Download New Updated (July) Isaca CISA Actual Test 231-240

Ensurepass

QUESTION 231

Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

 

A.

True

B.

False

 

Correct Answer: B

Explanation:

Instead of simply reviewing the effectiveness and utilization of assets, an IS auditor is more concerned with adequate access control, appropriate access policies, and effectiveness of safeguards and procedures.

QUESTION 232

How is risk affected if users have direct access to a database at the system level?

 

A.

Risk of unauthorized access increases, but risk of untraceable changes to the database decreases.

B.

Risk of unauthorized and untraceable changes to the database increases.

C.

Risk of unauthorized access decreases, but risk of untraceable changes to the database increases.

D.

Risk of unauthorized and untraceable changes to the database decreases.

 

Correct Answer: B

Explanation:

If users have direct access to a database at the system level, risk of unauthorized and untraceable changes to the database increases.

 

 

QUESTION 233

Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

 

A.

Concurrency controls

B.

Reasonableness checks

C.

Time stamps

D.

Referential integrity controls

 

Correct Answer: C

Explanation:

Time stamps are an effective control for detecting duplicate transactions such as payments made or received.

 

 

QUESTION 234

A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:

 

A.

Identify high-risk areas that might need a detailed review later

B.

Reduce audit costs

C.

Reduce audit time

D.

Increase audit accuracy

 

Correct Answer: C

Explanation:

A primary benefit derived from an organization employing control self- assessment (CSA) techniques is that it can identify high-risk areas that might need a detailed review later.

 

 

QUESTION 235

Which of the following is the dominating objective of BCP and DRP?

 

A.

To protect human life

B.

To mitigate the risk and impact of a business interruption

C.

To eliminate the risk and impact of a business interruption

D.

To transfer the risk and impact of a business interruption

Correct Answer: A

Explanation:

Although the primary business objective of BCP and DRP is to mitigate the risk and impact of a business interruption, the dominating objective remains the protection of human life.

 

 

QUESTION 236

What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality? Choose the BEST answer.

 

A.

Rapid application development (RAD)

B.

GANTT

C.

PERT

D.

Decision trees

 

Correct Answer: A

Explanation:

Rapid application development (RAD) is used to develop strategically important systems faster, reduce development costs, and still maintain high quality.

 

 

QUESTION 237

A data administrator is responsible for:

 

A.

maintaining database system software.

B.

defining data elements, data names and their relationship.

C.

developing physical database structures.

D.

developing data dictionary system software.

 

Correct Answer: B

Explanation:

A data administrator is responsible for defining data elements, data names and their relationship. Choices A, C and D are functions of a database administrator (DBA)

 

 

QUESTION 238

A critical function of a firewall is to act as a:

 

A.

special router that connects the Internet to a LAN.

B.

device for preventing authorized users from accessing the LAN.

C.

server used to connect authorized users to private trusted network resources.

D.

proxy server to increase the speed of access to authorized users.

 

Correct Answer: B

Explanation:

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users of other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling the outside resources to which its own users have access. Basically, a firewall, working closely with a router program, filters all network packets to determine whether or not to forward them toward their destination. A firewall includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so no incoming request can get directed to private network resources.

QUESTION 239

What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

 

A.

Business risk

B.

Detection risk

C.

Residual risk

D.

Inherent risk

 

Correct Answer: B

Explanation:

Detection risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist.

 

 

QUESTION 240

The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:

 

A.

confirm that the auditors did not overlook any important issues.

B.

gain agreement on the findings.

C.

receive feedback on the adequacy of the audit procedures.

D.

test the structure of the final presentation.

 

Correct Answer: B

Explanation:

The primary purpose for meeting with auditees prior to formally closing a review is to gain agreement on the findings. The other choices, though related to the formal closure of an audit, are of secondary importance.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.