CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 234
1. An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
A) correlation of semantic characteristics of the data migrated between the two systems.
B) correlation of arithmetic characteristics of the data migrated between the two systems.
C) correlation of functional characteristics of the processes between the two systems.
D) relative efficiency of the processes between the two systems.
2. The reason a certification and accreditation process is performed on critical systems is to ensure that:
A) security compliance has been technically evaluated.
B) data have been encrypted and are ready to be stored.
C) the systems have been tested to run on different platforms.
D) the systems have followed the phases of a waterfall model.
3. During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:
A) review access control configuration
B) evaluate interface testing.
C) review detailed design documentation.
D) evaluate system testing.
4. During an application audit, an IS auditor finds several problems related to corrupted data in the database. Which of the following is a corrective control that the IS auditor should recommend?
A) implement data backup and recovery procedures.
B) Define standards and closely monitor for compliance.
C) Ensure that only authorized personnel can update the database.
D) Establish controls to handle concurrent access problems.
5. An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?
A) Log all table update transactions.
B) implement before-and-after image reporting.
C) Use tracing and tagging.
D) implement integrity constraints in the database.
A) correlation of semantic characteristics of the data migrated between the two systems.
B) correlation of arithmetic characteristics of the data migrated between the two systems.
C) correlation of functional characteristics of the processes between the two systems.
D) relative efficiency of the processes between the two systems.
2. The reason a certification and accreditation process is performed on critical systems is to ensure that:
A) security compliance has been technically evaluated.
B) data have been encrypted and are ready to be stored.
C) the systems have been tested to run on different platforms.
D) the systems have followed the phases of a waterfall model.
3. During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:
A) review access control configuration
B) evaluate interface testing.
C) review detailed design documentation.
D) evaluate system testing.
4. During an application audit, an IS auditor finds several problems related to corrupted data in the database. Which of the following is a corrective control that the IS auditor should recommend?
A) implement data backup and recovery procedures.
B) Define standards and closely monitor for compliance.
C) Ensure that only authorized personnel can update the database.
D) Establish controls to handle concurrent access problems.
5. An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?
A) Log all table update transactions.
B) implement before-and-after image reporting.
C) Use tracing and tagging.
D) implement integrity constraints in the database.
1. Right Answer: A
Explanation: Due to the fact that the two systems could have a different data representation, including the database schema, the IS auditor's main concern should be to verify that the interpretation of the data is the same in the new as it was in the old system. Arithmetic characteristics represent aspects of data structure and internal definition in the database, and therefore are less important than the semantic characteristics. A review of the correlation of the functional characteristics or a review of the relative efficiencies of the processes between the two systems is not relevant to a data migration review.
2. Right Answer: A
Explanation: Certified and accredited systems are systems that have had their security compliance technically evaluated for running on a specific production server. Choice B is incorrect because not all data of certified systems are encrypted. Choice C is incorrect because certified systems are evaluated to run in a specific environment.A waterfall model is a software development methodology and not a reason for performing a certification and accrediting process.
3. Right Answer: A
Explanation: Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, one would not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.
4. Right Answer: A
Explanation: Implementing data backup and recovery procedure is a corrective control, because backup and recovery procedures can be used to roll back database errors.Defining or establishing standards is a preventive control, while monitoring for compliance is a detective control. Ensuring that only authorized personnel can update the database is a preventive control. Establishing controls to handle concurrent access problems is also a preventive control.
5. Right Answer: D
Explanation: Implementing integrity constraints in the database is a preventive control, because data is checked against predefined tables or rules preventing any undefined data from being entered. Logging all table update transactions and implementing before-and-after image reporting are detective controls that would not avoid the situation. Tracing and tagging are used to test application systems and controls and could not prevent out-of-range data.
Explanation: Due to the fact that the two systems could have a different data representation, including the database schema, the IS auditor's main concern should be to verify that the interpretation of the data is the same in the new as it was in the old system. Arithmetic characteristics represent aspects of data structure and internal definition in the database, and therefore are less important than the semantic characteristics. A review of the correlation of the functional characteristics or a review of the relative efficiencies of the processes between the two systems is not relevant to a data migration review.
2. Right Answer: A
Explanation: Certified and accredited systems are systems that have had their security compliance technically evaluated for running on a specific production server. Choice B is incorrect because not all data of certified systems are encrypted. Choice C is incorrect because certified systems are evaluated to run in a specific environment.A waterfall model is a software development methodology and not a reason for performing a certification and accrediting process.
3. Right Answer: A
Explanation: Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, one would not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.
4. Right Answer: A
Explanation: Implementing data backup and recovery procedure is a corrective control, because backup and recovery procedures can be used to roll back database errors.Defining or establishing standards is a preventive control, while monitoring for compliance is a detective control. Ensuring that only authorized personnel can update the database is a preventive control. Establishing controls to handle concurrent access problems is also a preventive control.
5. Right Answer: D
Explanation: Implementing integrity constraints in the database is a preventive control, because data is checked against predefined tables or rules preventing any undefined data from being entered. Logging all table update transactions and implementing before-and-after image reporting are detective controls that would not avoid the situation. Tracing and tagging are used to test application systems and controls and could not prevent out-of-range data.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment