Download New Updated (July) Isaca CISA Actual Test 341-350

Ensurepass

 

QUESTION 341

The MOST likely effect of the lack of senior management commitment to IT strategic planning is:

 

A.

a lack of investment in technology.

B.

a lack of a methodology for systems development.

C.

technology not aligning with the organization’s objectives.

D.

an absence of control over technology contracts.

 

Correct Answer: C

Explanation:

A steering committee should exist to ensure that the IT strategies support the organization’s goals. The absence of an information technology committee or a committee not composed of senior managers would be an indication of a lack of top-level management commitment. This condition would increase the risk that IT
would not be aligned with the organization’s strategy.

 

 

QUESTION 342

Which of the following would BEST provide assurance of the integrity of new staff?

 

A.

Background screening

B.

References

C.

Bonding

D.

Qualifications listed on a resume

 

Correct Answer: A

Explanation:

A background screening is the primary method for assuring the integrit
y of a prospective staff member. References are important and would need to be verified, but they are not as reliable as background screening. Bonding is directed at due-diligencecompliance, not at integrity, and qualifications listed on a resume may not be accurate.

 

 

QUESTION 343

Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?

 

A.

Define a balanced scorecard (BSC) for measuring performance

B.

Consider user satisfaction in the key performance indicators (KPIs)

C.

Select projects according to business benefits and risks

D.

Modify the yearly process of defining the project portfolio

 

Correct Answer: C

< font style="font-size: 10pt" color="#000000">Explanation:

Prioritization of projects on the basis of their expected benefit(s) to business, and the related risks, is the best measure for achieving alignment of the project portfolio to an organization’s strategic priorities. Modifying the yearly process of the projects portfolio definition might improve the situation, but only if the portfolio definition process is currently not tied to the definition of corporate strategies; however, this is unlikely since the difficulties are in maintaining the alignment, and not in setting it up initially. Measures such as balanced scorecard (BSC) and key performance indicators (KPIs) are helpful, but they do not guarantee that the projects are aligned with business strategy.

 

 

QUESTION 344

Which of the following is normally a responsibility of the chief security officer (CSO)?

 

A.

Periodically reviewing and evaluating the security policy

B.

Executing user application and software testing and evaluation

C.

Granting and revoking user access to IT resources

D.

Approving access to data and applications

 

Correct Answer: A

Explanation:

The role of a chief security officer (CSO) is to ensure that the corporate security policy and controls are adequate to prevent unauthorized access to the company assets, including data, programs and equipment. User application and other software testing and evaluation normally are the responsibility of the staff assigned to development and maintenance. Granting and revoking access to IT resources is usually a function of network or database administrators. Approval of access to data and applications is the duty of the data owner.

 

QUESTION 345

The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

 

A.

alignment of the IT activities with IS audit recommendations.

B.

enforcement of the management of security risks.

C.

implementation of the chief information security officer’s (CISO) recommendations.

D.

reduction of the cost for IT security.

 

Correct Answer: B

Explanation:

The major benefit of implementing a security program is management’s assessment of risk and its mitigation to an appropriate level of risk, and the monitoring of the remaining residual risks. Recommendations, visions and objectives of the auditor and the chief information security officer (CISO) are usually included within a security program, but they would not be the major benefit. The cost of IT security may or may not be reduced.

 

 

QUESTION 346

Which of the following should be included in an organization’s IS security policy?

 

A.

A list of key IT resources to be secured

B.

The basis for access authorization

C.

Identity of sensitive security features

D.

Relevant software security features

 

Correct Answer: B

Explanation:

The security policy provides the broad framework of security, as laid down and approved by senior management. It includes a definition of those authorized to grant access and the basis for granting the access. Choices A, B and C are more detailed than that which should be included in a policy.

 

 

QUESTION 347

What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

 

A.

Repeatable but Intuitive

B.

Defined

C.

Managed and Measurable

D.

Optimized

 

Correct Answer: B

Explanation:

Defined (level 3) is the lowest level at which an IT balanced scorecard is defined.

 

 

QUESTION 348

The rate of change in technology increases the importance of:

 

A.

outsourcing the IS function.

B.

implementing and enforcing good processes.

C.

hiring personnel willing to make a career within the organization.

D.

meeting user requirements.

 

Correct Answer: B

Explanation:

Change requires that good change management processes be implemented and enforced. Outsourcing the IS function is not directly related to the rate of technological change. Personnel in a typical IS department are highly qualified and educated; usually they do not feel their jobs are at risk and are prepared to switch jobs frequently. Although meeting user requirements is important, it is not directly related to the rate of technological change in the IS environment.

 

 

QUESTION 349

Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?

 

A.

Time zone differences could impede communications between IT teams.

B.

Telecommunications cost could be much higher in the first year.

C.

Privacy laws could prevent cross-border flow of information.

D.

Software development may require more detailed specifications.

 

Correct Answer: C

Explanation:

Privacy laws prohibiting the cross-border flow of personally identifiable information would make it impossible to locate a data warehouse containing customer information in another country. Time zone differences and higher telecommunications costs are more manageable. Software development typically requires more detailed specifications when dealing with offshore operations.

 

 

QUESTION 350

IT governance is PRIMARILY the responsibility of the:

 

A.

chief executive officer.

B.

board of directors.

C.

IT steering committee.

D.

audit committee.

 

Correct Answer: B

Explanation:

IT governance is primarily the responsibility of the executives and shareholders {as represented by the board of directors). The chief executive officer is instrumental in implementing IT governance per the directions of the board of directors. The IT steering committee monitors and facilitates deployment of IT resources for specific projects in support of business plans. The audit committee reports to the board of directors and should monitor the implementation of audit recommendations.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.