100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CISA Questions (401 - 500) Questions & 100% Correct Answers $14.09   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISA
  4.  
  5. CISA

Exam (elaborations)

CISA Questions (401 - 500) Questions & 100% Correct Answers
 6 views  0 purchase
  • Course
  • CISA
  • Institution
  • CISA

An IS auditor is reviewing the software development process for an organization. Which of the following functions would be appropriate for the end users to perform? Select an answer: A. Program output testing B. System configuration C. Program logic specification D. Performance tun...

[Show more]

Preview 4 out of 156  pages

Document information

  • September 9, 2024
  • 156
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • cisa questions questions 100 corre
  • an is auditor is reviewing the software developmen

Written for

  • CISA
  • CISA

Seller

avatar-seller
ExamArsenal

Reviews received

Content preview

1 | P a g e | © copyright 2024/2025 | Grade A+




CISA Questions (401 - 500) Questions
& 100% Correct Answers
An IS auditor is reviewing the software development process for an organization.

Which of the following functions would be appropriate for the end users to

perform?




Select an answer:

A.

Program output testing




B.

System configuration




C.

Program logic specification




D.

Performance tuning


✓ :~~ You are correct, the answer is A.




Master01 | September, 2024/2025 | Latest update

, 2 | P a g e | © copyright 2024/2025 | Grade A+


A. A user can test program output by checking the program input and comparing it

with the system output. This task, although usually done by the programmer, can

also be done effectively by the user.




B. System configuration is usually too technical to be accomplished by a user and

this situation could create security issues. This could introduce a segregation of

duties issue.




C. Program logic specification is a very technical task that is normally performed

by a programmer. This could introduce a segregation of duties issue.




D. Performance tuning also requires high levels of technical skill and will not be

effectively accomplished by a user. This could introduce a segregation of duties

issue.




An IS auditor is reviewing system development for a health care organization with

two application environments—production and test. During an interview, the

auditor notes that production data are used in the test environment to test

program changes. What is the MOST significant potential risk from this situation?




Select an answer:

A.



Master01 | September, 2024/2025 | Latest update

, 3 | P a g e | © copyright 2024/2025 | Grade A+


The test environment may not have adequate controls to ensure data accuracy.




B.

The test environment may produce inaccurate results due to use of production

data.




C.

Hardware in the test environment may not be identical to the production

environment.




D.

The test environment may not have adequate access controls implemented to

ensure data confidentiality.

✓ :~~ You are correct, the answer is D.




A. The accuracy of data used in the test environment is not of significant concern

as long as these data are representative of the production environment.




B. Using production data in the test environment would not cause test results to be

inaccurate. If anything, using production data would improve the accuracy of

testing processes because the data would most closely mirror the production

environment. In spite of that fact, the risk of data disclosure or unauthorized


Master01 | September, 2024/2025 | Latest update

, 4 | P a g e | © copyright 2024/2025 | Grade A+


access in the test environment is still significant and, as a result, production data

should not be used in the test environment. This is especially important in a health

care organization where patient data confidentiality is critical and privacy laws in

many countries impose strict penalties on misuse of these data.




C. Hardware in the test environment should mirror the production environment to

ensure that testing is reliable. However, this does not relate to the risk from using

live data in a test environment. This is not the correct answer because it does not

relate to the risk presented in the scenario.




D. In many cases, the test environment is not configured with the same access

controls that are enabled in the production environment. For example,

programmers may have privileged access to the test environment (for testing), but

not to the production environment. If the test environment does not have

adequate access control, the production data are subject to risk of unauthorized

access and/or data disclosure. This is the most significant risk of the choices

listed.




The IS auditor is reviewing a recently completed conversion to a new enterprise

resource planning (ERP) system. As the final stage of the conversion process, the

organization ran the old and new systems in parallel for 30 days before allowing

the new system to run on its own. What is the MOST significant advantage to the

organization by using this strategy?



Master01 | September, 2024/2025 | Latest update

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.09. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78252 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.09
  • (0)
  Add to cart