Isaca CISA Exam Prep, Prompt Updates Isaca CISA Exam Is Your Best Choice

There is No need to hassle if you are stuck in the Isaca CISA exam difficulties,Flydumps will assist you right through exam specific preparation material.Flydumps delivers the most comprehensive preparation material,covering each and every aspect of Isaca https://www.pass4itsure.com/CISA.html exam curriculum.

QUESTION 41
A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:
A. reasonableness check.
B. parity check.
C. redundancy check.
D. check digits. Correct Answer: C
Explanation Explanation/Reference:
Explanation:
A redundancy check detects transmission errors by appending calculated bits onto the end
of each segment of datA.
Incorrect answers:

A. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the datA.
B. A parity check is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission.
D. Check digits detect transposition and transcription errors.
QUESTION 42
What is the primary objective of a control self-assessment (CSA) program?
A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility Correct Answer: A
Explanation Explanation/Reference:
Audit responsibility enhancement is an objective of a control self-assessment (CSA) program.
QUESTION 43
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?
A. True
B. False Correct Answer: A
Explanation Explanation/Reference:
IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.
QUESTION 44
As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value.
B. Greater value.
C. Lesser value.
D. Prior audit reports are not relevant. Correct Answer: C
Explanation Explanation/Reference:
Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization’s IT process than evidence directly collected.
QUESTION 45
What is the PRIMARY purpose of audit trails?
A. To document auditing efforts
B. To correct data integrity errors
C. To establish accountability and responsibility for processed transactions
D. To prevent unauthorized access to data Correct Answer: C
Explanation Explanation/Reference:
The primary purpose of audit trails is to establish accountability and responsibility for processed transactions.
QUESTION 46
How does the process of systems auditing benefit from using a risk-based approach to audit planning?
A. Controls testing starts earlier.
B. Auditing resources are allocated to the areas of highest concern.
C. Auditing risk is reduced.
D. Controls testing is more thorough. Correct Answer: B
Explanation Explanation/Reference:
Allocation of auditing resources to the areas of highest concern is a benefit of a risk-based approach to audit planning.
QUESTION 47
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls Correct Answer: A
Explanation Explanation/Reference:
After an IS auditor has identified threats and potential impacts, the auditor should then identify and evaluate the existing controls.
QUESTION 48
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk Correct Answer: A
Explanation Explanation/Reference:
The use of statistical sampling procedures helps minimize detection risk.
QUESTION 49
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?
A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk Correct Answer: B
Explanation Explanation/Reference:
Detection risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist.
QUESTION 50
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:
A. Identify high-risk areas that might need a detailed review later
B. Reduce audit costs
C. Reduce audit time
D. Increase audit accuracy Correct Answer: C
Explanation Explanation/Reference:
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can identify high-risk areas that might need a detailed review later.
QUESTION 51
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated Correct Answer: B
Explanation Explanation/Reference:
A bottom-up approach to the development of organizational policies is often driven by risk assessment.
QUESTION 52
Who is accountable for maintaining appropriate security measures over information assets?
A. Data and systems owners
B. Data and systems users
C. Data and systems custodians
D. Data and systems auditors Correct Answer: A
Explanation Explanation/Reference:
Data and systems owners are accountable for maintaining appropriate security measures over information assets.
QUESTION 53
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?
A. True
B. False
Correct Answer: A Explanation
Explanation/Reference:
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions.
QUESTION 54
What should an IS auditor do if he or she observes that project-approval procedures do not exist?
A. Advise senior management to invest in project-management training for the staff
B. Create project-approval procedures for future project implementations
C. Assign project leaders
D. Recommend to management that formal approval procedures be adopted and documented Correct Answer: D
Explanation Explanation/Reference:
If an IS auditor observes that project-approval procedures do not exist, the IS auditor should recommend to management that formal approval procedures be adopted and documented.
QUESTION 55
Who is ultimately accountable for the development of an IS security policy?
A. The board of directors
B. Middle management
C. Security administrators
D. Network administrators Correct Answer: A
Explanation Explanation/Reference:
The board of directors is ultimately accountable for the development of an IS security policy.
QUESTION 56
Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?
A. True
B. False Correct Answer: B
Explanation Explanation/Reference:
Proper segregation of duties normally prohibits a LAN administrator from also having programming responsibilities.
QUESTION 57
A core tenant of an IS strategy is that it must:
A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization Correct Answer: D
Explanation Explanation/Reference:
Above all else, an IS strategy must support the business objectives of the organization.
QUESTION 58
Batch control reconciliation is a _____________________ (fill in the blank) control for mitigating risk of inadequate segregation of duties.
A. Detective
B. Corrective
C. Preventative
D. Compensatory Correct Answer: D
Explanation Explanation/Reference:
Batch control reconciliations is a compensatory control for mitigating risk of inadequate segregation of duties.
QUESTION 59
.
Key verification is one of the best controls for ensuring that:

