• Home
  • Articles
  • Use ISACA CISA Dumps To Succeed Instantly in CISA Exam [Q86-Q103]

Use ISACA CISA Dumps To Succeed Instantly in CISA Exam [Q86-Q103]

Share

Use ISACA CISA Dumps To Succeed Instantly in CISA Exam

Ultimate Guide to CISA Dumps - Enhance Your Future Career Now


To become a CISA certified professional, candidates must pass the CISA exam. The CISA exam is a rigorous four-hour exam that consists of 150 multiple choice questions. CISA exam is designed to test the candidate’s knowledge and understanding of IT audit processes, principles, and practices. CISA exam covers five domains, including auditing information systems, governance and management of IT, information systems acquisition, development and implementation, information systems operations, maintenance and service management and protection of information assets.


Format of ISACA CISA certification exam:

The CISA certification program has the following areas of functions:

  • Financial Information Systems
  • Standard Business Environment and Concepts
  • Apply business processes to technology strategy, design, development, management, administration, and operations.
  • Enterprise Risk Management

 

NEW QUESTION # 86
Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

  • A. Rotating backup copies of transaction files off site
  • B. Ensuring bisynchronous capabilities on all transmission lines
  • C. Using a database management system (DBMS) to dynamically back-out partially processed transactions
  • D. Maintaining system console logs in electronic format

Answer: B


NEW QUESTION # 87
Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?

  • A. Project portfolio database
  • B. Program organization
  • C. Project database
  • D. Policy documents

Answer: A

Explanation:
Explanation/Reference:
Explanation:
A project portfolio database is the basis for project portfolio management. It includes project data, such as owner, schedules, objectives, project type, status and cost. Project portfolio management requires specific project portfolio reports. A project database may contain the above for one specific project and updates to various parameters pertaining to the current status of that single project. Policy documents on project management set direction for the design, development, implementation and monitoring of the project.
Program organization is the team required (steering committee, quality assurance, systems personnel, analyst, programmer, hardware support, etc.) to meet the delivery objective of the project.


NEW QUESTION # 88
What IS the GREATEST concern for an IS auditor reviewing contracts tor licensed software tut executes a critical business process?

  • A. Several vendor deliverables missed the commitment date
  • B. The contract does not contain a right-audit clause
  • C. Software escrow was not negotiated
  • D. An operational level agreement (OLA) was not negotiated

Answer: C


NEW QUESTION # 89
When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

  • A. do not allow any emergency changes.
  • B. allow programmers permanent access to production programs.
  • C. allow changes, which will be completed using after-the-fact follow-up.
  • D. allow undocumented changes directly to the production library.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
There may be situations where emergency fixes are required to resolve system problems. This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-the- fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted.
Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs.


NEW QUESTION # 90
Which of the following is a detective control?

  • A. Verification of hash totals
  • B. Use of pass cards to gain access to physical facilities
  • C. Programmed edit checks tor data entry
  • D. Backup procedures

Answer: C


NEW QUESTION # 91
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:

  • A. compute the amortization of the related assets.
  • B. spend the time needed to define exactly the loss amount.
  • C. calculate a return on investment (ROI).
  • D. apply a qualitative approach.

Answer: D

Explanation:
The common practice, when it is difficult to calculate the financial losses, is to take a qualitative approach, in which the manager affected by the risk defines the financial loss in terms of a weighted factor {e.g., one is a very low impact to thebusiness and five is a very high impact). An ROI is computed when there is predictable savings or revenues that can be compared to the investment needed to realize the revenues. Amortization is used in a profit and loss statement, not in computing potential losses. Spending the time needed to define exactly the total amount is normally a wrong approach. If it has been difficult to estimate potential losses (e.g., losses derived from erosion of public image due to a hack attack), that situation is not likely to change, and at the end of the day, the result will be a not well-supported evaluation.


NEW QUESTION # 92
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

  • A. Preparedness test
  • B. Post test
  • C. Walkthrough
  • D. Paper test

Answer: A

Explanation:
A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third-party systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.


NEW QUESTION # 93
Which of the following ACID property ensures that transaction will bring the database from one valid state
to another?

  • A. Durability
  • B. Consistency
  • C. Atomicity
  • D. Isolation

Answer: B

Explanation:
Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
Consistency - The consistency property ensures that any transaction will bring the database from one valid
state to another. Any data written to the database must be valid according to all defined rules, including but
not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee
correctness of the transaction in all ways the application programmer might have wanted (that is the
responsibility of application-level code) but merely that any programming errors do not violate any defined
rules.
For CISA exam you should know below information about ACID properties in DBMS:
Atomicity - Atomicity requires that each transaction is "all or nothing": if one part of the transaction fails, the
entire transaction fails, and the database state is left unchanged. An atomic system must guarantee
atomicity in each and every situation, including power failures, errors, and crashes. To the outside world, a
committed transaction appears (by its effects on the database) to be indivisible ("atomic"), and an aborted
transaction does not happen.
Consistency - The consistency property ensures that any transaction will bring the database from one valid
state to another. Any data written to the database must be valid according to all defined rules, including but
not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee
correctness of the transaction in all ways the application programmer might have wanted (that is the
responsibility of application-level code) but merely that any programming errors do not violate any defined
rules.
Isolation - The isolation property ensures that the concurrent execution of transactions results in a system
state that would be obtained if transactions were executed serially, i.e. one after the other. Providing
isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of
an incomplete transaction might not even be visible to another transaction.[citation needed]
Durability - Durability means that once a transaction has been committed, it will remain so, even in the
event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL
statements execute, the results need to be stored permanently (even if the database crashes immediately
thereafter). To defend against power loss, transactions (or their effects) must be recorded in a non-volatile
memory.
The following were incorrect answers:
Atomicity - Atomicity requires that each transaction is "all or nothing": if one part of the transaction fails, the
entire transaction fails, and the database state is left unchanged.
Isolation - The isolation property ensures that the concurrent execution of transactions results in a system
state that would be obtained if transactions were executed serially, i.e. one after the other.
Durability - Durability means that once a transaction has been committed, it will remain so, even in the
event of power loss, crashes, or errors.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 218


NEW QUESTION # 94
Which of the following procedures would BEST contribute to the reliability of information in a data warehouse?

  • A. Storing only a single type of data
  • B. Retaining only current data.
  • C. Maintain archive data
  • D. Maintaining current metadata

Answer: D


NEW QUESTION # 95
Which of the following provides the BEST evidence of an organization's disaster recovery readiness?

  • A. Processes for maintaining the disaster recovery plan
  • B. A disaster recovery plan
  • C. Results of tests and drills
  • D. Customer references for the alternate site provider

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Plans are important, but mere plans do not provide reasonable assurance unless tested. References for the alternate site provider and the existence and maintenance of a disaster recovery plan are important, but only tests and drills demonstrate the adequacy of the plans and provide reasonable assurance of an organization's disaster recovery readiness.


NEW QUESTION # 96
Which of the following layer of an enterprise data flow architecture represents subset of information from the core Data Warehouse selected and organized to meet the needs of a particular business unit or business line?

  • A. Desktop Access Layer
  • B. Data preparation layer
  • C. Data Mart layer
  • D. Data access layer

Answer: C

Explanation:
Explanation/Reference:
Data Mart layer - Data mart represents subset of information from the core Data Warehouse selected and organized to meet the needs of a particular business unit or business line. Data mart can be relational databases or some form on-line analytical processing (OLAP) data structure.
For CISA exam you should know below information about business intelligence:
Business intelligence(BI) is a broad field of IT encompasses the collection and analysis of information to assist decision making and assess organizational performance. To deliver effective BI, organizations need to design and implement a data architecture. The complete data architecture consists of two components The enterprise data flow architecture (EDFA) A logical data architecture
Various layers/components of this data flow architecture are as follows:
Presentation/desktop access layer - This is where end users directly deal with information. This layer includes familiar desktop tools such as spreadsheets, direct querying tools, reporting and analysis suits offered by vendors such as Congas and business objects, and purpose built application such as balanced source cards and digital dashboards.
Data Source Layer - Enterprise information derives from number of sources:
Operational data - Data captured and maintained by an organization's existing systems, and usually held in system-specific database or flat files.
External Data - Data provided to an organization by external sources. This could include data such as customer demographic and market share information.
Nonoperational data - Information needed by end user that is not currently maintained in a computer accessible format.
Core data warehouse -This is where all the data of interest to an organization is captured and organized to assist reporting and analysis. DWs are normally instituted as large relational databases. A property constituted DW should support three basic form of an inquiry.
Drilling up and drilling down - Using dimension of interest to the business, it should be possible to aggregate data as well as drill down. Attributes available at the more granular levels of the warehouse can also be used to refine the analysis.
Drill across - Use common attributes to access a cross section of information in the warehouse such as sum sales across all product lines by customer and group of customers according to length of association with the company.
Historical Analysis - The warehouse should support this by holding historical, time variant data. An example of historical analysis would be to report monthly store sales and then repeat the analysis using only customer who were preexisting at the start of the year in order to separate the effective new customer from the ability to generate repeat business with existing customers.
Data Mart Layer- Data mart represents subset of information from the core DW selected and organized to meet the needs of a particular business unit or business line. Data mart can be relational databases or some form on-line analytical processing (OLAP) data structure.
Data Staging and quality layer -This layer is responsible for data copying, transformation into DW format and quality control. It is particularly important that only reliable data into core DW. This layer needs to be able to deal with problems periodically thrown by operational systems such as change to account number format and reuse of old accounts and customer numbers.
Data Access Layer -This layer operates to connect the data storage and quality layer with data stores in the data source layer and, in the process, avoiding the need to know to know exactly how these data stores are organized. Technology now permits SQL access to data even if it is not stored in a relational database.
Data Preparation layer -This layer is concerned with the assembly and preparation of data for loading into data marts. The usual practice is to per-calculate the values that are loaded into OLAP data repositories to increase access speed. Data mining is concern with exploring large volume of data to determine patterns and trends of information. Data mining often identifies patterns that are counterintuitive due to number and complexity of data relationships. Data quality needs to be very high to not corrupt the result.
Metadata repository layer - Metadata are data about data. The information held in metadata layer needs to extend beyond data structure names and formats to provide detail on business purpose and context. The metadata layer should be comprehensive in scope, covering data as they flow between the various layers, including documenting transformation and validation rules.
Warehouse Management Layer -The function of this layer is the scheduling of the tasks necessary to build and maintain the DW and populate data marts. This layer is also involved in administration of security.
Application messaging layer -This layer is concerned with transporting information between the various layers. In addition to business data, this layer encompasses generation, storage and targeted communication of control messages.
Internet/Intranet layer - This layer is concerned with basic data communication. Included here are browser based user interface and TCP/IP networking.
Various analysis models used by data architects/ analysis follows:
Activity or swim-lane diagram - De-construct business processes.
Entity relationship diagram -Depict data entities and how they relate. These data analysis methods obviously play an important part in developing an enterprise data model. However, it is also crucial that knowledgeable business operative are involved in the process. This way proper understanding can be obtained of the business purpose and context of the data. This also mitigates the risk of replication of suboptimal data configuration from existing systems and database into DW.
The following were incorrect answers:
Desktop access layer or presentation layer is where end users directly deal with information. This layer includes familiar desktop tools such as spreadsheets, direct querying tools, reporting and analysis suits offered by vendors such as Congas and business objects, and purpose built application such as balanced source cards and digital dashboards.
Data preparation layer -This layer is concerned with the assembly and preparation of data for loading into data marts. The usual practice is to per-calculate the values that are loaded into OLAP data repositories to increase access speed.
Data access layer - his layer operates to connect the data storage and quality layer with data stores in the data source layer and, in the process, avoiding the need to know to know exactly how these data stores are organized. Technology now permits SQL access to data even if it is not stored in a relational database.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 188


