REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 

Napoleon

Antonio

 
 

 

Braindumps of CISA
Isaca CISA

Exam Questions, Answers, Braindumps (CISA)

All the questions were from www.4exam.com study material. I got 90 % marks. That’s sufficient for me. I am satisfied with it. I hereby submit some questions.

Question No 1
IS management has decided to rewrite a legacy customer relations system using fourth- generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations
Answer: D
Explanation:
4GLs are usually not suitable for data intensive operations. Instead, they are used mainly for graphic user interface (GUI) design or as simple query/report generators.
Incorrect answers:
A,B. Screen/report design facilities are one of the main advantages of
4GLs, and 4GLs have simple programming language subsets.
C. Portability is also one of the main advantages of 4GLs.
Question No 2
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques
Answer: A
Explanation:
A neural network will monitor and learn patterns, reporting exceptions for investigation.
Incorrect answers:
B. Database management software is a method of storing and retrieving data.
C. Management information systems provide management statistics but do not normally have a monitoring and detection function.
D. Computer-assisted audit techniques detect specific situations, but are not intended to learn patterns and detect abnormalities.
Question No 3
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:
A. duplicate check.
B. table lookup.
C. validity check.
D. parity check.
Answer: D
Explanation:
A parity check will help to detect data errors when data are read from memory or communicated from one computer to another. A one-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is odd or even. When the parity bit disagrees with the sum of the other bits, an error report is generated.
Incorrect answers:
Choices A, B and C are types of data validation and editing controls.
Question No 4
For which of the following applications would rapid recovery be MOST crucial?
A. Point-of-sale system
B. Corporate planning
C. Regulatory reporting
D. Departmental chargeback
Answer: A
Explanation:
A point-of-sale system is a critical online system that when inoperable will jeopardize the ability of Abc .com to generate revenue and track inventory properly.
Question No 5
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manual.
B. performance of a comprehensive security control review by the IS auditor.
C. adoption of a corporate information security policy statement.
D. purchase of security access control software.
Answer: C
Explanation:
A policy statement reflects the intent and support provided by executive management for proper security and establishes a starting point for developing the security program.
Question No 6
A malicious code that changes itself with each file it infects is called a:
A. logic bomb.
B. stealth virus.
C. trojan horse.
D. polymorphic virus.
Answer: D
Explanation:
A polymorphic virus has the capability of changing its own code, enabling it to have many different variants. Since they have no consistent binary pattern, such viruses are hard to identify.
Incorrect answers:
A. A logic bomb is code that is hidden in a program or system which will cause something to happen when the user performs a certain action or when certain conditions are met. A logic bomb, which can be downloaded along with a corrupted shareware or freeware program, may destroy data, violate system security, or erase the hard drive.
B. A stealth virus is a virus that hides itself by intercepting disk access requests. When an antivirus program tries to read files or boot sectors to find the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
C. A trojan horse is a virus program that appears to be useful and harmless but which has harmful side effects such as destroying data or breaking the security of the system on which it is run.
Question No 7
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
A. Paper test
B. Post test
C. Preparedness test
D. Walk-through
Answer: C
Explanation:
A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments.
Incorrect answers:
A. A paper test is a walkthrough of the plan, involving major players in the plan's execution who attempt to determine what might happen in a particular type of service disruption. A paper test usually precedes the preparedness test.
B. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems.
D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
Question No 8
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test
Answer: B
Explanation:
A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for the disaster recovery.
Incorrect answers:
A. A full operational test is conducted after the paper and preparedness test.
C. A paper test is a structured walkthrough of the DRP and should be conducted before a preparedness test.
D. A regression test is not a DRP test and is used in software maintenance.
Question No 9
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?
A. Relocate the shut off switch.
B. Install protective covers.
C. Escort visitors.
D. Log environmental failures.
Answer: B
Explanation:
A protective cover over the switch would allow it to be accessible and visible, but would prevent accidental activation.
Incorrect Answers:
A. Relocating the shut off switch would defeat the purpose of having it readily accessible.
C. Escorting the personnel moving the equipment may not have prevented this incident.
D. Logging of environmental failures would provide management with a report of incidents, but reporting alone would not prevent a reoccurrence.
Question No 10
Abc .com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements.
Answer: B
Explanation:
A quality plan is an essential element of all projects. It is critical that the contracted supplier be required to produce such a plan. The quality plan for the proposed development contract should be comprehensive and encompass all phases of the development and include which business functions will be included and when. Acceptance is normally managed by the user area, since they must be satisfied that the new system will meet their requirements. If the system is large, a phased-in approach to implementing the application is a reasonable approach. Prototyping is a valid method of ensuring that the system will meet business requirements.

CISA


 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend