Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1571:

  During an audit of information security procedures of a large retailer's online store, an IS auditor notes that operating system (OS) patches are automatically deployed upon release. Which of the following should be of GREATEST concern to the auditor?

  A. Patches are in conflict with current licensing agreements.
  B. Patches are pushed from the vendor increasing Internet traffic.
  C. Patches are not reflected in the configuration management database.
  D. Patches are not tested before installation on critical servers.
  D. Patches are not tested before installation on critical servers.

  ---

  Explanation

• Question 1572:

  Which of the following is the PRIMARY benefit of implementing an IT capacity management process?

  A. Ensuring infrastructure meets current performance requirements
  B. Enabling rapid deployment of new software applications
  C. Helping resolve significant security concerns
  D. Reducing the cost and time to implement IT services
  A. Ensuring infrastructure meets current performance requirements

  ---

  Explanation

  Explanation

• Question 1573:

  An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?

  A. Decreased mean time between failures (MTBF)
  B. Degradation of services
  C. Limited tolerance for damage
  D. Single point of failure
  D. Single point of failure

  ---

  Explanation

• Question 1574:

  The record-locking option of a database management system (DBMS) serves to.

  A. eliminate the risk of concurrent updates to a record
  B. allow database administrators (DBAs) to record the activities of users.
  C. restrict users from changing certain values within records.
  D. allow users to lock others out of their files.
  A. eliminate the risk of concurrent updates to a record

  ---

  Explanation

  The record-locking option of a database management system (DBMS) serves to eliminate the risk of concurrent updates to a record by different users or transactions. Record locking is a technique of preventing simultaneous access to data in a database, to prevent inconsistent results1. For example, if two bank clerks try to update the same bank account for two different transactions, record locking can ensure that only one clerk can modify the record at a time, while the other has to wait until the lock is released. This way, the record will reflect both transactions correctly and avoid data corruption. Record locking does not serve to allow database administrators (DBAs) to record the activities of users. This is a function of auditing or logging, which can track the actions performed by users on the database2. Record locking does not affect the ability of DBAs to monitor or audit user activities. Record locking does not serve to restrict users from changing certain values within records. This is a function of access control or authorization, which can enforce rules or policies on what data users can view or modify2. Record locking does not affect the permissions or privileges of users on the database. Record locking does not serve to allow users to lock others out of their files. This is a function of encryption or password protection, which can secure files from unauthorized access or modification3. Record locking does not affect the security or confidentiality of files on the database.

• Question 1575:

  An IS auditor finds that a mortgage origination team receives customer mortgage applications via a shared repository. Which of the following test procedures is the BEST way to assess whether there are adequate privacy controls over this process?

  A. Validate whether the encryption is compliant with the organization's requirements.
  B. Validate that data is entered accurately and timely.
  C. Validate whether documents are deleted according to data retention procedures.
  D. Validate whether complex passwords are required.
  A. Validate whether the encryption is compliant with the organization's requirements.

  ---

  Explanation

• Question 1576:

  A financial institution has a system interface that is used by its branches to obtain applicable currency exchange rates when processing transactions Which of the following should be the PRIMARY control objective for maintaining the security of the system interface?

  A. Preventing unauthorized access to the data via malicious activity
  B. Preventing unauthorized access to the data via interception
  C. Ensuring the integrity of the data being transferred
  D. Ensuring the availability of the data being transferred
  C. Ensuring the integrity of the data being transferred

  ---

  Explanation

• Question 1577:

  Which of the following roles is PRIMARILY responsible for mitigating the risk of benefits not being realized in an IT project?

  A. Project sponsor
  B. Project manager
  C. Quality assurance (QA) manager
  D. Chief risk officer (CRO)
  A. Project sponsor

  ---

  Explanation

• Question 1578:

  Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

  A. Assurance that the new system meets functional requirements
  B. More time for users to complete training for the new system
  C. Significant cost savings over other system implemental or approaches
  D. Assurance that the new system meets performance requirements
  D. Assurance that the new system meets performance requirements

  ---

  Explanation

  Parallel processing is a system implementation approach that involves running the new system and the old system simultaneously for a period of time until the new system is verified and accepted. The primary advantage of parallel processing is that it provides assurance that the new system meets performance requirements and produces the same or better results as the old system. Parallel processing also minimizes the risk of system failure and data loss, as the old system can be used as a backup or fallback option in case of any problems with the new system.

• Question 1579:

  Which of the following control techniques BEST ensures the integrity of system interface transmissions?

  A. Validity check
  B. Completeness check
  C. Parity check
  D. Reasonableness check
  B. Completeness check

  ---

  Explanation

• Question 1580:

  Which of the following would an IS auditor consider to be the MOST significant risk associated with a project to reengineer a business process?

  A. The negative impact of change may not be documented.
  B. The project manager is inexperienced in information systems.
  C. Existing controls may be weakened or removed.
  D. Existing baseline processes may not be reported to management.
  C. Existing controls may be weakened or removed.

  ---

  Explanation