Isaca CISA Exam Prep, Prompt Updates Isaca CISA Exam Is Your Best Choice

There is No need to hassle if you are stuck in the Isaca CISA exam difficulties,Flydumps will assist you right through exam specific preparation material.Flydumps delivers the most comprehensive preparation material,covering each and every aspect of Isaca https://www.pass4itsure.com/CISA.html exam curriculum.

QUESTION 41
A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:
A. reasonableness check.
B. parity check.
C. redundancy check.
D. check digits. Correct Answer: C
Explanation Explanation/Reference:
Explanation:
A redundancy check detects transmission errors by appending calculated bits onto the end
of each segment of datA.
Incorrect answers:

A. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the datA.
B. A parity check is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission.
D. Check digits detect transposition and transcription errors.
QUESTION 42
What is the primary objective of a control self-assessment (CSA) program?
A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility Correct Answer: A
Explanation Explanation/Reference:
Audit responsibility enhancement is an objective of a control self-assessment (CSA) program.
QUESTION 43
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?
A. True
B. False Correct Answer: A
Explanation Explanation/Reference:
IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.
QUESTION 44
As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value.
B. Greater value.
C. Lesser value.
D. Prior audit reports are not relevant. Correct Answer: C
Explanation Explanation/Reference:
Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization’s IT process than evidence directly collected.
QUESTION 45
What is the PRIMARY purpose of audit trails?
A. To document auditing efforts
B. To correct data integrity errors
C. To establish accountability and responsibility for processed transactions
D. To prevent unauthorized access to data Correct Answer: C
Explanation Explanation/Reference:
The primary purpose of audit trails is to establish accountability and responsibility for processed transactions.
QUESTION 46
How does the process of systems auditing benefit from using a risk-based approach to audit planning?
A. Controls testing starts earlier.
B. Auditing resources are allocated to the areas of highest concern.
C. Auditing risk is reduced.
D. Controls testing is more thorough. Correct Answer: B
Explanation Explanation/Reference:
Allocation of auditing resources to the areas of highest concern is a benefit of a risk-based approach to audit planning.
QUESTION 47
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls Correct Answer: A
Explanation Explanation/Reference:
After an IS auditor has identified threats and potential impacts, the auditor should then identify and evaluate the existing controls.
QUESTION 48
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk Correct Answer: A
Explanation Explanation/Reference:
The use of statistical sampling procedures helps minimize detection risk.
QUESTION 49
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?
A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk Correct Answer: B
Explanation Explanation/Reference:
Detection risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist.
QUESTION 50
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:
A. Identify high-risk areas that might need a detailed review later
B. Reduce audit costs
C. Reduce audit time
D. Increase audit accuracy Correct Answer: C
Explanation Explanation/Reference:
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can identify high-risk areas that might need a detailed review later.
QUESTION 51
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated Correct Answer: B
Explanation Explanation/Reference:
A bottom-up approach to the development of organizational policies is often driven by risk assessment.
QUESTION 52
Who is accountable for maintaining appropriate security measures over information assets?
A. Data and systems owners
B. Data and systems users
C. Data and systems custodians
D. Data and systems auditors Correct Answer: A
Explanation Explanation/Reference:
Data and systems owners are accountable for maintaining appropriate security measures over information assets.
QUESTION 53
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?
A. True
B. False
Correct Answer: A Explanation
Explanation/Reference:
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions.
QUESTION 54
What should an IS auditor do if he or she observes that project-approval procedures do not exist?
A. Advise senior management to invest in project-management training for the staff
B. Create project-approval procedures for future project implementations
C. Assign project leaders
D. Recommend to management that formal approval procedures be adopted and documented Correct Answer: D
Explanation Explanation/Reference:
If an IS auditor observes that project-approval procedures do not exist, the IS auditor should recommend to management that formal approval procedures be adopted and documented.
QUESTION 55
Who is ultimately accountable for the development of an IS security policy?
A. The board of directors
B. Middle management
C. Security administrators
D. Network administrators Correct Answer: A
Explanation Explanation/Reference:
The board of directors is ultimately accountable for the development of an IS security policy.
QUESTION 56
Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?
A. True
B. False Correct Answer: B
Explanation Explanation/Reference:
Proper segregation of duties normally prohibits a LAN administrator from also having programming responsibilities.
QUESTION 57
A core tenant of an IS strategy is that it must:
A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization Correct Answer: D
Explanation Explanation/Reference:
Above all else, an IS strategy must support the business objectives of the organization.
QUESTION 58
Batch control reconciliation is a _____________________ (fill in the blank) control for mitigating risk of inadequate segregation of duties.
A. Detective
B. Corrective
C. Preventative
D. Compensatory Correct Answer: D
Explanation Explanation/Reference:
Batch control reconciliations is a compensatory control for mitigating risk of inadequate segregation of duties.
QUESTION 59
.
Key verification is one of the best controls for ensuring that:

A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly Correct Answer: A
Explanation Explanation/Reference:
Key verification is one of the best controls for ensuring that data is entered correctly.
QUESTION 60
. If senior management is not committed to strategic planning, how likely is it that a company’s implementation of IT will be successful?
A. IT cannot be implemented if senior management is not committed to strategic planning.
B. More likely.
C. Less likely.
D. Strategic planning does not affect the success of a company’s implementation of IT.
Correct Answer: C Explanation
Explanation/Reference:
A company’s implementation of IT will be less likely to succeed if senior management is not committed to strategic planning.
QUESTION 61
. Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer.
A. Lack of employee awareness of a company’s information security policy
B. Failure to comply with a company’s information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures Correct Answer: A
Explanation Explanation/Reference:
Lack of employee awareness of a company’s information security policy could lead to an unintentional loss of confidentiality.
QUESTION 62
. What topology provides the greatest redundancy of routes and the greatest network fault tolerance?
A. A star network topology
B. A mesh network topology with packet forwarding enabled at each host
C. A bus network topology
D. A ring network topology Correct Answer: B
Explanation Explanation/Reference:
A mesh network topology provides a point-to-point link between every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.
QUESTION 63
. An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?
A. Evidence collected through personal observation
B. Evidence collected through systems logs provided by the organization’s security administration
C. Evidence collected through surveys collected from internal staff
D. Evidence collected through transaction reports provided by the organization’s IT administration Correct Answer: A
Explanation Explanation/Reference:
An IS auditor usually places more reliance on evidence directly collected, such as through personal observation.
QUESTION 64
. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?
A. Nonconnection-oriented protocols
B. Connection-oriented protocols
C. Session-oriented protocols
D. Nonsession-oriented protocols Correct Answer: B
Explanation Explanation/Reference:
The transport layer of the TCP/IP protocol suite provides for connection-oriented protocols to ensure reliable communication.
QUESTION 65
. How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
A. EDI usually decreases the time necessary for review.
B. EDI usually increases the time necessary for review.
C. Cannot be determined.
D. EDI does not affect the time necessary for review. Correct Answer: A
Explanation Explanation/Reference:
Electronic data interface (EDI) supports intervendor communication while decreasing the time necessary for review because it is usually configured to readily identify errors requiring follow-up.
QUESTION 66
.
What would an IS auditor expect to find in the console log? Choose the BEST answer.

A. Evidence of password spoofing
B. System errors
C. Evidence of data copy activities
D. Evidence of password sharing Correct Answer: B
Explanation Explanation/Reference:
An IS auditor can expect to find system errors to be detailed in the console log.
QUESTION 67
. Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False Correct Answer: A
Explanation Explanation/Reference:
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing.
QUESTION 68
.
Why does the IS auditor often review the system logs?

A. To get evidence of password spoofing
B. To get evidence of data copy activities
C. To determine the existence of unauthorized access to data by a user or program
D. To get evidence of password sharing Correct Answer: C
Explanation Explanation/Reference:
When trying to determine the existence of unauthorized access to data by a user or program, the IS auditor will often review the system logs.
QUESTION 69
. What is essential for the IS auditor to obtain a clear understanding of network management?
A. Security administrator access to systems
B. Systems logs of all hosts providing application services
C. A graphical map of the network topology
D. Administrator access to systems
Correct Answer: C Explanation
Explanation/Reference:
A graphical interface to the map of the network topology is essential for the IS auditor to obtain a clear understanding of network management.
QUESTION 70
.
How is risk affected if users have direct access to a database at the system level?

A. Risk of unauthorized access increases, but risk of untraceable changes to the database decreases.
B. Risk of unauthorized and untraceable changes to the database increases.
C. Risk of unauthorized access decreases, but risk of untraceable changes to the database increases.
D. Risk of unauthorized and untraceable changes to the database decreases. Correct Answer: B
Explanation Explanation/Reference:
If users have direct access to a database at the system level, risk of unauthorized and untraceable changes to the database increases.
QUESTION 71
.
What is the most common purpose of a virtual private network implementation?

A. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.
B. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a dedicated T1 connection.
C. A virtual private network (VPN) helps to secure access within an enterprise when communicating over a dedicated T1 connection between network segments within the same facility.
D. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a wireless connection.
Correct Answer: A Explanation
Explanation/Reference:
A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.

Known as Isaca https://www.pass4itsure.com/CISA.html exam, it is the most hottest exam of Microsoft certification. Flydumps has the actual and new version for Isaca CISA exam candidates, which is written to coincide with the real test by the experienced IT experts and specialists. In the Isaca CISA exam resources, you will cover every field and category in Microsoft certifications helping to ready you for your successful.

Isaca CRISC Exam Dumps Download, Discount Isaca CRISC Exam Are Based On The Real Exam

Flydumps is one of the leading exam preparation material providers.We have a complete range of exams offered by the top vendors of their respective industries. You can download Isaca https://www.pass4itsure.com/CRISC.html free demos in PDF files that are the latest.

QUESTION 31
Which of the following is true for Cost Performance Index (CPI)?
A. If the CPI > 1, it indicates better than expected performance of project
B. CPI = Earned Value (EV) * Actual Cost (AC)
C. It is used to measure performance of schedule
D. If the CPI = 1, it indicates poor performance of project

Correct Answer: A QUESTION 32
Which of the following do NOT indirect information?
A. Information about the propriety of cutoff
B. Reports that show orders that were rejected for credit limitations.
C. Reports that provide information about any unusual deviations and individual product margins.
D. The lack of any significant differences between perpetual levels and actual levels of goods.

Correct Answer: A QUESTION 33
Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process. Which of the following activities best describes a salience model?
A. Describing classes of stakeholders based on their power (ability to impose their will), urgency (need for immediate attention), and legitimacy (their involvement is appropriate).
B. Grouping the stakeholders based on their level of authority (“power”) and their level or concern (“interest”) regarding the project outcomes.
C. Influence/impact grid, grouping the stakeholders based on their active involvement (“influence”) in the project and their ability to affect changes to the project’s planning orexecution (“impact”).
D. Grouping the stakeholders based on their level of authority (“power”) and their active involvement (“influence”) in the project.

Correct Answer: A QUESTION 34
Which of the following is the first MOST step in the risk assessment process?
A. Identification of assets
B. Identification of threats
C. Identification of threat sources
D. Identification of vulnerabilities

Correct Answer: A QUESTION 35
Which of the following matrices is used to specify risk thresholds?
A. Risk indicator matrix
B. Impact matrix
C. Risk scenario matrix
D. Probability matrix

Correct Answer: A QUESTION 36
What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.
A. The amount of loss the enterprise wants to accept
B. Alignment with risk-culture
C. Risk-aware decisions
D. The capacity of the enterprise’s objective to absorb loss.

Correct Answer: AD QUESTION 37
You are the project manager of the GHY Project for your company. You need to complete a project management process that will be on the lookout for new risks, changing risks, and risks that are now outdated. Which project management process is responsible for these actions?
A. Risk planning
B. Risk monitoring and controlling
C. Risk identification
D. Risk analysis

Correct Answer: B QUESTION 38
You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at $125,000 and is subjected to an exposure factor of 25 percent. What will be the Single Loss Expectancy of this project?
A. $ 125,025
B. $ 31,250
C. $ 5,000
D. $ 3,125,000

Correct Answer: B QUESTION 39
Which of the following are the principles of access controls? Each correct answer represents a complete solution. Choose three.
A. Confidentiality
B. Availability
C. Reliability
D. Integrity

Correct Answer: ABD QUESTION 40
You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators?
A. Risk reports need to be timely
B. Complex metrics require fine-tuning
C. Threats and vulnerabilities change over time
D. They help to avoid risk

Correct Answer: C QUESTION 41
Which of the following controls do NOT come under technical class of control?
A. Program management control
B. System and Communications Protection control
C. Identification and Authentication control
D. Access Control

Correct Answer: A QUESTION 42
Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks. What risk identification method is Mary likely using?
A. Delphi Techniques
B. Expert judgment
C. Brainstorming
D. Checklist analysis

Correct Answer: C QUESTION 43
Which of the following is an administrative control?
A. Water detection
B. Reasonableness check
C. Data loss prevention program
D. Session timeout

Correct Answer: C QUESTION 44
You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?
A. Project plan
B. Resource management plan
C. Project management plan
D. Risk management plan

Correct Answer: D QUESTION 45
Where are all risks and risk responses documented as the project progresses?
A. Risk management plan
B. Project management plan
C. Risk response plan
D. Risk register

Correct Answer: D

Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about Isaca CRISC exam. Our Isaca https://www.pass4itsure.com/CRISC.html exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend Isaca CRISC exam.

Isaca CISA Exam, Valid and updated Isaca CISA Demos With Accurate Answers

We are committed on providing you with the latest and most accurate Isaca https://www.pass4itsure.com/CISA.html exam preparation products.If you want to pass Isaca CISA exam successfully, do not miss to read latest Isaca CISA on Flydumps.

QUESTION 26
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation Correct Answer: C
Explanation Explanation/Reference:
Explanation: A global enterprise product reengineering (EPR) software package can be applied to a business to replace, simplify and improve the quality of IS processing. Documentation is intended to help understand how, why and which solutions that have been selected and implemented, and therefore must be specific to the project. Documentation is also intended to support quality assurance and must be comprehensive.
QUESTION 27
A hub is a device that connects:
A. two LANs using different protocols.
B. a LAN with a WAN.
C. a LAN with a metropolitan area network (MAN).
D. two segments of a single LAN. Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A hub is a device that connects two segments of a single LAN. A hub is a repeater. It
provides transparent connectivity to users on all segments of the same LAN. It is a level 1
device.
Incorrect answers:

A. A bridge operates at level 2 of the OSI layer and is used to connect two LANs using different protocols (e.g., joining an ethernet and token network) to form a logical network.
B. A gateway, which is a level 7 device, is used to connect a LAN to a WAN.
C. A LAN is connected with a MAN using a router, which operates in the network layer.
QUESTION 28
A LAN administrator normally would be restricted from:
A. having end-user responsibilities.
B. reporting to the end-user manager.
C. having programming responsibilities.
D. being responsible for LAN security administration.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: A LAN administrator should not have programming responsibilities but may have end-user responsibilities. The LAN administrator may report to the director of the IPF or, in a decentralized operation, to the end-user manager. In small organizations, the LAN administrator also may be responsible for security administration over the LAN.
QUESTION 29
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?
A. Multiplexer
B. Modem
C. Protocol converter
D. Concentrator Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A modem is a device that translates data from digital to analog and back to digital.

QUESTION 30
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A neural network will monitor and learn patterns, reporting exceptions for investigation.
Incorrect answers:

B. Database management software is a method of storing and retrieving datA.
C. Management information systems provide management statistics but do not normally have a monitoring and detection function.
D. Computer-assisted audit techniques detect specific situations, but are not intended to learn patterns and detect abnormalities.
QUESTION 31
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:
A. duplicate check.
B. table lookup.
C. validity check.
D. parity check. Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A parity check will help to detect data errors when data are read from memory or
communicated from one computer to another. A one-bit digit (either 0 or 1) is added to a
data item to indicate whether the sum of that data item’s bit is odd or even. When the
parity bit disagrees with the sum of the other bits, an error report is generated.
Incorrect answers:
Choices A, B and C are types of data validation and editing controls.

QUESTION 32
For which of the following applications would rapid recovery be MOST crucial?
A. Point-of-sale system
B. Corporate planning
C. Regulatory reporting
D. Departmental chargeback Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A point-of-sale system is a critical online system that when inoperable will jeopardize the
ability of Company.com to generate revenue and track inventory properly.

QUESTION 33
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manual.
B. performance of a comprehensive security control review by the IS auditor.
C. adoption of a corporate information security policy statement.
D. purchase of security access control software. Correct Answer: C
Explanation Explanation/Reference:
Explanation:
A policy statement reflects the intent and support provided by executive management for

proper security and establishes a starting point for developing the security program.
QUESTION 34
A malicious code that changes itself with each file it infects is called a:
A. logic bomb.
B. stealth virus.
C. trojan horse.
D. polymorphic virus. Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A polymorphic virus has the capability of changing its own code, enabling it to have
many different variants. Since they have no consistent binary pattern, such viruses are
hard to identify.
Incorrect answers:

A. A logic bomb is code that is hidden in a program or system which will cause something to happen when the user performs a certain action or when certain conditions are met. A logic bomb, which can be downloaded along with a corrupted shareware or freeware program, may destroy data, violate system security, or erase the hard drive.
B. A stealth virus is a virus that hides itself by intercepting disk access requests. When an antivirus program tries to read files or boot sectors to find the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
C. A trojan horse is a virus program that appears to be useful and harmless but which has harmful side effects such as destroying data or breaking the security of the system on which it is run.
QUESTION 35
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan’s effectiveness?
A. Paper test
B. Post test
C. Preparedness test
D. Walk-through Correct Answer: C
Explanation Explanation/Reference:
Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan’s effectiveness. It also provides a means to improve the plan in increments. Incorrect answers:
A. A paper test is a walkthrough of the plan, involving major players in the plan’s execution who attempt to determine what might happen in a particular type of service disruption. A paper test usually precedes the preparedness test.
B. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems.
D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
QUESTION 36
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST costeffective test of the DRP?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A preparedness test is performed by each local office/area to test the adequacy of the
preparedness of local operations for the disaster recovery.
Incorrect answers:

A. A full operational test is conducted after the paper and preparedness test.
C. A paper test is a structured walkthrough of the DRP and should be conducted before a preparedness test.
D. A regression test is not a DRP test and is used in software maintenance.
QUESTION 37
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged.
Which of the following audit recommendations should the IS auditor suggest?
A. Relocate the shut off switch.
B. Install protective covers.
C. Escort visitors.
D. Log environmental failures. Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A protective cover over the switch would allow it to be accessible and visible, but would
prevent accidental activation.
Incorrect Answers:

A. Relocating the shut off switch would defeat the purpose of having it readily accessible.
C. Escorting the personnel moving the equipment may not have prevented this incident.
D. Logging of environmental failures would provide management with a report of incidents, but reporting alone would not prevent a reoccurrence.
QUESTION 38
Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements. Correct Answer: B
Explanation Explanation/Reference:
Explanation: A quality plan is an essential element of all projects. It is critical that the contracted supplier be required to produce such a plan. The quality plan for the proposed development contract should be comprehensive and encompass all phases of the development and include which business functions will be included and when. Acceptance is normally managed by the user area, since they must be satisfied that the new system will meet their requirements. If the system is large, a phased-in approach to implementing the application is a reasonable approach. Prototyping is a valid method of ensuring that the system will meet business requirements.
QUESTION 39
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:
A. registration authority (RA).
B. issuing certification authority (CA).
C. subject CA.
D. policy management authority. Correct Answer: A
Explanation Explanation/Reference:
Explanation: A RA is an entity that is responsible for identification and authentication of certificate subjects, but the RA does not sign or issue certificates. The certificate subject usually interacts with the RA for completing the process of subscribing to the services of the certification authority in terms of getting identity validated with standard identification documents, as detailed in the certificate policies of the CA. In the context of a particular certificate, the issuing CA is the CA that issued the certificate. In the context of a particular CA certificate, the subject CA is the CA whose public key is certified in the certificate.
QUESTION 40
Which of the following is a data validation edit and control?
A. Hash totals
B. Reasonableness checks
C. Online access controls
D. Before and after image reporting Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A reasonableness check is a data validation edit and control, used to ensure that data
conforms to predetermined criteriA.
Incorrect answers:

A. A hash total is a total of any numeric data field or series of data elements in a data file. This total is checked against a control total of the same field or fields to ensure completeness of processing.
B. Online access controls are designed to prevent unauthorized access to the system and
datA.
C. Before and after image reporting is a control over data files that makes it possible to trace changes.

