Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1511:

  Which of the following is an IS auditor's BEST guidance regarding the use of IT frameworks?

  A. To ensure consistency throughout the organization, management should adopt a single comprehensive framework.
  B. Frameworks provide standards that enable management to benchmark against peer organizations.
  C. Frameworks encourage efficiency, provide a way to measure effectiveness, and allow for improvements
  D. Industry-specific frameworks, when available, are preferred over the more generic comprehensive frameworks.
  C. Frameworks encourage efficiency, provide a way to measure effectiveness, and allow for improvements

  ---

  Explanation

• Question 1512:

  Which of the following property of the core date warehouse layer of an enterprise data flow architecture uses common attributes to access a cross section of an information in the warehouse?

  A. Drill up
  B. Drill down
  C. Drill across
  D. Historical Analysis
  C. Drill across

  ---

  Explanation

  Drill across ?Use common attributes to access a cross section of information in the warehouse such as sum sales across all product lines by customer and group of customers according to length of association with the company.

  For CISA exam you should know below information about business intelligence:

  Business intelligence(BI) is a broad field of IT encompasses the collection and analysis of information to assist decision making and assess organizational performance.

  To deliver effective BI, organizations need to design and implement a data architecture. The complete data architecture consists of two components

  The enterprise data flow architecture (EDFA) A logical data architecture

  Various layers/components of this data flow architecture are as follows:

  Presentation/desktop access layer ?This is where end users directly deal with information. This layer includes familiar desktop tools such as spreadsheets, direct querying tools, reporting and analysis suits offered by vendors such as Congas

  and business objects, and purpose built application such as balanced source cards and digital dashboards.

  Data Source Layer - Enterprise information derives from number of sources:

  Operational data ?Data captured and maintained by an organization's existing systems, and usually held in system-specific database or flat files. External Data ?Data provided to an organization by external sources. This could include data

  such as customer demographic and market share information.

  Nonoperational data ?Information needed by end user that is not currently maintained in a computer accessible format.

  Core data warehouse -This is where all the data of interest to an organization is captured and organized to assist reporting and analysis. DWs are normally instituted as large relational databases. A property constituted DW should support

  three basic form of an inquiry.

  Drilling up and drilling down ?Using dimension of interest to the business, it should be possible to aggregate data as well as drill down. Attributes available at the more granular levels of the warehouse can also be used to refine the analysis.

  Drill across ?Use common attributes to access a cross section of information in the warehouse such as sum sales across all product lines by customer and group of customers according to length of association with the company. Historical

  Analysis ?The warehouse should support this by holding historical, time variant data. An example of historical analysis would be to report monthly store sales and then repeat the analysis using only customer who were preexisting at the start

  of the year in order to separate the effective new customer from the ability to generate repeat business with existing customers.

  Data Mart Layer- Data mart represents subset of information from the core DW selected and organized to meet the needs of a particular business unit or business line. Data mart can be relational databases or some form on-line analytical

  processing (OLAP) data structure.

  Data Staging and quality layer -This layer is responsible for data copying, transformation into DW format and quality control. It is particularly important that only reliable data into core DW. This layer needs to be able to deal with problems

  periodically thrown by operational systems such as change to account number format and reuse of old accounts and customer numbers.

  Data Access Layer -This layer operates to connect the data storage and quality layer with data stores in the data source layer and, in the process, avoiding the need to know to know exactly how these data stores are organized. Technology

  now permits SQL access to data even if it is not stored in a relational database.

  Data Preparation layer -This layer is concerned with the assembly and preparation of data for loading into data marts. The usual practice is to per-calculate the values that are loaded into OLAP data repositories to increase access speed. Data mining is concern with exploring large volume of data to determine patterns and trends of information. Data mining often identifies patterns that are counterintuitive due to number and complexity of data relationships. Data quality needs to be very high to not corrupt the result.

  Metadata repository layer - Metadata are data about data. The information held in metadata layer needs to extend beyond data structure names and formats to provide detail on business purpose and context. The metadata layer should be

  comprehensive in scope, covering data as they flow between the various layers, including documenting transformation and validation rules.

  Warehouse Management Layer -The function of this layer is the scheduling of the tasks necessary to build and maintain the DW and populate data marts. This layer is also involved in administration of security.

  Application messaging layer -This layer is concerned with transporting information between the various layers. In addition to business data, this layer encompasses generation, storage and targeted communication of control messages.

  Internet/Intranet layer ?This layer is concerned with basic data communication. Included here are browser based user interface and TCP/IP networking.

  Various analysis models used by data architects/ analysis follows:

  Activity or swim-lane diagram ?De-construct business processes.

  Entity relationship diagram -Depict data entities and how they relate. These data analysis methods obviously play an important part in developing an enterprise data model. However, it is also crucial that knowledgeable business operative is

  involved in the process. This way proper understanding can be obtained of the business purpose and context of the data. This also mitigates the risk of replication of suboptimal data configuration from existing systems and database into DW.

  The following were incorrect answers:

  Drilling up and drilling down ?Using dimension of interest to the business, it should be possible to aggregate data as well as drill down. Attributes available at the more granular levels of the warehouse can also be used to refine the analysis.

  Historical Analysis ?The warehouse should support this by holding historical, time variant data. An example of historical analysis would be to report monthly store sales and then repeat the analysis using only customer who were preexisting at

  the start of the year in order to separate the effective new customer from the ability to generate repeat business with existing customers.

  CISA review manual 2014 Page number 188

• Question 1513:

  An organization using a cloud provider for its online billing system requires the website to be accessible to customers at all times. What is the BEST way to verify the organization's business requirements are met?

  A. Invoke the right-to-audit clause.
  B. Require the vendor to report any outages longer than five minutes
  C. Monitor the service level agreement (SLA) with the vendor.
  D. Agree on periodic performance discussions with the vendor
  C. Monitor the service level agreement (SLA) with the vendor.

  ---

  Explanation

  Explanation

• Question 1514:

  Hamid needs to shift users from using the application from the existing (Old) system to the replacing (new) system. His manager Lily has suggested he uses an approach in which the newer system is changed over from the older system on a cutoff date and time and the older system is discontinued once the changeover to the new system takes place. Which of the following changeover approach is suggested by Lily?

  A. Parallel changeover
  B. Phased changeover
  C. Abrupt changeover
  D. Pilot changeover
  C. Abrupt changeover

  ---

  Explanation

  In the abrupt changeover approach the newer system is changed over from the older system on a cutoff date and time, and the older system is discontinued once changeover to the new system takes place. Changeover refers to an approach to shift users from using the application from the existing (old) system to the replacing (new) system.

  Changeover to newer system involves four major steps or activities Conversion of files and programs; test running on test bed Installation of new hardware, operating system, application system and the migrated data. Training employees or user in groups Scheduling operations and test running for go-live or changeover

  Some of the risk areas related to changeover includes:

  Asset safeguarding Data integrity System effectiveness Change management challenges Duplicate or missing records

  The following were incorrect answers:

  Parallel changeover ?This technique includes running the old system, then running both the old and new systems in parallel and finally full changing over to the new system after gaining confidence in the working of new system.

  Phased Changeover -In this approach the older system is broken into deliverables modules. Initially, the first module of older system is phased out using the first module of a new system. Then, the second module of the newer system is phased out, using the second module of the newer system and so forth until reaching the last module.

  Pilot changeover ?Not a valid changeover type.

  CISA review manual 2014 Page number 172

• Question 1515:

  An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

  A. Assessment of the personnel training processes of the provider
  B. Adequacy of the service provider's insurance
  C. Review of performance against service level agreements (SLAs)
  D. Periodic audits of controls by an independent auditor
  C. Review of performance against service level agreements (SLAs)

  ---

  Explanation

  Reviewing the performance against service level agreements (SLAs) would best determine whether the service provider continues to meet the organization's objectives, as SLAs define the expected level of service, quality, availability, and responsibilities of both parties. Assessment of the personnel training processes of the provider, adequacy of the service provider's insurance, and periodic audits of controls by an independent auditor are important aspects of outsourcing, but they do not directly measure the performance of the service provider against the organization's objectives.

  References: CISA Review Manual (Digital Version), Chapter 3, Section 3.5.2

• Question 1516:

  Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?

  A. Integration testing
  B. Regression testing
  C. Automated testing
  D. User acceptance testing (UAT)
  C. Automated testing

  ---

  Explanation

  The best testing approach to facilitate rapid identification of application interface errors is automated testing. Automated testing is the use of software tools or scripts to execute predefined test cases, compare expected and actual outcomes,

  and report any discrepancies. Automated testing can help to speed up the testing process, increase test coverage, reduce human errors, and improve test accuracy and consistency. Automated testing can also help to detect interface errors

  that may occur due to incompatible data formats, communication protocols, or system configurations.

  References:

  CISA Review Manual (Digital Version), Chapter 3, Section 3.3.11 CISA Online Review Course, Domain 2, Module 2, Lesson 1

• Question 1517:

  Which of the following characteristics pertaining to databases is not true?

  A. A data model should exist and all entities should have a significant name.
  B. Justifications must exist for normalized data.
  C. No NULLs should be allowed for primary keys.
  D. All relations must have a specific cardinality.
  B. Justifications must exist for normalized data.

  ---

  Explanation

  Justifications should be provided when data is renormalized, not when it is normalized, because it introduces risk of data inconsistency. Renormalization is usually introduced for performance purposes.

  Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 108).

• Question 1518:

  An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

  A. Discovery sampling
  B. Judgmental sampling
  C. Variable sampling
  D. Stratified sampling
  A. Discovery sampling

  ---

  Explanation

  Discovery sampling is an appropriate sampling method for an IS auditor who intends to launch an intensive investigation if one exception is found. Discovery sampling is a type of attribute sampling that determines the sample size based on an acceptable risk of not finding at least one occurrence of an attribute when a given rate of occurrence exists in a population. Discovery sampling can be used by an IS auditor who wants to detect fraud or errors that have a low probability but high impact on an audit objective. The other options are not appropriate sampling methods for this purpose, as they may involve judgmental sampling, variable sampling, or stratified sampling.

  References: CISA Review Manual (Digital Version), Chapter 2, Section 2.31 CISA Review Questions, Answers and Explanations Database, Question ID 230

• Question 1519:

  A maturity model is useful in the assessment of IT service management because it:

  A. provides a benchmark for process improvement
  B. defines the level of control required to meet business needs
  C. indicates the service levels required for the business area
  D. specifies the mechanism needed to achieve defined service levels
  A. provides a benchmark for process improvement

  ---

  Explanation

• Question 1520:

  During the audit of an enterprise resource planning (ERP) system, an IS auditor found an applicationpatch was applied to the production environment. It is MOST important for the IS auditor to verify approval from the:

  A. information security officer.
  B. system administrator.
  C. information asset owner.
  D. project manager.
  D. project manager.

  ---

  Explanation