Download New Updated (July) Isaca CISA Actual Test 221-230

Ensurepass

 

QUESTION 221

What type of BCP test uses actual resources to simulate a system crash and validate the plan’s effectiveness?

 

A.

Paper

B.

Preparedness

C.

Walk-through

D.

Parallel

 

Correct Answer: B

Explanation:

Of the three major types of BCP tests (paper, walk-through, and preparedness), only the preparedness test uses actual resources to simulate a system crash and validate the plan’s effectiveness.

 

 

QUESTION 222

Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?

 

A.

PERT

B.

Rapid application development (RAD)

C.

Function point analysis (FPA)

D.

GANTT

 

Correct Answer: B

Explanation:

Rapid application development (RAD) uses a prototype that can be updated continually to meet changing user or business requirements.

 

 

QUESTION 223

What are often the primary safeguards for systems software and data?

 

A.

Administrative access controls

B.

Logical access controls

C.

Physical access controls

D.

Detective access controls

 

Correct Answer: B

Explanation:

Logical access controls are often the primary safeguards for systems software and data.

 

 

QUESTION 224

When auditing third-party service providers, an IS auditor should be concerned with which of the following? Choose the BEST answer.

 

A.

Ownership of the programs and files

B.

A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

C.

A statement of due care

D.

Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster

 

Correct Answer: D

Explanation:

When auditing th
ird-party service providers, an auditor should be concerned with ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster.

 

 

QUESTION 225

Which of the following provides the BEST single-factor authentication?

 

A.

Biometrics

B.

Password

C.

Token

D.

PIN

 

Correct Answer: A

Explanation:

Although biometrics provides only single-factor authentication, many consider it to be an excellent method for user authentication.

 

 

QUESTION 226

Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource? Choose the BEST answer.

 

A.

Systems logs

B.

Access control lists (ACL)

C.

Application logs

D.

Error logs

 

Correct Answer: B

Explanation:

IS auditors should review access-control lists (ACL) to determine user permissions that have been granted for a particular resource.

 

 

QUESTION 227

When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?

 

A.

True

B.

False

 

Correct Answer: B

Explanation:

When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered.

 

 

QUESTION 228

What should an IS auditor do if he or she observes that project-approval procedures do not exist?

 

A.

Advise senior management to invest in project-management training for the staff

B.

Create project-approval procedures for future project implementations

C.

Assign project leaders

D.

Recommend to management that formal approval procedures be adopted and documented

 

Correct Answer: D

Explanation:

If an IS auditor observes that project-approval procedures do not exist, the IS auditor should recommend to management that formal approval procedures be adopted and documented.

 

 

QUESTION 229

A sequence of bits appended to a digital document that is used to secure an e-mail sent through the I
nternet is called a:

 

A.

digest signature.

B.

electronic signature.

C.

digital signature.

D.

hash signature.

 

Correct Answer: C

Explanation:

A digital signature through the private cryptographic key authenticates a transmission from a sender through the private cryptographic key. It is a string of bits that uniquely represent another string of bits, a digital document. An electronic signature refers to the string of bits that digitally represents a handwritten signature captured by a computer system when a human applies it on an electronic pen pad, connected to the system.

 

 

QUESTION 230

In an EDI process, the device which transmits and receives electronic documents is the:

 

A.

communications handler.

B.

EDI translator.

C.

application interface.

D.

EDI interface.

 

Correct Answer: A

Explanation:

A communications handler transmits and receives electronic documents between trading partners and/or wide area networks (WANs).

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.