QUESTION 51
Why is a clause for requiring source code escrow in an application vendor agreement important?
A. |
To segregate systems development and live environments |
B. |
To protect the organization from copyright disputes |
C. |
To ensure that sufficient code is available when needed |
D. |
To ensure that the source code remains available even if the application vendor goes out of business |
Correct Answer: D
Explanation:
A clause for requiring source code escrow in an application vendor agreement is important to ensure that the source code remains available even if the application vendor goes out of business.
QUESTION 52
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:
A. |
cold site. |
B. |
warm site. |
C. |
dial-up site. |
D. |
duplicate processing facility. |
Correct Answer: A
Explanation:
A cold site is ready to receive equipment but does not offer any components at the site in advance of the need.
QUESTION 53
What is used as a control to detect loss, corruption, or duplication of data?
A. |
Redundancy check |
B. |
Reasonableness check |
C. |
Hash totals |
D. |
Accuracy check |
Correct Answer: C
Explanation:
Hash totals are used as a control to detect loss, corruption, or duplication of datA.
QUESTION 54
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?
A. |
Relocate the shut off switch. |
B. |
Install protective covers. |
C. |
Escort visitors. |
D. |
Log environmental failures. |
Correct Answer: B
Explanation:
A protective cover over the switch would allow it to be accessible and visible, but would prevent accidental activation.
QUESTION 55
An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?
A. |
True |
B. |
False |
Correct Answer: B
Explanation:
An off-site processing facility should not be easily identifiable externally because easy identification would create an additional vulnerability for sabotage.
QUESTION 56
What is the primary security concern for EDI environments? Choose the BEST answer.
A. |
Transaction authentication |
B. |
Transaction completeness |
C. |
Transaction accuracy |
D. |
Transaction authorization |
Correct Answer: D
Explanation:
Transaction authorization is the primary security concern for EDI environments.
QUESTION 57
Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
A. |
True |
B. |
False |
Correct Answer: A
Explanation:
Database snapshots can provide an excellent audit trail for an IS auditor.
QUESTION 58
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?
A. |
Unit testing |
B. |
Integration testing |
C. |
Design walk-throughs |
D. |
Configuration management |
Correct Answer: B
Explanation:
A common system maintenance problem is that errors are often corrected quickly (especially when deadlines are tight), units are tested by the programmer, and then transferred to the acceptance test areA. This often results in system problems that should have been detected during integration or system testing. Integration testing aims at ensuring that the major components of the system interface correctly.
QUESTION 59
With the objective of mitigating the risk and impact of a major business interruption, a disasterrecovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?
A. |
True |
B. |
False |
Correct Answer: A
Explanation:
With the objective of mitigating the risk and impact of a major business interruption, a disaster-recovery plan should endeavor to reduce the length of recovery time necessary and the costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs.
QUESTION 60
Who is ultimately accountable for the development of an IS security policy?
A. |
The board of directors |
B. |
Middle management |
C. |
Security administrators |
D. |
Network administrators |
Correct Answer: A
Explanation:
The board of directors is ultimately accountable for the development of an IS security policy.
Free VCE & PDF File for Isaca CISA Real Exam
Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF