Jul 2016 updated: Actualtests Isaca CISA pdf exam 281-290

Proper study guides for Refresh Isaca Isaca CISA certified begins with Isaca CISA preparation products which designed to deliver the Vivid CISA questions by making you pass the CISA test at your first time. Try the free CISA demo right now.

2016 Jul CISA Study Guide Questions:

Q281. – (Topic 1) 

An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated datA. True or false? 

A. True 

B. False 

Answer: B 

Explanation: An integrated test facility is considered a useful audit tool because it compares processing output with independently calculated datA. 

Q282. – (Topic 1) 

Whenever an application is modified, what should be tested to determine the full impact of the change? Choose the BEST answer. 

A. Interface systems with other applications or systems 

B. The entire program, including any interface systems with other applications or systems 

C. All programs, including interface systems with other applications or systems 

D. Mission-critical functions and any interface systems with other applications or systems 

Answer: B 

Explanation: Whenever an application is modified, the entire program, including any interface systems with other applications or systems, should be tested to determine the full impact of the change. 

Q283. – (Topic 3) 

Which of the following is a mechanism for mitigating risks? 

A. Security and control practices 

B. Property and liability insurance 

C. Audit and certification 

D. Contracts and service level agreements (SLAs) 

Answer: A 

Explanation: 

Risks are mitigated by implementing appropriate security and control practices. Insurance is a mechanism for transferring risk. Audit and certification are mechanisms of risk assurance, while contracts and SLAs are mechanisms of risk allocation. 

CISA  free question

Rebirth CISA actual test:

Q284. – (Topic 1) 

______________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a ______________ risk assessment is more appropriate. Fill in the blanks. 

A. Quantitative; qualitative 

B. Qualitative; quantitative 

C. Residual; subjective 

D. Quantitative; subjective 

Answer: A 

Explanation: Quantitative risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a qualitative risk assessment is more appropriate. 

Q285. – (Topic 1) 

Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false? 

A. True 

B. False 

Answer: A 

Explanation: Proper segregation of duties does not prohibit a quality-control administrator from also being responsible for change control and problem management. 

Q286. – (Topic 1) 

A hub is a device that connects: 

A. two LANs using different protocols. 

B. a LAN with a WAN. 

C. a LAN with a metropolitan area network (MAN). 

D. two segments of a single LAN. 

Answer: D 

Explanation: 

A hub is a device that connects two segments of a single LAN. A hub is a repeater. It provides transparent connectivity to users on all segments of the same LAN. It is a level 1 device. 

certleader.com

High value CISA faq:

Q287. – (Topic 2) 

When developing a risk-based audit strategy, an IS auditor should conduct a risk 

assessment to ensure that: 

A. controls needed to mitigate risks are in place. 

B. vulnerabilities and threats are identified. 

C. audit risks are considered. 

D. a gap analysis is appropriate. 

Answer: B 

Explanation: 

In developing a risk-based audit strategy, it is critical that the risks and vulnerabilities be understood. This will determine the areas to be audited and the extent of coverage. Understanding whether appropriate controls required to mitigate risksare in place is a resultant effect of an audit. Audit risks are inherent aspects of auditing, are directly related to the audit process and are not relevant to the risk analysis of the environment to be audited. A gap analysis would normally be doneto compare the actual state to an expected or desirable state. 

Q288. – (Topic 2) 

Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation? 

A. Reviewing a report of security rights in the system 

B. Reviewing the complexities of authorization objects 

C. Building a program to identify conflicts in authorization 

D. Examining recent access rights violation cases 

Answer: C 

Explanation: 

Since the objective is to identify violations in segregation of duties, it is necessary to define the logic that will identify conflicts in authorization. A program could be developed to identify these conflicts. A report of security rights in the enterprise resource planning (ERP) system would be voluminous and time consuming to review; therefore, this technique is not as effective as building a program. As complexities increase, it becomes more difficult to verify the effectiveness of the systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review recent access rights violation cases; however, it may require a significant amount of time to truly identify which violations actually resulted froman inappropriate segregation of duties. 

Q289. – (Topic 1) 

Which of the following is a good control for protecting confidential data residing on a PC? 

A. Personal firewall 

B. File encapsulation 

C. File encryption 

D. Host-based intrusion detection 

Answer: C 

Explanation: File encryption is a good control for protecting confidential data residing on a PC. 

Q290. – (Topic 2) 

Which of the following is the PRIMARY advantage of using computer forensic software for investigations? 

A. The preservation of the chain of custody for electronic evidence 

B. Time and cost savings 

C. Efficiency and effectiveness 

D. Ability to search for violations of intellectual property rights 

Answer: A 

Explanation: 

The primary objective of forensic software is to preserve electronic evidence to meet the rules of evidence. Choice B, time and cost savings, and choice C, efficiency and effectiveness, are legitimate concerns that differentiate good from poor forensic software packages. Choice D, the ability to search for intellectual property rights violations, is an example of a use of forensic software. 

About CISA Information: CISA Dumps

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.