We are committed on providing you with the latest and most accurate Isaca https://www.pass4itsure.com/CISA.html exam preparation products.If you want to pass Isaca CISA exam successfully, do not miss to read latest Isaca CISA on Flydumps.
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation Correct Answer: C
Explanation: A global enterprise product reengineering (EPR) software package can be applied to a business to replace, simplify and improve the quality of IS processing. Documentation is intended to help understand how, why and which solutions that have been selected and implemented, and therefore must be specific to the project. Documentation is also intended to support quality assurance and must be comprehensive.
A hub is a device that connects:
A. two LANs using different protocols.
B. a LAN with a WAN.
C. a LAN with a metropolitan area network (MAN).
D. two segments of a single LAN. Correct Answer: D
A hub is a device that connects two segments of a single LAN. A hub is a repeater. It
provides transparent connectivity to users on all segments of the same LAN. It is a level 1
A. A bridge operates at level 2 of the OSI layer and is used to connect two LANs using different protocols (e.g., joining an ethernet and token network) to form a logical network.
B. A gateway, which is a level 7 device, is used to connect a LAN to a WAN.
C. A LAN is connected with a MAN using a router, which operates in the network layer.
A LAN administrator normally would be restricted from:
A. having end-user responsibilities.
B. reporting to the end-user manager.
C. having programming responsibilities.
D. being responsible for LAN security administration.
Correct Answer: C Explanation
Explanation: A LAN administrator should not have programming responsibilities but may have end-user responsibilities. The LAN administrator may report to the director of the IPF or, in a decentralized operation, to the end-user manager. In small organizations, the LAN administrator also may be responsible for security administration over the LAN.
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?
C. Protocol converter
D. Concentrator Correct Answer: B
A modem is a device that translates data from digital to analog and back to digital.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques Correct Answer: A
A neural network will monitor and learn patterns, reporting exceptions for investigation.
B. Database management software is a method of storing and retrieving datA.
C. Management information systems provide management statistics but do not normally have a monitoring and detection function.
D. Computer-assisted audit techniques detect specific situations, but are not intended to learn patterns and detect abnormalities.
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:
A. duplicate check.
B. table lookup.
C. validity check.
D. parity check. Correct Answer: D
A parity check will help to detect data errors when data are read from memory or
communicated from one computer to another. A one-bit digit (either 0 or 1) is added to a
data item to indicate whether the sum of that data item’s bit is odd or even. When the
parity bit disagrees with the sum of the other bits, an error report is generated.
Choices A, B and C are types of data validation and editing controls.
For which of the following applications would rapid recovery be MOST crucial?
A. Point-of-sale system
B. Corporate planning
C. Regulatory reporting
D. Departmental chargeback Correct Answer: A
A point-of-sale system is a critical online system that when inoperable will jeopardize the
ability of Company.com to generate revenue and track inventory properly.
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manual.
B. performance of a comprehensive security control review by the IS auditor.
C. adoption of a corporate information security policy statement.
D. purchase of security access control software. Correct Answer: C
A policy statement reflects the intent and support provided by executive management for
proper security and establishes a starting point for developing the security program.
A malicious code that changes itself with each file it infects is called a:
A. logic bomb.
B. stealth virus.
C. trojan horse.
D. polymorphic virus. Correct Answer: D
A polymorphic virus has the capability of changing its own code, enabling it to have
many different variants. Since they have no consistent binary pattern, such viruses are
hard to identify.
A. A logic bomb is code that is hidden in a program or system which will cause something to happen when the user performs a certain action or when certain conditions are met. A logic bomb, which can be downloaded along with a corrupted shareware or freeware program, may destroy data, violate system security, or erase the hard drive.
B. A stealth virus is a virus that hides itself by intercepting disk access requests. When an antivirus program tries to read files or boot sectors to find the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
C. A trojan horse is a virus program that appears to be useful and harmless but which has harmful side effects such as destroying data or breaking the security of the system on which it is run.
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan’s effectiveness?
A. Paper test
B. Post test
C. Preparedness test
D. Walk-through Correct Answer: C
Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan’s effectiveness. It also provides a means to improve the plan in increments. Incorrect answers:
A. A paper test is a walkthrough of the plan, involving major players in the plan’s execution who attempt to determine what might happen in a particular type of service disruption. A paper test usually precedes the preparedness test.
B. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems.
D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST costeffective test of the DRP?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test Correct Answer: B
A preparedness test is performed by each local office/area to test the adequacy of the
preparedness of local operations for the disaster recovery.
A. A full operational test is conducted after the paper and preparedness test.
C. A paper test is a structured walkthrough of the DRP and should be conducted before a preparedness test.
D. A regression test is not a DRP test and is used in software maintenance.
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged.
Which of the following audit recommendations should the IS auditor suggest?
A. Relocate the shut off switch.
B. Install protective covers.
C. Escort visitors.
D. Log environmental failures. Correct Answer: B
A protective cover over the switch would allow it to be accessible and visible, but would
prevent accidental activation.
A. Relocating the shut off switch would defeat the purpose of having it readily accessible.
C. Escorting the personnel moving the equipment may not have prevented this incident.
D. Logging of environmental failures would provide management with a report of incidents, but reporting alone would not prevent a reoccurrence.
Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements. Correct Answer: B
Explanation: A quality plan is an essential element of all projects. It is critical that the contracted supplier be required to produce such a plan. The quality plan for the proposed development contract should be comprehensive and encompass all phases of the development and include which business functions will be included and when. Acceptance is normally managed by the user area, since they must be satisfied that the new system will meet their requirements. If the system is large, a phased-in approach to implementing the application is a reasonable approach. Prototyping is a valid method of ensuring that the system will meet business requirements.
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:
A. registration authority (RA).
B. issuing certification authority (CA).
C. subject CA.
D. policy management authority. Correct Answer: A
Explanation: A RA is an entity that is responsible for identification and authentication of certificate subjects, but the RA does not sign or issue certificates. The certificate subject usually interacts with the RA for completing the process of subscribing to the services of the certification authority in terms of getting identity validated with standard identification documents, as detailed in the certificate policies of the CA. In the context of a particular certificate, the issuing CA is the CA that issued the certificate. In the context of a particular CA certificate, the subject CA is the CA whose public key is certified in the certificate.
Which of the following is a data validation edit and control?
A. Hash totals
B. Reasonableness checks
C. Online access controls
D. Before and after image reporting Correct Answer: B
A reasonableness check is a data validation edit and control, used to ensure that data
conforms to predetermined criteriA.
A. A hash total is a total of any numeric data field or series of data elements in a data file. This total is checked against a control total of the same field or fields to ensure completeness of processing.
B. Online access controls are designed to prevent unauthorized access to the system and
C. Before and after image reporting is a control over data files that makes it possible to trace changes.
Flydumps Isaca CISA practice test is the best training materials. If you are an IT staff, it will be your indispensable training materials. Do not take your future betting on tomorrow. Flydumps Isaca CISA practice test are absolutely trustworthy. We are dedicated to provide the materials to the world of the candidates who want to participate in IT exam. To get the Isaca https://www.pass4itsure.com/CISA.html exam certification is the goal of many IT people & Network professionals. The pass rate of Flydumps is incredibly high. We are committed to your success.