Download New Updated (July) Isaca CISA Actual Test 551-560

Ensurepass

 

QUESTION 551

When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:

 

A.

excessive transaction turnaround time.

B.

application interface failure.

C.

improper transaction authorization.

D.

nonvalidated batch totals.

 

Correct Answer: C

Explanation:

Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not assignificant.

 

 

QUESTION 552

A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should:

 

A.

recommend that the project be halted until the issues are resolved.

B.

recommend that compensating controls be implemented.

C.

evaluate risks associated with the unresolved issues.

D.

recommend that the project manager reallocate test resources to resolve the issues.

 

Correct Answer: C

Explanation:


It is important to evaluate what the exposure would be when audit recommendations have not been completed by the target date. Based on the evaluation, management can accordingly consider compensating controls, risk acceptance, etc. All other choicesmight be appropriate only after the risks have been assessed.

 

 

QUESTION 553

Which of the following situations would increase the likelihood of fraud?

 

A.

Application programmers are implementing changes to production programs.

B.

Application programmers are implementing changes to test programs.

C.

Operations support staff are implementing changes to batch schedules.

D.

Database administrators are implementing changes to data structures.

 

Correct Answer: A

Explanation:

Production programs are used for processing an enterprise’s datA. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data.Application programmers are required to implement changes to test programs. These are used only in development and do not directly impact the live processing of datA. The implementation of changes to batch schedules by operations support staff willaffect the scheduling of the batches only; it does not impact the live datA. Database administrators are required to implement changes to data structures. This is required for reorganization of the database to allow for additions, modifications or deletions of fields or tables in the database.

 

 

QUESTION 554

Which of the following is a characteristic of timebox management?

 

A.

Not suitable for prototyping or rapid application development (RAD)

B.

Eliminates the need for a quality process

C.

Prevents cost overruns and delivery delays

D.

Separates system and user acceptance testing

 

Correct Answer: C

Explanation:

Timebox management, by its nature, sets specific time and cost boundaries. It is very suitable for prototyping and RAD, and integrates system and user acceptance testing, but does not eliminate the need for a quality process.

 

 

QUESTION 555

While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:

 

A.

effectiveness of the QA function because it should interact between project management and user management

B.

efficiency of the QA function because it should interact with the project implementation team.

C.

effectiveness of the project manager because the project manager should interact with the QA function.

D.

efficiency of the project manager because the QA function will need to communicate with the project implementation team.

 

Correct Answer: A

Explanation:

To be effective the quality assurance (QA) function should be independent of project management. The QA function should never interact with the project implementation team since this can impact effectiveness. The project manager does not interact with the QA function, which should not impact the effectiveness of the project manager. The QA function does not interact with the project implementation team, which should not impact the efficiency of the project manager.

 

 

QUESTION 556

Which of the following is an implementation risk within the process of decision support systems?

 

A.

Management control

B.

Semistructured dimensions

C.

inability to specify purpose and usage patterns

D.

Changes in decision processes

 

Correct Answer: C

Explanation:

The inability to specify purpose and usage patterns is a risk that developers need to anticipate while implementing a decision support system (DSS). Choices A, B and D are not risks, but characteristics of a DSS.

 

 

QUESTION 557

Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

 

A.

Check digit

B.

Existence check

C.

Completeness check

D.

Reasonableness check

 

Correct Answer: C

Explanation:

A completeness check is used to determine if a field contains data and not zeros or blanks. A check digit is a digit calculated mathematically to ensure original data were not altered. An existence check also checks entered data for agreement to predetermined criteriA. A reasonableness check matches input to predetermined reasonable limits or occurrence rates.

 

 

QUESTION 558

When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?

 

A.

The project budget

B.

The critical path for the project

C.

The length of the remaining tasks

D.

The personnel assigned to other tasks

 

Correct Answer: B

Explanation:

Since adding resources may change the route of the critical path, the critical path must be reevaluated to ensure that additional resources will in fact shorten the project duration.

Given that there may be slack time available on some of the other tasks not on the critical path, factors such as the project budget, the length of other tasks and the personnel assigned to them may or may not be affected.

 

 

QUESTION 559

During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:

 

A.

test data covering critical applications.

B.

detailed test plans.

C.

quality assurance test specifications.

D.

user acceptance testing specifications.

 

Correct Answer: D

Explanation:

A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user. The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase.

 

 

QUESTION 560

An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?

 

A.

Consider feasibility of a separate user acceptance environment

B.

Schedule user testing to occur at a given time each day

C.

implement a source code version control tool

D.

Only retest high priority defects

 

Correct Answer: A

Explanation:

A separate environment or environments is normally necessary for testing to be efficient and effective, and to ensure the integrity of production code, it is important that the development and testing code base be separate. When defects are identified they can be fixed in the development environment, without interrupting testing, before being migrated in a controlled manner to the test environment. A separate test environment can also be used as the final staging area from which code is migratedto production. This enforces a separation between development and production code. The logistics of setting up and refreshing customized test data is easier if a separate environment is maintained. If developers and testers are sharing the same environment, they have to work effectively at separate times of the day. It is unlikely that this would provide optimum productivity. Use of a source code control tool is a good practice, but it does not properly mitigate the lack of an appropriate testing environment. Even low priority fixes run the risk of introducing unintended results when combined with the rest of the system code. To prevent this, regular regression testing covering all code changes should occur. A separate test environment makes the logistics of regression testing easier to manage.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.