Free ISACA CISA Übungsprüfungen - Seite 5 von 55

Question #41

An IS auditor is reviewing a decision to consolidate processing for multiple applications onto a single large server.

Which of the following is the MOST significant impact from this decision?

A . Higher operating system license fees
B . More applications affected by a server outage
C . Simplified asset management
D . Fewer application servers requiring vulnerability scans

Lösung einblenden Lösung ausblenden

Question #42

A bank performed minor changes to the interest calculation computer program.

Which of the following techniques would provide the STRONGEST evidence to determine whether the interest calculations are correct?

A . Source code review
B . Parallel simulation using audit software
C . Manual verification of a sample of the results
D . Review of the quality assurance (QA) test results

Lösung einblenden Lösung ausblenden

Question #43

The PRIMARY benefit of automating application testing is to:

A . provide test consistency.
B . provide more flexibility.
C . replace all manual test processes.
D . reduce the time to review code.

Lösung einblenden Lösung ausblenden

Question #44

Which of the following responses to risk associated with separation of duties would incur the LOWEST initial cost?

A . Risk mitigation
B . Risk acceptance
C . Risk transference
D . Risk reduction

Lösung einblenden Lösung ausblenden

Question #45

Which of the following constitutes an effective detective control in a distributed processing environment?

A . A log of privileged account use is reviewed.
B . A disaster recovery plan (DRP)4% in place for the entire system.
C . User IDs are suspended after three incorrect passwords have been entered.
D . Users are required to request additional access via an electronic mail system.

Lösung einblenden Lösung ausblenden

Question #46

During audit framework. an IS auditor teams that employees are allowed to connect their personal devices to company-owned computers.

How can the auditor BEST validate that appropriate security controls are in place to prevent data loss?

A . Conduct a walk-through to view results of an employee plugging in a device to transfer confidential data.
B . Review compliance with data loss and applicable mobile device user acceptance policies.
C . Verify the data loss prevention (DLP) tool is properly configured by the organization.
D . Verify employees have received appropriate mobile device security awareness training.

Lösung einblenden Lösung ausblenden

Question #47

Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

A . Interview the application developer.
B . Obtain management attestation and sign-off.
C . Review the application implementation documents.
D . Review system configuration parameters and output.

Lösung einblenden Lösung ausblenden

Richtige Antwort: C
C

Explanation:

Reviewing the application implementation documents is the best way for an IS auditor to assess the design of an automated application control. An automated application control is a control that is embedded in the application software and is executed by the system without human intervention. An automated application control is designed to ensure the accuracy, completeness, validity, and authorization of transactions and data processed by the application. Examples of automated application controls are input validation, edit checks, calculations, reconciliations, and exception reports.

The application implementation documents are the documents that describe the design specifications, logic, and functionality of the application and its controls. The application implementation documents may include:

Business requirements document – a document that defines the business objectives, needs, and expectations of the application.

Functional specifications document – a document that describes the features, functions, and interfaces of the application and its controls.

Technical specifications document – a document that details the technical architecture, design, and configuration of the application and its controls.

Test plan and test cases – a document that outlines the testing strategy, methodology, and scenarios for verifying the functionality and performance of the application and its controls.

User manual and training material – a document that provides instructions and guidance on how to use the application and its controls.

By reviewing the application implementation documents, an IS auditor can:

Gain an understanding of the purpose, scope, and nature of the application and its controls.

Evaluate whether the application and its controls are designed to meet the business requirements and objectives.

Identify any gaps, inconsistencies, or errors in the design of the application and its controls.

Compare the design of the application and its controls with the best practices and standards in the industry.

Determine whether the application and its controls are adequately tested and documented.

Interviewing the application developer is not the best way for an IS auditor to assess the design of an automated application control. An interview is a verbal communication technique that involves asking questions and listening to responses. An interview can be useful for obtaining general information or clarifying specific issues related to the application and its controls. However, an interview alone cannot provide sufficient evidence or documentation to support the auditor’s assessment of the design of an automated application control. An interview may also be subject to bias, misunderstanding, or misinterpretation by either party.

Obtaining management attestation and sign-off is not the best way for an IS auditor to assess the design of an automated application control. Management attestation and sign-off is a formal process that involves obtaining written confirmation from management that they have reviewed and approved the design of the application and its controls. Management attestation and sign-off can indicate management’s commitment and accountability for the quality and effectiveness of the application and its controls. However, management attestation and sign-off cannot substitute for an independent and objective evaluation by an IS auditor. Management attestation and sign-off may also be influenced by pressure, conflict of interest, or fraud.

Reviewing system configuration parameters and output is not the best way for an IS auditor to assess the design of an automated application control. System configuration parameters are settings that define how the system operates or interacts with other components. System output is data or information that is produced by the system as a result of processing transactions or performing functions. Reviewing system configuration parameters and output can help an IS auditor to verify whether the system is configured correctly and whether it produces accurate and reliable output. However, reviewing system configuration parameters and output cannot provide a comprehensive view of how the application and its controls are designed to achieve their objectives. Reviewing system configuration parameters and output may also require technical expertise or access rights that may not be available to an IS auditor.

Question #48

An IS auditor is reviewing an artificial intelligence (Al) and expert system application. The system has produced several critical errors with severe impact.

Which of the following should the IS auditor do NEXT to understand the cause of the errors?

A . Review the decision-making logic built into the system.
B . Interview the system owner.
C . Understand the purpose and functionality of the system.
D . Verify system adherence to corporate policy.

Lösung einblenden Lösung ausblenden

Question #49

Which of the following is the BEST way to ensure an organization’s data classification policies are preserved during the process of data transformation?

A . Map data classification controls to data sets.
B . Control access to extract, transform, and load (ETL) tools.
C . Conduct a data discovery exercise across all business applications.
D . Implement classification labels in metadata during data creation.

Lösung einblenden Lösung ausblenden

Question #50

Which of the following should be used to evaluate an IT development project before an investment is committed?

A . Earned value analysis (EVA)
B . Rapid application development
C . Function point analysis
D . Feasibility study

Lösung einblenden Lösung ausblenden