A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly Correct Answer: A
Explanation Explanation/Reference:
Key verification is one of the best controls for ensuring that data is entered correctly.
QUESTION 60
. If senior management is not committed to strategic planning, how likely is it that a company’s implementation of IT will be successful?
A. IT cannot be implemented if senior management is not committed to strategic planning.
B. More likely.
C. Less likely.
D. Strategic planning does not affect the success of a company’s implementation of IT.
Correct Answer: C Explanation
Explanation/Reference:
A company’s implementation of IT will be less likely to succeed if senior management is not committed to strategic planning.
QUESTION 61
. Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer.
A. Lack of employee awareness of a company’s information security policy
B. Failure to comply with a company’s information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures Correct Answer: A
Explanation Explanation/Reference:
Lack of employee awareness of a company’s information security policy could lead to an unintentional loss of confidentiality.
QUESTION 62
. What topology provides the greatest redundancy of routes and the greatest network fault tolerance?
A. A star network topology
B. A mesh network topology with packet forwarding enabled at each host
C. A bus network topology
D. A ring network topology Correct Answer: B
Explanation Explanation/Reference:
A mesh network topology provides a point-to-point link between every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.
QUESTION 63
. An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?
A. Evidence collected through personal observation
B. Evidence collected through systems logs provided by the organization’s security administration
C. Evidence collected through surveys collected from internal staff
D. Evidence collected through transaction reports provided by the organization’s IT administration Correct Answer: A
Explanation Explanation/Reference:
An IS auditor usually places more reliance on evidence directly collected, such as through personal observation.
QUESTION 64
. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?
A. Nonconnection-oriented protocols
B. Connection-oriented protocols
C. Session-oriented protocols
D. Nonsession-oriented protocols Correct Answer: B
Explanation Explanation/Reference:
The transport layer of the TCP/IP protocol suite provides for connection-oriented protocols to ensure reliable communication.
QUESTION 65
. How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
A. EDI usually decreases the time necessary for review.
B. EDI usually increases the time necessary for review.
C. Cannot be determined.
D. EDI does not affect the time necessary for review. Correct Answer: A
Explanation Explanation/Reference:
Electronic data interface (EDI) supports intervendor communication while decreasing the time necessary for review because it is usually configured to readily identify errors requiring follow-up.
QUESTION 66
.
What would an IS auditor expect to find in the console log? Choose the BEST answer.

A. Evidence of password spoofing
B. System errors
C. Evidence of data copy activities
D. Evidence of password sharing Correct Answer: B
Explanation Explanation/Reference:
An IS auditor can expect to find system errors to be detailed in the console log.
QUESTION 67
. Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False Correct Answer: A
Explanation Explanation/Reference:
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing.
QUESTION 68
.
Why does the IS auditor often review the system logs?

A. To get evidence of password spoofing
B. To get evidence of data copy activities
C. To determine the existence of unauthorized access to data by a user or program
D. To get evidence of password sharing Correct Answer: C
Explanation Explanation/Reference:
When trying to determine the existence of unauthorized access to data by a user or program, the IS auditor will often review the system logs.
QUESTION 69
. What is essential for the IS auditor to obtain a clear understanding of network management?
A. Security administrator access to systems
B. Systems logs of all hosts providing application services
C. A graphical map of the network topology
D. Administrator access to systems
Correct Answer: C Explanation
Explanation/Reference:
A graphical interface to the map of the network topology is essential for the IS auditor to obtain a clear understanding of network management.
QUESTION 70
.
How is risk affected if users have direct access to a database at the system level?

A. Risk of unauthorized access increases, but risk of untraceable changes to the database decreases.
B. Risk of unauthorized and untraceable changes to the database increases.
C. Risk of unauthorized access decreases, but risk of untraceable changes to the database increases.
D. Risk of unauthorized and untraceable changes to the database decreases. Correct Answer: B
Explanation Explanation/Reference:
If users have direct access to a database at the system level, risk of unauthorized and untraceable changes to the database increases.
QUESTION 71
.
What is the most common purpose of a virtual private network implementation?

A. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.
B. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a dedicated T1 connection.
C. A virtual private network (VPN) helps to secure access within an enterprise when communicating over a dedicated T1 connection between network segments within the same facility.
D. A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a wireless connection.
Correct Answer: A Explanation
Explanation/Reference:
A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.

Known as Isaca https://www.pass4itsure.com/CISA.html exam, it is the most hottest exam of Microsoft certification. Flydumps has the actual and new version for Isaca CISA exam candidates, which is written to coincide with the real test by the experienced IT experts and specialists. In the Isaca CISA exam resources, you will cover every field and category in Microsoft certifications helping to ready you for your successful.