Free ISACA CISA Übungsprüfungen - Seite 55 von 55

Question #541

When an intrusion into an organization network is deleted, which of the following should be done FIRST?

A . Block all compromised network nodes.
B . Contact law enforcement.
C . Notify senior management.
D . Identity nodes that have been compromised.

Question #542

Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

A . Limit check
B . Parity check
C . Reasonableness check
D . Validity check

Lösung einblenden Lösung ausblenden

Question #543

Which of the following technologies BEST assists in protection of digital evidence as part of forensic investigation acquisition?

A . Hardware-based media write blocker
B . Data encryption
C . Differential backups
D . Source media sanitization

Lösung einblenden Lösung ausblenden

Question #544

An organization has virtualized its server environment without making any other changes to the network or security infrastructure.

Which of the following is the MOST significant risk?

A . Inability of the network intrusion detection system (IDS) to monitor virtual server-lo-server communications
B . Vulnerability in the virtualization platform affecting multiple hosts
C . Data center environmental controls not aligning with new configuration
D . System documentation not being updated to reflect changes in the environment

Lösung einblenden Lösung ausblenden

Question #545

A project team has decided to switch to an agile approach to develop a replacement for an existing business application.

Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?

A . Compare the agile process with previous methodology.
B . Identify and assess existing agile process control
C . Understand the specific agile methodology that will be followed.
D . Interview business process owners to compile a list of business requirements

Lösung einblenden Lösung ausblenden

Question #546

Which of the following is MOST important when planning a network audit?

A . Determination of IP range in use
B . Analysis of traffic content
C . Isolation of rogue access points
D . Identification of existing nodes

Lösung einblenden Lösung ausblenden

Question #547

Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation of a new system?

A . Comparing code between old and new systems
B . Running historical transactions through the new system
C . Reviewing quality assurance (QA) procedures
D . Loading balance and transaction data to the new system

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

The most assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system can be obtained by running historical transactions through the new system. Historical transactions are transactions that have been processed and recorded by the old system in the past. Running historical transactions through the new system can provide the most assurance over the completeness and accuracy of loan application processing, by comparing the results and outputs of the new system with those of the old system, and verifying whether they match or differ. This can help identify and resolve any errors or issues that may arise from the new system, such as data conversion, functionality, compatibility, etc. Comparing code between old and new systems is a possible way to obtain some assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system, but it is not the most effective one. Code is a set of instructions or commands that define how a system operates or functions. Comparing code between old and new systems can provide some assurance over the completeness and accuracy of loan application processing, by checking whether the logic, algorithms, or functions of the new system are consistent or equivalent with those of the old system. However, this may not be sufficient or reliable, as code may not reflect the actual performance or outcomes of the system, and may not detect any errors or issues that may occur at the data or user level. Reviewing quality assurance (QA) procedures is a possible way to obtain some assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system, but it is not the most effective one. QA procedures are steps or activities that ensure that a system meets its quality standards and requirements, such as testing, verification, validation, etc. Reviewing QA procedures can provide some assurance over the completeness and accuracy of loan application processing, by evaluating whether the new system has been properly tested and verified before implementation. However, this may not be adequate or accurate, as QA procedures may not cover all aspects or scenarios of loan application processing, and may not reveal any errors or issues that may arise after implementation. Loading balance and transaction data to the new system is a possible way to obtain some assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system, but it is not the most effective one. Balance and transaction data are data that reflect the status and history of loan applications in a system, such as amounts, dates, payments, etc. Loading balance and transaction data to the new system can provide some assurance over the completeness and accuracy of loan application processing, by transferring data from the old system to the new system and ensuring that they are consistent and correct. However, this may not be enough or valid, as balance and transaction data may not represent all aspects or features of loan application processing, and may not indicate any errors or issues that may arise

Question #548

A small IT department has embraced DevOps, which allows members of this group to deploy code to production and maintain some development access to automate releases.

Which of the following is the MOST effective control?

A . Enforce approval prior to deployment by a member of the team who has not taken part in the development.
B . The DevOps team provides an annual policy acknowledgment that they did not develop and deploy the same code.
C . Annual training reinforces the need to maintain segregation between developers and deployers of code
D . The IT compliance manager performs weekly reviews to ensure the same person did not develop and deploy code.

Lösung einblenden Lösung ausblenden