CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 249
1. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:
A) recommend the use of disk mirroring.
B) review the adequacy of offsite storage.
C) review the capacity management process.
D) recommend the use of a compression algorithm.
2. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
A) Automated logging of changes to development libraries
B) Additional staff to provide separation of duties
C) Procedures that verify that only approved program changes are implemented
D) Access controls to prevent the operator from making program modifications
3. Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?
A) Assess the impact of patches prior to installation.
B) Ask the vendors for a new software version with all fixes included.
C) install the security patch immediately.
D) Decline to deal with these vendors in the future.
4. Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?
A) Release-to-release source and object comparison reports
B) Library control software restricting changes to source code
C) Restricted access to source code and object code
D) Date and time-stamp reviews of source and object code
5. Change management procedures are established by IS management to:
A) control the movement of applications from the test environment to the production environment.
B) control the interruption of business operations from lack of attention to unresolved problems.
C) ensure the uninterrupted operation of the business in the event of a disaster.
D) verify that system changes are properly documented.
A) recommend the use of disk mirroring.
B) review the adequacy of offsite storage.
C) review the capacity management process.
D) recommend the use of a compression algorithm.
2. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
A) Automated logging of changes to development libraries
B) Additional staff to provide separation of duties
C) Procedures that verify that only approved program changes are implemented
D) Access controls to prevent the operator from making program modifications
3. Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?
A) Assess the impact of patches prior to installation.
B) Ask the vendors for a new software version with all fixes included.
C) install the security patch immediately.
D) Decline to deal with these vendors in the future.
4. Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?
A) Release-to-release source and object comparison reports
B) Library control software restricting changes to source code
C) Restricted access to source code and object code
D) Date and time-stamp reviews of source and object code
5. Change management procedures are established by IS management to:
A) control the movement of applications from the test environment to the production environment.
B) control the interruption of business operations from lack of attention to unresolved problems.
C) ensure the uninterrupted operation of the business in the event of a disaster.
D) verify that system changes are properly documented.
1. Right Answer: C
Explanation: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem.Though data compression may save disk space, it could affect system performance.
2. Right Answer: C
Explanation: While it would be preferred that strict separation of duties be adhered to and that additional staff is recruited as suggested in choice B, this practice is not always possible in small organizations. An IS auditor must look at recommended alternative processes. Of the choices, C is the only practical one that has an impact. AnIS auditor should recommend processes that detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process.Choice A, involving logging of changes to development libraries, would not detect changes to production libraries. Choice D is in effect requiring a third party to do the changes, which may not be practical in a small organization.
3. Right Answer: A
Explanation: The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. To install the patch without knowing what it might affect could easily cause problems. New software versions withal fixes included are not always available and a full installation could be time consuming. Declining to deal with vendors does not take care of the flaw.
4. Right Answer: D
Explanation: Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.
5. Right Answer: A
Explanation: Change management procedures are established by IS management to control the movement of applications from the test environment to the production environment. Problem escalation procedures control the interruption of business operations from lack of attention to unresolved problems, and quality assurance procedures verify that system changes are authorized and tested.
Explanation: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem.Though data compression may save disk space, it could affect system performance.
2. Right Answer: C
Explanation: While it would be preferred that strict separation of duties be adhered to and that additional staff is recruited as suggested in choice B, this practice is not always possible in small organizations. An IS auditor must look at recommended alternative processes. Of the choices, C is the only practical one that has an impact. AnIS auditor should recommend processes that detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process.Choice A, involving logging of changes to development libraries, would not detect changes to production libraries. Choice D is in effect requiring a third party to do the changes, which may not be practical in a small organization.
3. Right Answer: A
Explanation: The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. To install the patch without knowing what it might affect could easily cause problems. New software versions withal fixes included are not always available and a full installation could be time consuming. Declining to deal with vendors does not take care of the flaw.
4. Right Answer: D
Explanation: Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.
5. Right Answer: A
Explanation: Change management procedures are established by IS management to control the movement of applications from the test environment to the production environment. Problem escalation procedures control the interruption of business operations from lack of attention to unresolved problems, and quality assurance procedures verify that system changes are authorized and tested.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment