Finding Leading CISA lab

Want to know Ucertify CISA Exam practice test features? Want to lear more about Isaca Isaca CISA certification experience? Study Refined Isaca CISA answers to Down to date CISA questions at Ucertify. Gat a success with an absolute guarantee to pass Isaca CISA (Isaca CISA) test on your first attempt.

2016 Oct CISA exam answers

Q201. - (Topic 1) 

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? 

A. Paper test 

B. Post test 

C. Preparedness test 

D. Walk-through 

Answer: C 

Explanation: 

A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. 


Q202. - (Topic 2) 

Which of the following is the key benefit of control self-assessment (CSA)? 

A. Management ownership of the internal controls supporting business objectives is reinforced. 

B. Audit expenses are reduced when the assessment results are an input to external audit work. 

C. Improved fraud detection since internal business staff are engaged in testing controls 

D. Internal auditors can shift to a consultative approach by using the results of the assessment. 

Answer: A 

Explanation: 

The objective of control self-assessment is to have business management become more aware of the importance of internal control and their responsibility in terms of corporate governance. Reducing audit expenses is not a key benefit of control self-assessment (CSA). improved fraud detection is important, but not as important as ownership, and is not a principal objective of CSA. CSA may give more insights to internal auditors, allowing them to take a more consultative role; however, this is an additional benefit, not the key benefit. 


Q203. - (Topic 1) 

What is a reliable technique for estimating the scope and cost of a software-development project? 

A. Function point analysis (FPA) 

B. Feature point analysis (FPA) 

C. GANTT 

D. PERT 

Answer: A 

Explanation: A function point analysis (FPA) is a reliable technique for estimating the scope and cost of a software-development project. 


Q204. - (Topic 2) 

Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? 

A. Multiple cycles of backup files remain available. 

B. Access controls establish accountability for e-mail activity. 

C. Data classification regulates what information should be communicated via e-mail. 

D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available. 

Answer: A 

Explanation: 

Backup files containing documents that supposedly have been deleted could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the e-mail. Data classification standards may be in place with regards to what should be communicated via e-mail, but the creation of the policy does not provide the information required for litigation purposes. 


Q205. - (Topic 1) 

If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further: 

A. Documentation development 

B. Comprehensive integration testing 

C. Full unit testing 

D. Full regression testing 

Answer: B 

Explanation: If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further comprehensive integration testing. 


CISA training

Updated CISA free download:

Q206. - (Topic 1) 

Which of the following is MOST is critical during the business impact assessment phase of business continuity planning? 

A. End-user involvement 

B. Senior management involvement 

C. Security administration involvement 

D. IS auditing involvement 

Answer: A 

Explanation: End-user involvement is critical during the business impact assessment phase of business continuity planning. 


Q207. - (Topic 1) 

What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness? 

A. Paper 

B. Preparedness 

C. Walk-through 

D. Parallel 

Answer: B 

Explanation: Of the three major types of BCP tests (paper, walk-through, and preparedness), only the preparedness test uses actual resources to simulate a system crash and validate the plan's effectiveness. 


Q208. - (Topic 1) 

What is the PRIMARY purpose of audit trails? 

A. To document auditing efforts 

B. To correct data integrity errors 

C. To establish accountability and responsibility for processed transactions 

D. To prevent unauthorized access to data 

Answer: C 

Explanation: The primary purpose of audit trails is to establish accountability and responsibility for processed transactions. 


Q209. - (Topic 3) 

The output of the risk management process is an input for making: 

A. business plans. 

B. audit charters. 

C. security policy decisions. 

D. software design decisions. 

Answer: C 

Explanation: 

The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk 

management process. 


Q210. - (Topic 1) 

Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer. 

A. IT strategic plan 

B. Business continuity plan 

C. Business impact analysis 

D. Incident response plan 

Answer: B 

Explanation: Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of a business continuity plan. 



see more CISA dumps