Flydumps Isaca CISA practice test is the best training materials. If you are an IT staff, it will be your indispensable training materials. Do not take your future betting on tomorrow. Flydumps Isaca CISA practice test are absolutely trustworthy. We are dedicated to provide the materials to the world of the candidates who want to participate in IT exam. To get the Isaca https://www.pass4itsure.com/CISA.html exam certification is the goal of many IT people & Network professionals. The pass rate of Flydumps is incredibly high. We are committed to your success.

Isaca CRISC VCE Exam Q&As, High Pass Rate Isaca CRISC VCE Exams On Our Store

Fully Updated Do not hesitate to choose Flydumps Isaca CRISC VCE Exam Dumps, all are updated timely by SAP expert professionals.Visit the site Flydumps.com to get the free Isaca https://www.pass4itsure.com/CRISC.html pdf dumps and free vce player.

QUESTION 1
Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?
A. In order to avoid risk
B. Complex metrics require fine-tuning
C. Risk reports need to be timely
D. Threats and vulnerabilities change over time

Correct Answer: D
QUESTION 2
You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project’s monitoring and controlling process?
A. Include the responses in the project management plan.
B. Include the risk responses in the risk management plan.
C. Include the risk responses in the organization’s lessons learned database.
D. Nothing. The risk responses are included in the project’s risk register already.

Correct Answer: C
QUESTION 3
You are the project manager of GHT project. You have identified a risk event on your project that could save $100,000 in project costs if it occurs. Which of the following statements BEST describes this risk event?
A. This risk event should be mitigated to take advantage of the savings.
B. This is a risk event that should be accepted because the rewards outweigh the threat to the project.
C. This risk event should be avoided to take full advantage of the potential savings.
D. This risk event is an opportunity to the project and should be exploited.

Correct Answer: D
QUESTION 4
You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning. What is the best reason for the duplicate risk identification sessions?
A. The iterative meetings allow all stakeholders to participate in the risk identification processes throughout the project phases.
B. The iterative meetings allow the project manager to discuss the risk events which have passed the project and which did not happen.
C. The iterative meetings allow the project manager and the risk identification participants to identify newly discovered risk events throughout the project.
D. The iterative meetings allow the project manager to communicate pending risks events during project execution.
Correct Answer: C
QUESTION 5
You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?
A. 120
B. 100
C. 15
D. 30

Correct Answer: A QUESTION 6
Which of the following is the MOST important use of KRIs?
A. Providing a backward-looking view on risk events that have occurred
B. Providing an early warning signal
C. Providing an indication of the enterprise’s risk appetite and tolerance
D. Enabling the documentation and analysis of trends

Correct Answer: B QUESTION 7
Which of the following role carriers will decide the Key Risk Indicator of the enterprise? Each correct answer represents a part of the solution. Choose two.
A. Business leaders
B. Senior management
C. Human resource
D. Chief financial officer

Correct Answer: AB QUESTION 8
What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.
A. Determination of cause and effect
B. Determination of the value of business process at risk
C. Potential threats and vulnerabilities that could cause loss
D. Determination of the value of an asset

Correct Answer: BCD QUESTION 9
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
A. Resource Management Plan
B. Risk Management Plan
C. Stakeholder management strategy
D. Communications Management Plan

Correct Answer: D QUESTION 10
Which of the following controls is an example of non-technical controls?
A. Access control
B. Physical security
C. Intrusion detection system
D. Encryption

Correct Answer: B QUESTION 11
You are the project manager of GHT project. Your project team is in the process of identifying project risks on your current project. The team has the option to use all of the following tools and techniques to diagram some of these potential risks EXCEPT for which one?
A. Process flowchart
B. Ishikawa diagram
C. Influence diagram
D. Decision tree diagram

Correct Answer: D QUESTION 12
Which of the following BEST describes the utility of a risk?
A. The finance incentive behind the risk
B. The potential opportunity of the risk
C. The mechanics of how a risk works
D. The usefulness of the risk to individuals or groups

Correct Answer: D QUESTION 13
Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?
A. Scalability
B. Customizability
C. Sustainability
D. Impact on performance

Correct Answer: A QUESTION 14
You are the project manager in your enterprise. You have identified risk that is noticeable failure threatening the success of certain goals of your enterprise. In which of the following levels do this identified risk exists?
A. Moderate risk
B. High risk
C. Extremely high risk
D. Low risk

Correct Answer: A QUESTION 15
Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?
A. It helps the project team realize the areas of the project most laden with risks.
B. It assist in developing effective risk responses.
C. It saves time by collecting the related resources, such as project team members, to analyze the risk events.
D. It can lead to the creation of risk categories unique to each project.

Correct Answer: B QUESTION 16
Which of the following processes is described in the statement below? “It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions.”
A. Risk governance
B. Risk identification
C. Risk response planning
D. Risk communication

Correct Answer: D QUESTION 17
You are an experienced Project Manager that has been entrusted with a project to develop a machine which produces auto components. You have scheduled meetings with the project team and the key stakeholders to identify the risks for your project. Which of the following is a key output of this process?
A. Risk Register
B. Risk Management Plan
C. Risk Breakdown Structure
D. Risk Categories

Correct Answer: A QUESTION 18
Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?
A. Timing dimension
B. Events
C. Assets
D. Actors

Correct Answer: D QUESTION 19
You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?
A. Review performance data
B. Discover risk exposure
C. Conduct pilot testing
D. Articulate risk

Correct Answer: AC QUESTION 20
Which of the following is NOT true for risk management capability maturity level 1?
A. There is an understanding that risk is important and needs to be managed, but it is viewed asa technical issue and the business primarily considers the downside of IT risk
B. Decisions involving risk lack credible information
C. Risk appetite and tolerance are applied only during episodic risk assessments
D. Risk management skills exist on an ad hoc basis, but are not actively developed

Correct Answer: B QUESTION 21
An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
A. Information security managers
B. Internal auditors
C. Incident response team members
D. Business managers

Correct Answer: D QUESTION 22
Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?
A. Sensitivity analysis
B. Scenario analysis
C. Fault tree analysis
D. Cause and effect analysis

Correct Answer: C QUESTION 23
What is the process for selecting and implementing measures to impact risk called?
A. Risk Treatment
B. Control
C. Risk Assessment
D. Risk Management

Correct Answer: A QUESTION 24
Which section of the Sarbanes-Oxley Act specifies “Periodic financial reports must be certified by CEO and CFO”?
A. Section 302
B. Section 404
C. Section 203
D. Section 409

Correct Answer: A QUESTION 25
What is the PRIMARY need for effectively assessing controls?
A. Control’s alignment with operating environment
B. Control’s design effectiveness
C. Control’s objective achievement
D. Control’s operating effectiveness Correct Answer: C
QUESTION 26
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders’ approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?
A. Human resource needs
B. Quality control concerns
C. Costs
D. Risks

Correct Answer: D
QUESTION 27
David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?
A. Avoidance
B. Mitigation
C. Acceptance
D. Transfer

Correct Answer: B
QUESTION 28
Which of the following is the MOST important objective of the information system control?
A. Business objectives are achieved and undesired risk events are detected and corrected
B. Ensuring effective and efficient operations
C. Developing business continuity and disaster recovery plans
D. Safeguarding assets

Correct Answer: A
QUESTION 29
Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?
A. Business Continuity Strategy
B. Index of Disaster-Relevant Information
C. Disaster Invocation Guideline
D. Availability/ ITSCM/ Security Testing Schedule

Correct Answer: A
QUESTION 30
For which of the following risk management capability maturity levels do the statement given below is true? “Real-time monitoring of risk events and control exceptions exists, as does automation of policy management”
A. Level 3
B. Level 0
C. Level 5
D. Level 2
Correct Answer: C

Each Answers in Isaca https://www.pass4itsure.com/CRISC.html study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.

Isaca CISA Practice Test, Provide Latest Isaca CISA Exam Demo With The Knowledge And Skills

GOOD NEWS: Flydumps has published the new version with all the new added questions and answers.By training the Isaca https://www.pass4itsure.com/CISA.html VCE dumps, you can pass the exam easily and quickly.

QUESTION 1
IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations Correct Answer: D
Explanation Explanation/Reference:
Explanation:
4GLs are usually not suitable for data intensive operations. Instead, they are used mainly
for graphic user interface (GUI) design or as simple query/report generators.
Incorrect answers:
A, B. Screen/report design facilities are one of the main advantages of 4GLs, and 4GLs
have simple programming language subsets.

C. Portability is also one of the main advantages of 4GLs.
QUESTION 2
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A before-and-after maintenance report is the best answer because a visual review would
provide the most positive verification that updating was proper.

QUESTION 3
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Blackbox test
B. Desk checking
C. Structured walk-through
D. Design and code Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A blackbox test is a dynamic analysis tool for testing software modules. During the
testing of software modules a blackbox test works first in a cohesive manner as one
single unit/entity, consisting of numerous modules and second, with the user data that
flows across software modules. In some cases, this even drives the software behavior.
Incorrect answers:
In choices B, C and D, the software (design or code) remains static and somebody simply
closely examines it by applying his/her mind, without actually activating the software.
Hence, these cannot be referred to as dynamic analysis tools.

QUESTION 4
Which of the following is MOST likely to result from a business process reengineering (BPR) project?
A. An increased number of people using technology
B. Significant cost savings, through a reduction in the complexity of information technology
C. A weaker organizational structures and less accountability
D. Increased information protection (IP) risk will increase Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A BPR project more often leads to an increased number of people using technology, and
this would be a cause for concern. Incorrect answers:

B. As BPR is often technology oriented, and this technology is usually more complex and volatile than in the past, cost savings do not often materialize in this areA.
D. There is no reason for IP to conflict with a BPR project, unless the project is not run properly.
QUESTION 5
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
A bridge connects two separate networks to form a logical network (e.g., joining an
ethernet and token network) and has the storage capacity to store frames and act as a
storage and forward device. Bridges operate at the OSI data link layer by examining the
media access control header of a data packet.
Incorrect answers:

A. Routers are switching devices that operate at the OSI network layer by examining network addresses (i.e., routing information encoded in an IP packet). The router, by examining the IP address, can make intelligent decisions in directing the packet to its destination.
C. Repeaters amplify transmission signals to reach remote devices by taking a signal from a LAN, reconditioning and retiming it, and sending it to another. This functionality is hardware encoded and occurs at the OSI physical layer.
D. Gateways provide access paths to foreign networks.
QUESTION 6
Which of the following is a benefit of using callback devices?
A. Provide an audit trail
B. Can be used in a switchboard environment
C. Permit unlimited user mobility
D. Allow call forwarding Correct Answer: A
Explanation Explanation/Reference:
Explanation: A callback feature hooks into the access control software and logs all authorized and unauthorized access attempts, permitting the follow-up and further review of potential breaches. Call forwarding (choice D) is a means of potentially bypassing callback control. By dialing through an authorized phone number from an unauthorized phone number, a perpetrator can gain computer access. This vulnerability can be controlled through callback systems that are available.
QUESTION 7
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:
A. dials back to the user machine based on the user id and password using a telephone number from its database.
B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection.
C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database.
D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender’s database.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: A call-back system in a net centric environment would mean that a user with an id and password calls a remote server through a dial-up line first, and then the server disconnects and dials back to the user machine based on the user id and password using a telephone number from its database. Although the server can depend upon its own database, it cannot know the authenticity of the dialer when the user dials again. The server cannot depend upon the sender’s database to dial back as the same could be manipulated.
QUESTION 8
Structured programming is BEST described as a technique that:
A. provides knowledge of program functions to other programmers via peer reviews.
B. reduces the maintenance time of programs by the use of small-scale program modules.
C. makes the readable coding reflect as closely as possible the dynamic execution of the program.
D. controls the coding and testing of the high-level functions of the program in the development process. Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A characteristic of structured programming is smaller, workable units. Structured
programming has evolved because smaller, workable units are easier to maintain.
Structured programming is a style of programming which restricts the kinds of control
structures. This limitation is not crippling. Any program can be written with allowed
control structures. Structured programming is sometimes referred to as go-to-less programming, since a

go-to statement is not allowed. This is perhaps the most well
known restriction of the style, since go-to statements were common at the time structured
programming was becoming more popular. Statement labels also become unnecessary,
except in languages where subroutines are identified by labels.

QUESTION 9
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A check digit is a numeric value that is calculated mathematically and is appended to data
to ensure that the original data have not been altered or an incorrect, but valid, value
substituted. This control is effective in detecting transposition and transcription errors.
Incorrect answers:

A. A range check is checking data that matches a predetermined range of values.
C. A validity check is programmed checking of the data validity in accordance with predetermined criteriA.
D. In a duplicate check, new or fresh transactions are matched to those previously entered to ensure that they are not already in the system.
QUESTION 10
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:
A. cold site.
B. warm site.
C. dial-up site.
D. duplicate processing facility. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A cold site is ready to receive equipment but does not offer any components at the site in
advance of the need.
Incorrect answers:

B. A warm site is an offsite backup facility that is configured partially with network connections and selected peripheral equipment, such as disk and tape units, controllers
and CPUs, to operate an information processing facility. D. A duplicate information processing facility is a dedicated, self-developed recovery site
that can back up critical applications.
QUESTION 11
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?
A. Unit testing
B. Integration testing
C. Design walk-throughs
D. Configuration management Correct Answer: B
Explanation Explanation/Reference:
Explanation: A common system maintenance problem is that errors are often corrected quickly (especially when deadlines are tight), units are tested by the programmer, and then transferred to the acceptance test areA. This often results in system problems that should have been detected during integration or system testing. Integration testing aims at ensuring that the major components of the system interface correctly.
QUESTION 12
In an EDI process, the device which transmits and receives electronic documents is the:
A. communications handler.
B. EDI translator.
C. application interface.
D. EDI interface. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A communications handler transmits and receives electronic documents between trading
partners and/or wide area networks (WANs).
Incorrect answers:

B. An EDI translator translates data between the standard format and a trading partner’s proprietary format.
C. An application interface moves electronic transactions to, or from, the application system and performs data mapping.
D. An EDI interface manipulates and routes data between the application system and the
communications handler.
QUESTION 13
The MOST significant level of effort for business continuity planning (BCP) generally is required during the:
A. testing stage.
B. evaluation stage.
C. maintenance stage.
D. early stages of planning. Correct Answer: D
Explanation Explanation/Reference:
Explanation: Company.com in the early stages of a BCP will incur the most significant level of program development effort, which will level out as the BCP moves into maintenance, testing and
evaluation stages. It is during the planning stage that an IS auditor will play an important role in obtaining senior management’s commitment to resources and assignment of BCP responsibilities.
QUESTION 14
Which of the following network configuration options contains a direct link between any two host machines?
A. Bus
B. Ring
C. Star
D. Completely connected (mesh) Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A completely connected mesh configuration creates a direct link between any two host
machines.
Incorrect answers:

A. A bus configuration links all stations along one transmission line.
B. A ring configuration forms a circle, and all stations are attached to a point on the transmission circle.
D. In a star configuration each station is linked directly to a main hub.
QUESTION 15
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A. Check digit
B. Existence check
C. Completeness check
D. Reasonableness check Correct Answer: C
Explanation Explanation/Reference:
Explanation:
A completeness check is used to determine if a field contains data and not zeros or
blanks.
Incorrect answers:

A. A check digit is a digit calculated mathematically to ensure original data was not altered.
B. An existence check also checks entered data for agreement to predetermined criteriA.
D. A reasonableness check matches input to predetermined reasonable limits or occurrence rates.
QUESTION 16
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls Correct Answer: B
Explanation Explanation/Reference:
Explanation: A compliance test determines if controls are operating as designed and are being applied in a manner that complies with management policies and procedures. For example, if the IS auditor is concerned whether program library controls are working properly, the IS auditor might select a sample of programs to determine if the source and object versions are the same. In other words, the broad objective of any compliance test is to provide auditors with reasonable assurance that a particular control on which the auditor plans to rely is operating as the auditor perceived it in the preliminary evaluation.
QUESTION 17
A data administrator is responsible for:
A. maintaining database system software.
B. defining data elements, data names and their relationship.
C. developing physical database structures.
D. developing data dictionary system software. Correct Answer: B
Explanation Explanation/Reference:
Explanation:
A data administrator is responsible for defining data elements, data names and their
relationship. Choices A, C and D are functions of a database administrator (DBA)

QUESTION 18
A database administrator is responsible for:
A. defining data ownership.
B. establishing operational standards for the data dictionary.
C. creating the logical and physical database.
D. establishing ground rules for ensuring data integrity and security. Correct Answer: C
Explanation Explanation/Reference:
Explanation: A database administrator is responsible for creating and controlling the logical and physical database. Defining data ownership resides with the head of the user department or top management if the data is common to the organization. IS management and the data administrator are responsible for establishing operational standards for the data dictionary. Establishing ground rules for ensuring data integrity and security in line with the corporate security policy is a function of the security administrator.
QUESTION 19
An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:
A. defining the conceptual schemA.
B. defining security and integrity checks.
C. liaising with users in developing data model.
D. mapping data model with the internal schemA. Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A DBA only in rare instances should be mapping data elements from the data model to

the internal schema (physical data storage definitions). To do so would eliminate data
independence for application systems. Mapping of the data model occurs with the conceptual schema since the conceptual schema represents the enterprisewide view of data within an organization and is the basis for deriving an end-user department data model.
QUESTION 20
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:
A. the entire message and thereafter enciphering the message digest using the sender’s private key.
B. any arbitrary part of the message and thereafter enciphering the message digest using the sender’s private key.
C. the entire message and thereafter enciphering the message using the sender’s private key.
D. the entire message and thereafter enciphering the message along with the message digest using the sender’s private key.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: A digital signature is a cryptographic method that ensures data integrity, authentication of the message, and non-repudiation. To ensure these, the sender first creates a message digest by applying a cryptographic hashing algorithm against the entire message and thereafter enciphers the message digest using the sender’s private key. A message digest is created by applying a cryptographic hashing algorithm against the entire message not on any arbitrary part of the message. After creating the message digest, only the message digest is enciphered using the sender’s private key, not the message.
QUESTION 21
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:
A. digest signature.
B. electronic signature.
C. digital signature.
D. hash signature. Correct Answer: C
Explanation Explanation/Reference:
Explanation: A digital signature through the private cryptographic key authenticates a transmission from a sender through the private cryptographic key. It is a string of bits that uniquely represent another string of bits, a digital document. An electronic signature refers to the string of bits that digitally represents a handwritten signature captured by a computer system when a human applies it on an electronic pen pad, connected to the system.
QUESTION 22
A critical function of a firewall is to act as a:
A. special router that connects the Internet to a LAN.
B. device for preventing authorized users from accessing the LAN.
C. server used to connect authorized users to private trusted network resources.
D. proxy server to increase the speed of access to authorized users. Correct Answer: B
Explanation Explanation/Reference:
Explanation: A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users of other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling the outside resources to which its own users have access. Basically, a firewall, working closely with a router program, filters all network packets to determine whether or not to forward them toward their destination. A firewall includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so no incoming request can get directed to private network resources.
QUESTION 23
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?
A. Spool
B. Cluster controller
C. Protocol converter
D. Front end processor Correct Answer: D
Explanation Explanation/Reference:
Explanation:
A front-end processor is a hardware device that connects all communication lines to a

central computer to relieve the central computer.
QUESTION 24
The use of a GANTT chart can:
A. aid in scheduling project tasks.
B. determine project checkpoints.
C. ensure documentation standards.
D. direct the post-implementation review. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A GANTT chart is used in project control. It may aid in the identification of needed
checkpoints but its primary use is in scheduling. It will not ensure the completion of
documentation nor will it provide direction for the post-implementation review.

QUESTION 25
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?
A. Gateway
B. Protocol converter
C. Front-end communication processor
D. Concentrator/multiplexor Correct Answer: A
Explanation Explanation/Reference:
Explanation:
A gateway performs the job of translating e-mail formats from one network to another so
messages can make their way through all the networks.
Incorrect answers:

B. A protocol converter is a hardware device that converts between two different types of transmissions, such as asynchronous and synchronous transmissions.
C. A front-end communication processor connects all network communication lines to a central computer to relieve the central computer from performing network control, format conversion and message handling tasks.
D. A concentrator/multiplexor is a device used for combining several lower-speed channels into a higher-speed channel.

Flydumps.com delivers you the best possible study guide which is also updated regularly to take your Isaca CISA exam. The Isaca https://www.pass4itsure.com/CISA.html real exam is planned and researched by IT experts who are very much involved in the IT field.They have been trying their level best to create concise and logical study guide by using their data. Using the product of Flydumps.com will not only help you pass the exam but also safe a bright future for you ahead.