. Visualization technology can help users to understand, analyze, and communicate complex and large amounts of data in an intuitive and engaging way1. One of the primary advantages of using visualization technology for corporate applications is that it can improve the utilization of resources, such as time, money, human capital, and physical assets. Some of the ways that visualization technology can achieve this are: Visualization technology can help users to quickly and easily explore, filter, and interact with data, reducing the need for manual data processing and analysis1. This can save time and effort for both data producers and consumers, and allow them to focus on more value-added tasks. Visualization technology can help users to discover patterns, trends, outliers, correlations, and causations in data that may otherwise be hidden or overlooked in traditional reports or tables1. This can enable users to make better and faster decisions based on data-driven insights, and optimize their strategies and actions accordingly. Visualization technology can help users to communicate and share data more effectively and persuasively with different audiences, such as customers, partners, investors, regulators, etc1. This can enhance the reputation and credibility of the organization, and foster collaboration and innovation among stakeholders. Visualization technology can help users to monitor and measure the performance and impact of their activities, products, services, or processes1. This can help users to identify problems or opportunities for improvement, and adjust their plans or actions accordingly. Visualization technology can help users to create engaging and interactive experiences for their customers or end-users1. This can increase customer satisfaction and loyalty, and generate more revenue or value for the organization. Therefore, using visualization technology for corporate applications can help organizations to better utilize their resources and achieve their goals.

  References: ISACA, CISA Review Manual, 27th Edition, 2019 ISACA, CISA Review Questions, Answers and Explanations Database - 12 Month Subscription TechRadar Blog, Best data visualization tools of 20232 IBM Blog, What is Data Visualization?3 TDWI Blog, Data Visualization Technology4 Tableau Blog, What are the advantages and disadvantages of data visualization?

• Question 995:

  An organization is developing a web portal using some external components. Which of the following should be of MOST concern to an IS auditor?

  A. Some of the developers are located in another country.
  B. The organization has not reviewed the components for known exploits.
  C. Open-source components were integrated during development.
  D. Staff require additional training in order to perform cede review.
  B. The organization has not reviewed the components for known exploits.

  ---

  Explanation

• Question 996:

  During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?

  A. Perform substantive testing of terminated users' access rights.
  B. Perform a review of terminated users' account activity
  C. Communicate risks to the application owner.
  D. Conclude that IT general controls ate ineffective.
  B. Perform a review of terminated users' account activity

  ---

  Explanation

  The IS auditor's next step after determining that many terminated users' accounts were not disabled is to perform a review of terminated users' account activity. This means that the IS auditor should check whether any of the terminated users' accounts were accessed or used after their termination date, which could indicate unauthorized or fraudulent activity. The IS auditor should also assess the impact and risk of such activity on the confidentiality, integrity, and availability of IT resources and data. The other options are not as appropriate as performing a review of terminated users' account activity, as they do not provide sufficient evidence or assurance of the extent and effect of the problem.

  References: CISA Review Manual, 27th Edition, page 240

• Question 997:

  Which of the following technologies is BEST suited to fulfill a business requirement for nonrepudiation of business-to-business transactions with external parties without the need for a mutually trusted entity?

  A. Public key infrastructure (PKI)
  B. Blockchain distributed ledger
  C. Artificial intelligence (Al)
  D. Centralized ledger technology
  B. Blockchain distributed ledger

  ---

  Explanation

  Explanation

• Question 998:

  A staff accountant regularly uploads spreadsheets with inventory levels to the organization's financial reporting system. The transfers are executed through a customized interface created by an in-house developer. Which of the following is MOST important for the IS auditor to confirm during a review of the interface?

  A. The data in the spreadsheet is correctly recorded in the financial system.
  B. The financial system transfers are performed by the accountant at predefined intervals.
  C. The spreadsheets do not contain malware or malicious macros.
  D. The data transfer connection does not support full duplex communication.
  A. The data in the spreadsheet is correctly recorded in the financial system.

  ---

  Explanation

  Explanation

• Question 999:

  An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?

  A. Preserving the same data classifications
  B. Preserving the same data inputs
  C. Preserving the same data structure
  D. Preserving the same data interfaces
  C. Preserving the same data structure

  ---

  Explanation

  The most helpful thing to ensure the integrity of the system throughout the change when moving from one database management system (DBMS) to another is preserving the same data structure. A DBMS is a software system that manages and manipulates data stored in a database, such as creating, updating, querying, deleting, etc. A database is a collection of structured or organized data that can be accessed or manipulated by a DBMS. A data structure is a way of organizing or arranging data in a database, such as tables, columns, rows, keys, indexes, etc. Preserving the same data structure when moving from one DBMS to another can help ensure the integrity of the system throughout the change, by maintaining the consistency and accuracy of data in the database, and avoiding any errors or issues that may arise from incompatible or inconsistent data structures between different DBMSs. Preserving the same data classifications is a possible thing to ensure the integrity of the system throughout the change when moving from one DBMS to another, but it is not the most helpful one. Data classifications are categories or labels that define the level of sensitivity or importance of data in a database, such as public, confidential, secret, etc. Data classifications can help protect the security and privacy of data in the database by applying appropriate controls or restrictions on data access or use based on their classifications. Preserving the same data classifications when moving from one DBMS to another can help ensure the integrity of the system throughout the change by preventing unauthorized or inappropriate access or use of data in the database. However, this may not be directly related to the DBMS change, as it may apply to any data migration or transfer process. Preserving the same data inputs is a possible thing to ensure the integrity of the system throughout the change when moving from one DBMS to another, but it is not the most helpful one. Data inputs are sources or methods that provide data to a database, such as user inputs, sensors, files, etc. Data inputs can affect the quality and validity of data in the database by introducing errors or inconsistencies in data entry or collection. Preserving the same data inputs when moving from one DBMS to another can help ensure the integrity of the system throughout the change by reducing errors or inconsistencies in data input or collection.

• Question 1000:

  During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions. Implementing which of the following would have prevented this situation?

  A. Separation of duties
  B. Multi-factor authentication
  C. Least privilege access
  D. Privileged access reviews
  C. Least privilege access

  ---

  Explanation