Download New Updated (July) Isaca CISA Actual Test 501-510

Ensurepass

QUESTION 501

Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

 

A.

Bottom up

B.

Sociability testing

C.

Top-down

D.

System test

 

Correct Answer: C

Explanation:

The top-down approach to testing ensures that interface errors are detected early and that testing of major functions is conducted early. A bottom-up approach to testing begins with atomic units, such as programs and modules, and works upward until acomplete system test has taken place. Sociability testing and system tests take place at a later stage in the development process.

 

 

QUESTION 502

After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?

 

A.

Stress

B.

Black box

C.

Interface

D.

System

 

Correct Answer: D

Explanation:

Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.

 

 

QUESTION 503

Which of the following represents the GREATEST potential risk in an EDI environment?

 

A.

Transaction authorization

B.

Loss or duplication of EDI transmissions

C.

Transmission delay

D.

Deletion or manipulation of transactions prior to or after establishment of application controls

 

Correct Answer: A

Explanation:

Since the interaction between parties is electronic, there is no inherent authentication occurring; therefore, transaction authorization is the greatest risk. Choices B and D a
re examples of risks, but the impact is not as great as that of unauthorized transactions. Transmission delays may terminate the process or hold the line until the normal time for processing has elapsed; however, there will be no loss of data.

 

 

QUESTION 504

Which of the following is the GREATEST risk to the effectiveness of application system controls?

 

A.

Removal of manual processing steps

B.

inadequate procedure manuals

C.

Collusion between employees

D.

Unresolved regulatory compliance issues

 

Correct Answer: C

Explanation:

Collusion is an active attack that can be sustained and is difficult to identify since even well- thought-out application controls may be circumvented. The other choices do not impact well-designed application controls.

 

 

QUESTION 505

When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?

 

A.

Use of a cryptographic hashing algorithm

B.

Enciphering the message digest

C.

Deciphering the message digest

D.

A sequence number and time stamp

 

Correct Answer: D

Explanation:

When transmitting data, a sequence number and/or time stamp built into the message to make it unique can be checked by the recipient to ensure that the message was not intercepted and replayed. This is known as replay protection, and could be used toverify that a payment instruction was not duplicated. Use of a cryptographic hashing algorithm against the entire message helps achieve data integrity. Enciphering the message digest using the sender’s private key, which signs the sender’s digital signature to the document, helps in authenticating the transaction. When the message is deciphered by the receiver using the sender’s public key, it ensures that the message could only have come from the sender. This process of sender authentication achieves nonrepudiation.

 

 

QUESTION 506

The waterfall life cycle model of software development is most appropriately used when:

 

A.

requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.

B.

requirements are well understood and the project is subject to time pressures.

C.

the project intends to apply an object-oriented design and programming approach.

D.

the project will involve the use of new technology.

 

Correct Answer: A

Explanation:

Historically, the waterfall model has been best suited to the stable conditions described in choice

A.When the degree of uncertainty of the system to be delivered and the conditions in which it will be used rises, the waterfall model has not been successful, in these circumstances, the various forms of iterative development life cycle gives the advantage of breaking down the scope of the overall system to be delivered, making the requirements gathering and design activities more manageable. Theability to deliver working software earlier also acts to alleviate uncertainty and may allow an earlier realization of benefits. The choice of a design and programming approach is not itself a determining factor of the type of software development life cycle that is appropriate. The use of new technology in a project introduces a significant element of risk. An iterative form of development, particularly one of the agile methods that focuses on early development of actual working software, is likely to be the better option to manage this uncertainty.

 

 

QUESTION 507

An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

 

A.

a backup server be available to run ETCS operations with up-to-date data.

B.

a backup server be loaded with all the relevant software and data.

C.

the systems staff of the organization be trained to handle any event.

D.

source code of the ETCS application be placed in escrow.

 

Correct Answer: D

Explanation:

Whenever proprietary application software is purchased, the contract should provide for a source code agreement. This will ensure that the purchasing company will have the opportunity to modify the software should the vendor cease to be in business.Having a backup server with current data and staff training is critical but not as critical as ensuring the availability of the source code.

 

 

 

QUESTION 508

The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

 

A.

rules.

B.

decision trees.

C.

semantic nets.

D.

dataflow diagrams.

 

Correct Answer: B

Explanation:

Decision trees use questionnaires to lead a user through a series of choices until a conclusion is reached. Rules refer to the expression of declarative knowledge through the use of if-then relationships. Semantic nets consist of a graph in which nodes represent physical or conceptual objects and the arcs describe the relationship between the nodes. Semantic nets resemble a dataflow diagram and make use of an inheritance mechanism to prevent duplication of data.

 

 

QUESTION 509

During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

 

A.

buffer overflow.

B.

brute force attack.

C.

distributed denial-of-service attack.

D.

war dialing attack.

 

Correct Answer: A

Explanation:

Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute force attack is used to crack passwords. A distributed denial-of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.

 

 

QUESTION 510

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?

 

A.

Function point analysis

B.

PERT chart

C.

Rapid application development

D.

Object-oriented system development

 

Correct Answer: B

Explanation:

A PERT chart will help determine project duration once all the activities and the work involved with those activities are known. Function point analysis is a technique for determining the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries, logical internal files, etc. While this will help determine the size of individual activities, it will not assist in determining project duration since there are many overlapping tasks. Rapid application development is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality, while object-oriented system development is the process of solution specification and modeling.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.