10 tips on How to CISA Test Like a Badass [21 to 30]

It is impossible to pass Isaca CISA exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Isaca CISA practice questions. You will get a surprising result by our Improve Isaca CISA practice guides.

2021 Jul CISA exam cram

Q21. - (Topic 2) 

An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: 

A. implemented a specific control during the development of the application system. 

B. designed an embedded audit module exclusively for auditing the application system. 

C. participated as a member of the application system project team, but did not have operational responsibilities. 

D. provided consulting advice concerning application system best practices. 

Answer: A 


Independence may be impaired if an IS auditor is, or has been, actively involved in the development, acquisition and implementation of the application system. Choices B and C are situations that do not impair an IS auditor's independence. Choice D isincorrect because an IS auditor's independence is not impaired by providing advice on known best practices. 

Q22. - (Topic 1) 

What can be implemented to provide the highest level of protection from external attack? 

A. Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host 

B. Configuring the firewall as a screened host behind a router 

C. Configuring the firewall as the protecting bastion host 

D. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts 

Answer: A 

Explanation: Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host provides a higher level of protection from external attack than all other answers. 

Q23. - (Topic 4) 

Information for detecting unauthorized input from a terminal would be BEST provided by the: 

A. console log printout. 

B. transaction journal. 

C. automated suspense file listing. 

D. user error report. 

Answer: B 


The transaction journal would record all transaction activity, which then could be compared to the authorized source documents to identify any unauthorized input. A console log printout is not the best, because it would not record activity from a specific terminal. An automated suspense file listing would only list transaction activity where an edit error 

occurred, while the user error report would only list input that resulted in an edit error. 

Q24. - (Topic 1) 

Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks? 

A. Gateway 

B. Protocol converter 

C. Front-end communication processor 

D. Concentrator/multiplexor 

Answer: A 


A gateway performs the job of translating e-mail formats from one network to another so messages can make their way through all the networks. 

Q25. - (Topic 4) 

Documentation of a business case used in an IT development project should be retained until: 

A. the end of the system's life cycle. 

B. the project is approved. 

C. user acceptance of the system. 

D. the system is in production. 

Answer: A 


A business case can and should be used throughout the life cycle of the product. It serves as an anchor for new (management) personnel, helps to maintain focus and provides valuable information on estimates vs. actuals. Questions like, 'why dowe do that,"what was the original intent' and 'how did we perform against the plan' can be answered, and lessons for developing future business cases can be learned. During the development phase of a project one shouldalways validate the business case, as it is a good management instrument. After finishing a project and entering production, the business case and all the completed research are valuable sources of information that should be kept for further reference 

CISA study guide

Leading CISA free exam questions:

Q26. - (Topic 1) 

What type of risk is associated with authorized program exits (trap doors)? Choose the BEST answer. 

A. Business risk 

B. Audit risk 

C. Detective risk 

D. Inherent risk 

Answer: D 

Explanation: Inherent risk is associated with authorized program exits (trap doors). 

Q27. - (Topic 3) 

Which of the following IT governance best practices improves strategic alignment? 

A. Supplier and partner risks are managed. 

B. A knowledge base on customers, products, markets and processes is in place. 

C. A structure is provided that facilitates the creation and sharing of business information. 

D. Top management mediate between the imperatives of business and technology. 

Answer: D 


Top management mediating between the imperatives of business and technology is an IT strategic alignment best practice. Supplier and partner risks being managed is a risk management best practice. A knowledge base on customers, products, markets andprocesses being in place is an IT value delivery best practice. An infrastructure being provided to facilitate the creation and sharing of business information is an IT value delivery and risk management best practice. 

Q28. - (Topic 3) 

To assist an organization in planning for IT investments, an IS auditor should recommend the use of: 

A. project management tools. 

B. an object-oriented architecture. 

C. tactical planning. 

D. enterprise architecture (EA). 

Answer: D 


Enterprise architecture (EA) involves documenting the organization's IT assets and processes in a structured manner to facilitate understanding, management and planning for IT investments. It involves both a current state and a representation of an optimized future state. In attempting to complete an EA, organizations can address the problem either from a technology perspective or a business process perspective. Project management does not consider IT investment aspects; it is a tool to aid in delivering projects. Object-oriented architecture is a software development methodology and does not assist in planning for IT investment, while tactical planning is relevant only after high-level IT investment decisions have been made. 

Q29. - (Topic 3) 

An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for: 

A. documentation of staff background checks. 

B. independent audit reports or full audit access. 

C. reporting the year-to-year incremental cost reductions. 

D. reporting staff turnover, development or training. 

Answer: B 


When the functions of an IS department are outsourced, an IS auditor should ensure that a provision is made for independent audit reports that cover all essential areas, or that the outsourcer has full audit access. Although it is necessary to document the fact that background checks are performed, this is not as important as provisions for audits. Financial measures such as year-to-year incremental cost reductions are desirable to have in a service level agreement (SLA); however, cost reductions are not as important as the availability of independent audit reports or full audit access. An SLA might include human relationship measures such as resource planning, staff turnover, development or training, but this is not as important as the requirements for independent reports or full audit access by the outsourcing organization. 

Q30. - (Topic 1) 

An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered? 

A. Substantive 

B. Compliance 

C. Integrated 

D. Continuous audit 

Answer: A 

Explanation: Using a statistical sample to inventory the tape library is an example of a substantive test. 

see more CISA dumps