Download New Updated (July) Isaca CISA Actual Test 511-520

Ensurepass

 

QUESTION 511

An advantage of using sanitized live transactions in test data is that:

 

A.

all transaction types will be included.

B.

every error condition is likely to be tested.

C.

no special routines are required to assess the results.

D.

test transactions are representative of live processing.

 

Correct Answer: D

Explanation:

Test data will be representative of live processing; however, it is unlikely that all transaction types or error conditions will be tested in this way.

 

 

QUESTION 512

The editing/validation of data entered at a remote site would be performed MOST effectively at the:

 

A.

central processing site after running the application system.

B.

central processing site during the running of the application system.

C.

remote processing site after transmission of the data to the central processing site.

D.

remote processing site prior to transmission of the data to the central processing site.

 

Correct Answer: D

Explanation:

It is important that the data entered from a remote site
is edited and validated prior to transmission to the central processing site.

 

 

QUESTION 513

Ideally, stress testing should be carried out in a:

 

A.

test environment using test data.

B.

production environment using live workloads.

C.

test environment using live workloads.

D.

production environment using test data.

 

Correct Answer: C

Explanation:

Stress testing is carried out to ensure a system can cope with production workloads. A test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment (choices Band D), and if only test data is used, there is no certainty that the system was stress tested adequately.

 

 

QUESTION 514

When a new system is to be implemented within a short time frame, it is MOST important to:

 

A.

finish writing user manuals.

B.

perform user acceptance testing.

C.

add last-minute enhancements to functionalities.

D.

ensure that the code has been documented and reviewed.

 

Correct Answer: B

Explanation:

It would be most important to complete the user acceptance testing to ensure that the system to be implemented is working correctly. The completion of the user manuals is similar to the performance of code reviews. If time is tight, the last thing one would want to do is add another enhancement, as it would be necessary to freeze the code and complete the testing, then make any other changes as future enhancements. It would be appropriate to have the code documented and reviewed, but unless the acceptance testing is completed, there is no guarantee that the system will work correctly and meet user requirements.

 

 

QUESTION 515

Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?

 

A.

Function point analysis

B.

Critical path methodology

C.

Rapid application development

D.

Program evaluation review technique

 

Correct Answer: C

Explanation:

Rapid application development is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality. The program evaluation review technique (PERT) and critical path methodology (CPM) are both planning and control techniques, while function point analysis is used for estimating the complexity of developing business applications.

 

 

QUESTION 516

A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?

 

A.

The system will not process the change until the clerk’s manager confirms the change by entering an approval code.

B.

The system generates a weekly report listing all rate exceptions and the report is reviewed by the clerk’s manager.

C.

The system requires the clerk to enter an approval code.

D.

< span lang="EN-US" style="font-family: ; mso-font-kerning: 0pt; mso-no-proof: yes">The system displays a warning message to the clerk.

 

Correct Answer: A

Explanation:

Choice A would prevent or detect the use of an unauthorized interest rate. Choice B informs the manager after the fact that a change was made, thereby making it possible for transactions to use an unauthorized rate prior to management review. ChoicesC and D do not prevent the clerk from entering an unauthorized rate change.

 

 

 

QUESTION 517

Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?

 

A.

inheritance

B.

Dynamic warehousing

C.

Encapsulation

D.

Polymorphism

 

Correct Answer: C

Explanation:

Encapsulation is a property of objects, and it prevents accessing either properties or methods that have not been previously defined as public. This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only that which belongs to that interface can be accessed.

 

 

QUESTION 518

A legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?

 

A.

IS auditor

B.

Database administrator

C.

Project manager

D.

Data owner

 

Correct Answer: D

Explanation:

During the data conversion stage of a project, the data owner is primarily responsible for reviewing and signing-off that the data are migrated completely, accurately and are valid. An IS auditor is not responsible for reviewing and signing-off on the accuracy of the converted datA. However, an IS auditor should ensure that there is a review and sign-off by the data owner during the data conversion stage of the project. A database administrator’s primary responsibility is to maintain the integrity of the database and make the database available to users. A database administrator is not responsible for reviewing migrated datA. A project manager provides day-to-day management and leadership of the project, but is not responsible for the accuracy and integrity of the data.

 

 

QUESTION 519

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

 

A.

a clear business case has been approved by management.

B.

corporate security standards will be met.

C.

users will be involved in the implementation plan.

D.

the new system will meet all required user functionality.

 

Correct Answer: A

Explanation:

The first concern of an IS auditor should be to establish that the proposal meets the needs of the business, and this should be established by a clear business case. Although compliance with security standards is essential, as is meeting the needs ofthe users and having users involved in the implementation process, it is too early in the procurement process for these to be an IS auditor’s first concern.

 

 

QUESTION 520

An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

 

A.

Log all table update transactions.

B.

implement before-and-after image report
ing.

C.

Use tracing and tagging.

D.

implement integrity constraints in the database.

 

Correct Answer: D

Explanation:

Implementing integrity constraints in the database is a preventive control, because data is checked against predefined tables or rules preventing any undefined data from being entered. Logging all table update transactions and implementing before-and-after image reporting are detective controls that would not avoid the situation. Tracing and tagging are used to test application systems and controls and could not prevent out-of-range data.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.