CertBus 2021 Valid Isaca CISA CISA Certification Exam VCE and PDF Dumps for Free Download!
☆ CISA CISA Certification Exam PDF and VCE Dumps : 3107QAs Instant Download: https://www.certbus.com/cisa.html [100% CISA Exam Pass Guaranteed or Money Refund!!]
☆ Free view online pdf on CertBus free test CISA PDF: https://www.certbus.com/online-pdf/cisa.pdf
☆ CertBus 2021 Valid CISA CISA Certification exam Question PDF Free Download from Google Drive Share: https://drive.google.com/file/d/0B_3QX8HGRR1mcnNia0RWWVpaVkE/view?usp=sharing
Following CISA 3107QAs are all new published by Isaca Official Exam Center
How to pass Newest CISA vce exam easily with less time? CertBus provides the most valid Latest CISA pdf dumps exam preparation material to boost your success rate in Isaca CISA Certification Feb 27,2021 Hotest CISA QAs Certified Information Systems Auditor exam. If you are one of the successful candidates with CertBus Hotest CISA QAs PDF and VCEs, do not hesitate to share your reviews on our Isaca CISA Certification materials.
reliable CISA certification exams preparation – latest braindumps at CertBus. CertBus exam guide: pass the CISA exam on your first attempt! CertBus – latest update source for all CISA certification exams. CertBus provides you the easiest way to pass your CISA certification exam. pass CISA certification exam with CertBus braindumps!
We CertBus has our own expert team. They selected and published the latest CISA preparation materials from Isaca Official Exam-Center: https://www.certbus.com/cisa.html
. If an IS auditor observes that individual modules of a system perform correctly in
development project tests, the auditor should inform management of the positive results
and recommend further:
A. Documentation development
B. Comprehensive integration testing
C. Full unit testing
D. Full regression testing
Correct Answer: B
If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further comprehensive integration testing.
While planning an audit, an assessment of risk should be made to provide:
A. reasonable assurance that the audit will cover material items.
B. definite assurance that material items will be covered during the audit work.
C. reasonable assurance that all items will be covered by the audit.
D. sufficient assurance that all items will be covered during the audit work.
Correct Answer: A
Explanation: The ISACA IS Auditing Guideline G15 on planning the IS audit states, \’An assessment of risk should be made to provide reasonable assurance that material items will be adequately covered during the audit work. This assessment should identify areas with a relatively high risk of the existence of material problems.\’ Definite assurance that material items will be covered during the audit work is an impractical proposition. Reasonable assurance that all items will be covered during the audit work is not the correct answer, as material items need to be covered, not all items.
An IS auditor performing a review of an application\’s controls would evaluate the:
A. efficiency of the application in meeting the business processes.
B. impact of any exposures discovered.
C. business processes served by the application.
D. application\’s optimization.
Correct Answer: B
Explanation: An application control review involves the evaluation of the application\’s automated
controls and an assessment of any exposures resulting from the control weaknesses. The
other choices may be objectives of an application audit but are not part of anaudit restricted to a review of controls.
The ultimate purpose of IT governance is to:
A. encourage optimal use of IT.
B. reduce IT costs.
C. decentralize IT resources across the organization.
D. centralize control of IT.
Correct Answer: A
Explanation: IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact.
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?
A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development
Correct Answer: B
Explanation: A PERT chart will help determine project duration once all the activities and the work involved with those activities are known. Function point analysis is a technique for determining the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries, logical internal files, etc. While this will help determine the size of individual activities, it will not assist in determining project duration since there are many overlapping tasks. Rapid application development is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality, while object-oriented system development is the process of solution specification and modeling.
During the system testing phase of an application development project the IS auditor should review the:
A. conceptual design specifications.
B. vendor contract.
C. error reports.
D. program change requests.
Correct Answer: C
Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in recognizing erroneous data and review the procedures for resolving errors. Aconceptual design specification is a document prepared during the requirements definition phase. A vendor contract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase.
An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
A. correlation of semantic characteristics of the data migrated between the two systems.
B. correlation of arithmetic characteristics of the data migrated between the two systems.
C. correlation of functional characteristics of the processes between the two systems.
D. relative efficiency of the processes between the two systems.
Correct Answer: A
Due to the fact that the two systems could have a different data representation, including the database schema, the IS auditor\’s main concern should be to verify that the interpretation of the data is the same in the new as it was in the old system. Arithmetic characteristics represent aspects of data structure and internal definition in the database, and therefore are less important than the semantic characteristics. A review of the correlation of the functional characteristics or a review of the relative efficiencies of the processes between the two systems is not relevant to a data migration review.
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
A. a firewall exists.
B. a secure web connection is used.
C. the source of the executable file is certain.
D. the host web site is part of the organization.
Correct Answer: C
Acceptance of these mechanisms should be based on established trust. The control is provided by only knowing the source and then allowing the acceptance of the applets. Hostile applets can be received from anywhere. It is virtually impossible at thistime to filter at this level. A secure web connection or firewall is considered an external defense. A firewall will find it more difficult to filter a specific file from a trusted source. A secure web connection provides confidentiality. Neither asecure web connection nor a firewall can identify an executable file as friendly. Hosting the web site as part of the organization is impractical. Enabling the acceptance of Java applets and/or Active X controls is an allor-nothing proposition. Theclient will accept the program if the parameters are established to do so.
Reverse proxy technology for web servers should be deployed if:
A. http servers\’ addresses must be hidden.
B. accelerated access to all published pages is required.
C. caching is needed for fault tolerance.
D. bandwidth to the user is limited.
Correct Answer: A
Reverse proxies are primarily designed to hide physical and logical internal structures from outside access. Complete URLs or URIs can be partially or completely redirected without disclosing which internal or DMZ server is providing the requested datA. This technology might be used if a trade-off between security, performance and costs has to be achieved. Proxy servers cache some data but normally cannot cache all pages to be published because this depends on the kind of information the web servers provide. The ability to accelerate access depends on the speed of the back-end servers, i.e., those that are cached. Thus, without making further assumptions, a gain in speed cannot be assured, but visualization and hiding of internal structures can. If speed is an issue, a scale-out approach (avoiding adding additional delays by passing firewalls, involving more servers, etc.) would be a better solution. Due to the limited caching option, reverse proxies are not suitable for enhancing fault tolerance. User requests that are handled by reverse proxy servers are using exactly the same bandwidth as direct requests to the hosts providing the data.
In an online banking application, which of the following would BEST protect against identity theft?
A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs
Correct Answer: C
Two-factor authentication requires two independent methods for establishing identity and privileges. Factors include something you know, such as a password; something you have, such as a token; and something you are, which is biometric. Requiring twoof these factors makes identity theft more difficult. A password could be guessed or broken. Restricting the user to a specific terminal is not a practical alternative for an online application. Periodic review of access logs is a detective controland does not protect against identity theft.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the CISA exam successfully with our Isaca materials. CertBus Certified Information Systems Auditor exam PDF and VCE are the latest and most accurate. We have the best Isaca in our team to make sure CertBus Certified Information Systems Auditor exam questions and answers are the most valid. CertBus exam Certified Information Systems Auditor exam dumps will help you to be the Isaca specialist, clear your CISA exam and get the final success.
CISA Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mcnNia0RWWVpaVkE/view?usp=sharing
CISA Isaca exam dumps (100% Pass Guaranteed) from CertBus: https://www.certbus.com/cisa.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.