CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 239
1. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:
A) excessive transaction turnaround time.
B) application interface failure.
C) improper transaction authorization.
D) no validated batch totals.
2. When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?
A) The risks associated with the use of the products are periodically assessed
B) The latest version of software is listed for each product
C) Due to licensing issues the list does not contain open source software
D) After hours' support is offered
3. An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:
A) reverse engineering.
B) prototyping.
C) software reuse.
D) reengineering.
4. An IS auditor performing an application maintenance audit would review the log of program changes for the:
A) authorization of program changes.
B) creation date of a current object module.
C) number of program changes actually made.
D) creation date of a current source program.
5. After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
A) Stress
B) Black box
C) Interface
D) System
A) excessive transaction turnaround time.
B) application interface failure.
C) improper transaction authorization.
D) no validated batch totals.
2. When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?
A) The risks associated with the use of the products are periodically assessed
B) The latest version of software is listed for each product
C) Due to licensing issues the list does not contain open source software
D) After hours' support is offered
3. An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:
A) reverse engineering.
B) prototyping.
C) software reuse.
D) reengineering.
4. An IS auditor performing an application maintenance audit would review the log of program changes for the:
A) authorization of program changes.
B) creation date of a current object module.
C) number of program changes actually made.
D) creation date of a current source program.
5. After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
A) Stress
B) Black box
C) Interface
D) System
1. Right Answer: C
Explanation: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant.
2. Right Answer: A
Explanation: Since the business conditions surrounding vendors may change, it is important for an organization to conduct periodic risk assessments of the vendor software list. This might be best incorporated into the IT risk management process. Choices B, C and D are possible considerations but would not be the most important.
3. Right Answer: D
Explanation: Old (legacy) systems that have been corrected, adapted and enhanced extensively require reengineering to remain maintainable. Reengineering is a rebuilding activity to incorporate new technologies into existing systems. Using program language statements, reverse engineering involves reversing a program's machine code into the source code in which it was written to identify malicious content in a program, such as a virus, or to adapt a program written for use with one processor for use with a differently designed processor. Prototyping is the development of a system through controlled trial and error. Software reuse is the process of planning, analyzing and using previously developed software components. The reusable components are integrated into the current software product systematically.
4. Right Answer: A
Explanation: The manual log will most likely contain information on authorized changes to a program. Deliberate, unauthorized changes will not be documented by the responsible party. An automated log, found usually in library management products, and not a changelog would most likely contain date information for the source and executable modules.
5. Right Answer: D
Explanation: Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.
Explanation: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant.
2. Right Answer: A
Explanation: Since the business conditions surrounding vendors may change, it is important for an organization to conduct periodic risk assessments of the vendor software list. This might be best incorporated into the IT risk management process. Choices B, C and D are possible considerations but would not be the most important.
3. Right Answer: D
Explanation: Old (legacy) systems that have been corrected, adapted and enhanced extensively require reengineering to remain maintainable. Reengineering is a rebuilding activity to incorporate new technologies into existing systems. Using program language statements, reverse engineering involves reversing a program's machine code into the source code in which it was written to identify malicious content in a program, such as a virus, or to adapt a program written for use with one processor for use with a differently designed processor. Prototyping is the development of a system through controlled trial and error. Software reuse is the process of planning, analyzing and using previously developed software components. The reusable components are integrated into the current software product systematically.
4. Right Answer: A
Explanation: The manual log will most likely contain information on authorized changes to a program. Deliberate, unauthorized changes will not be documented by the responsible party. An automated log, found usually in library management products, and not a changelog would most likely contain date information for the source and executable modules.
5. Right Answer: D
Explanation: Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment