CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 250
1. In regard to moving an application program from the test environment to the production environment, the BEST control would be to have the:
A) application programmer copy the source program and compiled object module to the production libraries
B) application programmer copy the source program to the production libraries and then have the production control group compile the program.
C) production control group compile the object module to the production libraries using the source program in the test environment.
D) production control group copy the source program to the production libraries and then compile the program.
2. An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
A) Allow changes to be made only with the DBA user account.
B) Make changes to the database after granting access to a normal user account.
C) Use the DBA user account to make changes, log the changes and review the change log the following day.
D) Use the normal user account to make changes, log the changes and review the change log the following day.
3. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?
A) Review software migration records and verify approvals.
B) identify changes that have occurred and verify approvals.
C) Review change control documentation and verify approvals.
D) Ensure that only appropriate staff can migrate changes into production.
4. An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?
A) Analyze the need for the structural change.
B) Recommend restoration to the originally designed structure.
C) Recommend the implementation of a change control process.
D) Determine if the modifications were properly approved.
5. A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?
A) Comparing source code
B) Reviewing system log files
C) Comparing object code
D) Reviewing executable and source code integrity
A) application programmer copy the source program and compiled object module to the production libraries
B) application programmer copy the source program to the production libraries and then have the production control group compile the program.
C) production control group compile the object module to the production libraries using the source program in the test environment.
D) production control group copy the source program to the production libraries and then compile the program.
2. An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
A) Allow changes to be made only with the DBA user account.
B) Make changes to the database after granting access to a normal user account.
C) Use the DBA user account to make changes, log the changes and review the change log the following day.
D) Use the normal user account to make changes, log the changes and review the change log the following day.
3. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?
A) Review software migration records and verify approvals.
B) identify changes that have occurred and verify approvals.
C) Review change control documentation and verify approvals.
D) Ensure that only appropriate staff can migrate changes into production.
4. An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?
A) Analyze the need for the structural change.
B) Recommend restoration to the originally designed structure.
C) Recommend the implementation of a change control process.
D) Determine if the modifications were properly approved.
5. A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?
A) Comparing source code
B) Reviewing system log files
C) Comparing object code
D) Reviewing executable and source code integrity
1. Right Answer: D
Explanation: The best control would be provided by having the production control group copy the source program to the production libraries and then compile the program.
2. Right Answer: C
Explanation: The use of a database administrator (DBA) user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. The use of the DBA user account without logging would permit uncontrolled changes to be made to databases once access to the account was obtained. The use of a normal user account with no restrictions would allow uncontrolled changes to any of the databases. Logging would only provide information on changes made, but would not limit changes to only those that were authorized.Hence, logging coupled with review form an appropriate set of compensating controls.
3. Right Answer: B
Explanation: The most effective method is to determine through code comparisons what changes have been made and then verify that they have been approved. Change control records and software migration records may not have all changes listed. Ensuring that only appropriate staff can migrate changes into production is a key control process, but in itself does not verify compliance.
4. Right Answer: D
Explanation: An IS auditor should first determine if the modifications were properly approved. Choices A, B and C are possible subsequent actions, should the IS auditor find that the structural modification had not been approved.
5. Right Answer: B
Explanation: Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. Source and object code comparisons are ineffective, because the original programs were restored and do not exist. Reviewing executable and source code integrity is an ineffective control, because integrity between the executable and source code is automatically maintained.
Explanation: The best control would be provided by having the production control group copy the source program to the production libraries and then compile the program.
2. Right Answer: C
Explanation: The use of a database administrator (DBA) user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. The use of the DBA user account without logging would permit uncontrolled changes to be made to databases once access to the account was obtained. The use of a normal user account with no restrictions would allow uncontrolled changes to any of the databases. Logging would only provide information on changes made, but would not limit changes to only those that were authorized.Hence, logging coupled with review form an appropriate set of compensating controls.
3. Right Answer: B
Explanation: The most effective method is to determine through code comparisons what changes have been made and then verify that they have been approved. Change control records and software migration records may not have all changes listed. Ensuring that only appropriate staff can migrate changes into production is a key control process, but in itself does not verify compliance.
4. Right Answer: D
Explanation: An IS auditor should first determine if the modifications were properly approved. Choices A, B and C are possible subsequent actions, should the IS auditor find that the structural modification had not been approved.
5. Right Answer: B
Explanation: Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. Source and object code comparisons are ineffective, because the original programs were restored and do not exist. Reviewing executable and source code integrity is an ineffective control, because integrity between the executable and source code is automatically maintained.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment