Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 781:

  A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following would be the MOST appropriate course of action for the senior auditor?

  A. Approve the work papers as written
  B. Refer the issue to the audit director
  C. Have the finding reinstated
  D. Ask the auditee to retest
  C. Have the finding reinstated

  ---

  Explanation

• Question 782:

  The PRIMARY goal of capacity management is to:

  A. minimize data storage needs across the organization.
  B. provide necessary IT resources to meet business requirements.
  C. minimize system idle time to optimize cost.
  D. ensure that IT teams have sufficient personnel.
  B. provide necessary IT resources to meet business requirements.

  ---

  Explanation

• Question 783:

  An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?

  A. Project management
  B. Risk assessment results
  C. IT governance framework
  D. Portfolio management
  D. Portfolio management

  ---

  Explanation

  The most helpful tool in matching demand for projects and services with available resources in a way that supports business objectives is portfolio management. Portfolio management is the process of selecting, prioritizing, balancing and aligning IT projects and services with the strategic goals and value proposition of the organization3. Portfolio management helps the IT organization to allocate resources efficiently and effectively, to deliver value to the business units, and to align IT initiatives with business strategies. Project management, risk assessment results and IT governance framework are also important tools, but they are not as helpful as portfolio management in matching demand and supply of IT projects and services.

  References: CISA Review Manual, 27th Edition, page 721 CISA Review Questions, Answers and Explanations Database - 12 Month Subscription

• Question 784:

  Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

  A. Limit check
  B. Parity check
  C. Reasonableness check
  D. Validity check
  D. Validity check

  ---

  Explanation

  The most likely application input control that would detect data input errors in the customer account number field during the processing of an accounts receivable transaction is a validity check. A validity check is a type of application control that verifies whether the data entered in an application matches a predefined set of values or criteria1. For example, a validity check can compare the customer account number entered by the user with a list of existing customer account numbers stored in a database, and reject any input that does not match any of the valid values2. The other options are not as likely to detect data input errors in the customer account number field, because they do not compare the input with a predefined set of values or criteria. A limit check is a type of application control that verifies whether the data entered in an application falls within a specified range or limit1. For example, a limit check can ensure that the amount entered for an invoice does not exceed a certain maximum value2. A parity check is a type of application control that verifies whether the data entered in an application has an even or odd number of bits1. For example, a parity check can detect transmission errors in binary data by adding an extra bit to the data and checking whether the number of bits is consistent3. A reasonableness check is a type of application control that verifies whether the data entered in an application is logical or sensible based on other related data or information1. For example, a reasonableness check can ensure that the date entered for an order is not in the future or before the date of creation of the customer account2.

  References: What are application controls? Definition, examples and best practices1 General Control Vs Application Control: Key Differences and Example ...4 Parity Check - an overview | ScienceDirect Topics

• Question 785:

  Which of the following is MOST helpful in identifying system performance constraints?

  A. Security logs
  B. Directory service logs
  C. Proxy logs
  D. Operational logs
  D. Operational logs

  ---

  Explanation

• Question 786:

  Which of the following BEST addresses the availability of an online store?

  A. RAID level 5 storage devices
  B. Online backups
  C. A mirrored site at another location
  D. Clustered architecture
  C. A mirrored site at another location

  ---

  Explanation

  The primary benefit of automating application testing is to provide test consistency. Automated testing can ensure that the same test cases are executed in the same manner and order every time, which can improve the reliability and accuracy of the test results. Providing more flexibility, replacing all manual test processes, and reducing the time to review code are possible benefits of automating application testing, but they are not the primary benefit.

  References: ISACA, CISA Review Manual, 27th Edition, 2020, p. 3091 ISACA, CISA Review Questions, Answers and Explanations Database - 12 Month Subscription

• Question 787:

  An IS auditor is tasked to review an organization's plan-do-check-act (PDCA) method for improving IT-related processes and wants to determine the accuracy of defined targets to be achieved. Which of the following steps in the PDCA process should the auditor PRIMARILY focus on in this situation?

  A. Check
  B. Plan
  C. Do
  D. Act
  B. Plan

  ---

  Explanation

  In the PDCA cycle, the "Plan" phase is where targets and objectives are defined. Focusing on this phase allows the auditor to evaluate the accuracy and appropriateness of the defined targets before they are implemented and measured in

  subsequent phases.

  References:

  ISACA CISA Review Manual 27th Edition, Page 315-316 (PDCA Cycle)

• Question 788:

  Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?

  A. An increase in inherent vulnerability
  B. An increase in residual risk
  C. An increase in the potential for data leakage
  D. An increase in the number of e-discovery requests
  C. An increase in the potential for data leakage

  ---

  Explanation

• Question 789:

  Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of it's internals?

  A. Black-box testing
  B. Parallel Test
  C. Regression Testing
  D. Pilot Testing
  A. Black-box testing

  ---

  Explanation

  Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings (see white-box testing). This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well.

  For your exam you should know the information below:

  Alpha and Beta Testing - An alpha version is early version is an early version of the application system submitted to the internal user for testing. The alpha version may not contain all the features planned for the final version. Typically, software goes to two stages testing before it consider finished. The first stage is called alpha testing is often performed only by the user within the organization developing the software. The second stage is called beta testing, a form of user acceptance testing, generally involves a limited number of external users. Beta testing is the last stage of testing, and normally involves real world exposure, sending the beta version of the product to independent beta test sites or offering it free to interested user.

  Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests ?usually over interim platform and with only basic functionalities.

  White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in determining procedural accuracy or conditions of a program's specific logic path. However, testing all possible logical path in large information system is not feasible and would be cost prohibitive, and therefore is used on selective basis only.

  Black Box Testing - An integrity based form of testing associated with testing components of an information system's "functional" operating effectiveness without regards to any specific internal program structure. Applicable to integration and user acceptance testing.

  Function/validation testing ?It is similar to system testing but it is often used to test the functionality of the system against the detailed requirements to ensure that the software that has been built is traceable to customer requirements.

  Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be same as original data.

  Parallel Testing - This is the process of feeding test data into two systems ?the modified system and an alternative system and comparing the result.

  Sociability Testing -The purpose of these tests is to confirm that new or modified system can operate in its target environment without adversely impacting existing system. This should cover not only platform that will perform primary application processing and interface with other system but, in a client server and web development, changes to the desktop environment. Multiple application may run on the user's desktop, potentially simultaneously, so it is important to test the impact of installing new dynamic link libraries (DLLs), making operating system registry or configuration file modification, and possibly extra memory utilization.

  The following answers are incorrect:

  Parallel Testing - This is the process of feeding test data into two systems ?the modified system and an alternative system and comparing the result.

  Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be same as original data.

  Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests ?usually over interim platform and with only basic functionalities

  CISA review manual 2014 Page number 167 Official ISC2 guide to CISSP CBK 3rd Edition Page number 176

• Question 790:

  An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is the manager's BEST response to this situation?

  A. Notify the audit committee of the situation.
  B. Escalate the situation to senior audit leadership.
  C. Determine whether audit evidence supports audit conclusions.
  D. Discuss with the audit team to understand how conclusions were reached.
  A. Notify the audit committee of the situation.

  ---

  Explanation