Ensurepass

 

QUESTION 51

Why is a clause for requiring source code escrow in an application vendor agreement important?

 

A.

To segregate systems development and live environments

B.

To protect the organization from copyright disputes

C.

To ensure that sufficient code is available when needed

D.

To ensure that the source code remains available even if the application vendor goes out of business

 

Correct Answer: D

Explanation:

A clause for requiring source code escrow in an application vendor agreement is important to ensure that the source code remains available even if the application vendor goes out of business.

 

 

QUESTION 52

An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

 

A.

cold site.

B.

warm site.

C.

dial-up site.

D.

duplicate processing facility.

 

Correct Answer: A

Explanation:

A cold site is ready to receive equipment but does not offer any components at the site in advance of the need.

 

 

QUESTION 53

What is used as a control to detect loss, corruption, or duplication of data?

 

A.

Redundancy check

B.

Reasonableness check

C.

Hash totals

D.

Accuracy check

 

Correct Answer: C

Explanation:

Hash totals are used as a control to detect loss, corruption, or duplication of datA.

 

 

QUESTION 54

The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

 

A.

Relocate the shut off switch.

B.

Install protective covers.

C.

Escort visitors.

D.

Log environmental failures.

 

Correct Answer: B

Explanation:

A protective cover over the switch would allow it to be accessible and visible, but would prevent accidental activation.

 

 

QUESTION 55

An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

 

A.

True

B.

False

 

Correct Answer: B

Explanation:

An off-site processing facility should not be easily identifiable externally because easy identification would create an additional vulnerability for sabotage.

 

 

QUESTION 56

What is the primary security concern for EDI environments? Choose the BEST answer.

 

A.

Transaction authentication

B.

Transaction completeness

C.

Transaction accuracy

D.

Transaction authorization

 

Correct Answer: D

Explanation:

Transaction authorization is the primary security concern for EDI environments.

 

 

QUESTION 57

Database snapshots can provide an excellent audit trail for an IS auditor. True or false?

 

A.

True

B.

False

 

Correct Answer: A

Explanation:

Database snapshots can provide an excellent audit trail for an IS auditor.

 

 

QUESTION 58

A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

 

A.

Unit testing

B.

Integration testing

C.

Design walk-throughs

D.

Configuration management

 

Correct Answer: B

Explanation:

A common system maintenance problem is that errors are often corrected quickly (especially when deadlines are tight), units are tested by the programmer, and then transferred to the acceptance test areA. This often results in system problems that should have been detected during integration or system testing. Integration testing aims at ensuring that the major components of the system interface correctly.

 

 

QUESTION 59

With the objective of mitigating the risk and impact of a major business interruption, a disasterrecovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?

 

A.

True

B.

False

 

Correct Answer: A

Explanation:

With the objective of mitigating the risk and impact of a major business interruption, a disaster-recovery plan should endeavor to reduce the length of recovery time necessary and the costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs.

QUESTION 60

Who is ultimately accountable for the development of an IS security policy?

 

A.

The board of directors

B.

Middle management

C.

Security administrators

D.

Network administrators

 

Correct Answer: A

Explanation:

The board of directors is ultimately accountable for the development of an IS security policy.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.