NEW QUESTION # 97
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long.
Which of the following could be caused by the length of the cable?

  • A. Electromagnetic interference (EMI)
  • B. Attenuation
  • C. Dispersion
  • D. Cross-talk

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Attenuation is the weakening of signals during transmission. When the signal becomes weak, it begins to
read a 1 for a 0, and the user may experience communication problems. UTP faces attenuation around 100
meters. Electromagnetic interference (EMl) is caused by outside electromagnetic waves affecting the
desired signals, which is not the case here. Cross-talk has nothing to do with the length of the UTP cable.


NEW QUESTION # 98
During a database security audit, an IS auditor is reviewing the process used to upload source data Which of the following is the MOST significant risk area for the auditor to focus on?

  • A. Data resilience
  • B. Data normalization
  • C. Data integrity
  • D. Data sensitivity

Answer: C


NEW QUESTION # 99
A poor choice of passwords and transmission over unprotected communications lines are examples of:

  • A. threats.
  • B. probabilities.
  • C. vulnerabilities.
  • D. impacts.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Vulnerabilities represent characteristics of information resources that may be exploited by a threat. Threats are circumstances or events with the potential to cause harm to information resources. Probabilities represent the likelihood of the occurrence of a threat, while impacts represent the outcome or result of a threat exploiting a vulnerability.


NEW QUESTION # 100
Which of the following penetration tests would MOST effectively evaluate incident handling and response
capabilities of an organization?

  • A. Double-blind testing
  • B. internal testing
  • C. External testing
  • D. Targeted testing

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
In a double-blind test, the administrator and security staff are not aware of the test, which will result in an
assessment of the incident handling and response capability in an organization. In targeted, external, and
internal testing, the system administrator and security staff are aware of the tests since they are informed
before the start of the tests.


NEW QUESTION # 101
As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (B1A)?

  • A. Recovery scenarios
  • B. Completeness of critical asset inventory
  • C. Risk appetite
  • D. Critical applications m the cloud

Answer: B


NEW QUESTION # 102
The purpose of code signing is to provide assurance that:

  • A. the private key of the signer has not been compromised.
  • B. the application can safely interface with another signed application.
  • C. the signer of the application is trusted.
  • D. the software has not been subsequently modified.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation:
Code signing can only ensure that the executable code has not been modified after being signed. The other choices are incorrect and actually represent potential and exploitable weaknesses of code signing.


NEW QUESTION # 103
......

ISACA Dumps - Learn How To Deal With The Exam Anxiety: https://actual4test.torrentvce.com/CISA-valid-vce-collection.html

Related Articles

more
ISACA CISA Certification Practice Exam

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

To help our candidate solve the difficulty in Real Exam, we prepared the Most Reliable Valid Study Torrent for the Exam Preparation. Our aim is help our candidates realize their ability by practicing our Updated Practice Torrent.

Copyright © 2026 TorrentVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy