Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
QUESTION 1
During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the
auditor observes that some
remote offices have very limited local IT resources. Which of the following
observations would be the MOST
critical for the IS auditor?
A. A test has not been made to ensure that local resources could maintain security
and service standards
when recovering from a disaster or incident.
B. The corporate business continuity plan (BCP) does not accurately document the
systems that exist at
remote offices.
C. Corporate security measures have not been incorporated into the test plan.
D. A test has not been made to ensure that tape backups from the remote offices are
usable.
Answer: A
Explanation/Reference:
QUESTION 2
Which of the following ways is the BEST for an IS auditor to verify that critical
production servers are running
the latest security updates released by the vendor?
Answer: D
Explanation/Reference:
QUESTION 3
Answer: D
Explanation/Reference:
QUESTION 4
The PRIMARY purpose of installing data leak prevention (DLP) software is to control
which of the following
choices?
Answer: D
Explanation/Reference:
QUESTION 5
Answer: A
Explanation/Reference:
QUESTION 6
Answer: D
Explanation/Reference:
QUESTION 7
What would be the MOST effective control for enforcing accountability among
database users accessing
sensitive information?
A. Implement a log management process.
B. Implement a two-factor authentication.
C. Use table views to access sensitive data.
D. Separate database and application servers.
Answer: A
Explanation/Reference:
QUESTION 8
When auditing the IT governance framework and IT risk management practices that
exist within an
organization, the IS auditor identified some undefined responsibilities regarding
IT management and
governance roles. Which of the following recommendations is the MOST appropriate?
Answer: B
Explanation/Reference:
QUESTION 9
The internal IS audit team is auditing controls over sales returns and is concerned
about fraud. Which of the
following sampling methods would BEST assist the IS auditors?
A. Stop-or-go
B. Classical variable
C. Discovery
D. Probability-proportional-to-size
Answer: C
Explanation/Reference:
QUESTION 10
Answer: A
Explanation/Reference:
QUESTION 11
Which of the following is the MOST important skill an IS auditor should develop to
understand the constraints of
conducting an audit?
A. Contingency planning
B. IS management resource allocation
C. Project management
D. Knowledge of internal controls
Answer: C
Explanation/Reference:
QUESTION 12
With the help of a security officer, granting access to data is the responsibility
of:
A. data owners.
B. programmers.
C. system analysts.
D. librarians.
Answer: A
Explanation/Reference:
QUESTION 13
Answer: C
Explanation/Reference:
QUESTION 14
Which of the following is the BEST indicator of the effectiveness of backup and
restore procedures while
restoring data after a disaster?
Answer: B
Explanation/Reference:
QUESTION 15
Which of the following should an IS auditor use to detect duplicate invoice records
within an invoice master file?
A. Attribute sampling
B. Computer-assisted audit techniques (CAATs)
C. Compliance testing
D. Integrated test facility (ITF)
Answer: B
Explanation/Reference:
QUESTION 16
Answer: A
Explanation/Reference:
QUESTION 17
During an audit of a small enterprise, the IS auditor noted that the IS director
has superuser-privilege access
that allows the director to process requests for changes to the application access
roles (access types). Which
of the following should the IS auditor recommend?
Answer: A
Explanation/Reference:
QUESTION 18
Answer: C
Explanation/Reference:
QUESTION 19
Answer: C
Explanation/Reference:
QUESTION 20
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation
Answer: C
Explanation/Reference:
QUESTION 21
An IS auditor is determining the appropriate sample size for testing the existence
of program change approvals.
Previous audits did not indicate any exceptions, and management has confirmed that
no exceptions have been
reported for the review period. In this context, the IS auditor can adopt a:
Answer: A
Explanation/Reference:
QUESTION 22
Answer: A
Explanation/Reference:
QUESTION 23
Answer: B
Explanation/Reference:
QUESTION 24
Answer: D
Explanation/Reference:
QUESTION 25
Although management has stated otherwise, an IS auditor has reasons to believe that
the organization is using
software that is not licensed. In this situation, the IS auditor should FIRST:
A. include the statement from management in the audit report.
B. verify the software is in use through testing.
C. include the item in the audit report.
D. discuss the issue with senior management because it could have a negative impact
on the organization.
Answer: B
Explanation/Reference:
QUESTION 26
During a review of a business continuity plan, an IS auditor noticed that the point
at which a situation is declared
to be a crisis has not been defined. The MAJOR risk associated with this is that:
A. assessment of the situation may be delayed.
B. execution of the disaster recovery plan could be impacted.
C. notification of the teams might not occur.
D. potential crisis recognition might be delayed.
QUESTION 27
A. Project sponsor
B. System development project team (SDPT)
C. Project steering committee
D. User project team (UPT)
QUESTION 28
An IS auditor discovers that uniform resource locators (URLs) for online control
self-assessment questionnaires
are sent using URL shortening services. The use of URL shortening services would
MOST likely increase the
risk of which of the following attacks?
Answer: Phishing
Explanation/Reference:
because phishing is a method of committing fraud by tricking the target with the
intention of stealing the target account. Phishing is often used on e-mails, where
e-mail dissemination is done to provide information that leads to fake pages for
the purpose of trapping victims.
QUESTION 29
Answer: two business units can get almost the same problem
Explanation/Reference:
because it uses a reciprocal agreement then every company has the same risk
possibilities
QUESTION 30
QUESTION 31
Which of the following is the MAIN reason an organization should have an incident
response plan? The plan
helps to:
QUESTION 32
A. nonpersonalized access cards are given to the cleaning staff, who use a sign-in
sheet but show no proof of
identity.
B. access cards are not labeled with the organization�s name and address to
facilitate easy return of a lost
card.
C. card issuance and rights administration for the cards are done by different
departments, causing
unnecessary lead time for new cards.
D. the computer system used for programming the cards can only be replaced after
three weeks in the event
of a system failure.
Answer: nonpersonalized access cards are given to the cleaning staff, who use a
sign-in sheet but show no proof of
identity.
Explanation/Reference:
because the access card is nonpersonal but shows no evidence
identity can be used to infiltrate the organization because the identity of the
card user can be someone other than the organization's employees
QUESTION 33
Answer: Faulty migration of historical data from the old system to the new system
Explanation/Reference:
because the transfer of data from the old system to the new system can result in
loss of data and the addition of risky data
QUESTION 34
Which of the following is the BEST factor for determining the required extent of
data collection during the
planning phase of an IS compliance audit?
QUESTION 35
QUESTION 36
QUESTION 37
QUESTION 38
A. System owners
B. System users
C. System designers
D. System builders
QUESTION 39
When reviewing an active project, an IS auditor observed that the business case was
no longer valid because
of a reduction in anticipated benefits and increased costs. The IS auditor should
recommend that the:
A. project be discontinued.
B. business case be updated and possible corrective actions be identified.
C. project be returned to the project sponsor for reapproval.
D. project be completed and the business case be updated later.
QUESTION 40
When auditing the archiving of the company�s email communications, the IS auditor
should pay the MOST
attention to:
QUESTION 41
While evaluating software development practices in an organization, an IS auditor
notes that the quality
assurance (QA) function reports to project management. The MOST important concern
for an IS auditor is the:
QUESTION 42
A. An impact
B. A vulnerability
C. An asset
D. A threat
Answer: A vulnerability
Explanation/Reference:
Because A vulnerability refers to system security
QUESTION 43
QUESTION 44
Which of the following issues should be the GREATEST concern to the IS auditor when
reviewing an IT
disaster recovery test?
A. Due to the limited test time window, only the most essential systems were
tested. The other systems were
tested separately during the rest of the year.
B. During the test, some of the backup systems were defective or not working,
causing the test of these
systems to fail.
C. The procedures to shut down and secure the original production site before
starting the backup site required
far more time than planned.
D. Every year, the same employees perform the test. The recovery plan documents are
not used because
every step is well known by all participants.
Answer: Every year, the same employees perform the test. The recovery plan
documents are not used because
every step is well known by all participants.
Explanation/Reference:
A disaster recovery test should test the plan, processes, people and IT systems.
Therefore, if the plan is not used, its accuracy and adequacy cannot be verified.
Disaster recovery should not rely on key staff because a disaster can occur when
they are not available. However, the fact that the test works is less serious than
the failure of the systems and infrastructure that the recovery plan counts on.
Best practice would rotate different people through the test and ensure that the
plan itself is followed and tested.
QUESTION 45
The information security policy that states �each individual must have his/her
badge read at every controlled
door� addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
Answer: Piggybacking
Explanation/Reference:
piggybacking refers to when a person tags along with another person who is
authorized to gain entry into a restricted area, or pass a certain checkpoint.[1]
It can be either electronic or physical.[
QUESTION 46
When reviewing the procedures for the disposal of computers, which of the following
should be the GREATEST
concern for the IS auditor?
A. Hard disks are overwritten several times at the sector level but are not
reformatted before leaving the
organization.
B. All files and folders on hard disks are separately deleted, and the hard disks
are formatted before leaving
the organization.
C. Hard disks are rendered unreadable by hole-punching through the platters at
specific positions before
leaving the organization.
D. The transport of hard disks is escorted by internal security staff to a nearby
metal recycling company, where
the hard disks are registered and then shredded.
Answer: All files and folders on hard disks are separately deleted, and the hard
disks are formatted before leaving
the organization.
Explanation/Reference:
So that all files and data have backups and no errors occur
QUESTION 47
Which of the following would be the BEST approach to ensure that sufficient test
coverage will be achieved for
a project with a strict end date and a fixed time to perform testing?
QUESTION 48
QUESTION 49
A. Personal firewall
B. Antivirus programs
C. Intrusion detection system (IDS)
D. Virtual local area network (VLAN) configuration
QUESTION 50
Which of the following groups is the BEST source of information for determining the
criticality of application
systems as part of a business impact analysis (BIA)?
QUESTION 51
A. Malware on servers
B. Firewall misconfiguration
C. Increased spam received by the email server
D. Unauthorized network activities
Answer: D
Explanation/Reference:
QUESTION 52
The effect of which of the following should have priority in planning the scope and
objectives of an IS audit?
Answer: A
Explanation/Reference:
QUESTION 53
From a risk management point of view, the BEST approach when implementing a large
and complex IT
infrastructure is:
Answer: C
Explanation/Reference:
QUESTION 54
Answer: A
Explanation/Reference:
QUESTION 55
Answer: B
Explanation/Reference:
QUESTION 56
The MOST appropriate action for an IS auditor to take when shared user accounts are
discovered is to:
Answer: C
Explanation/Reference:
QUESTION 57
Which of the following would MOST effectively enhance the security of a challenge-
response based
authentication system?
Answer: B
Explanation/Reference:
QUESTION 58
The PRIMARY objective of the audit initiation meeting with an IS audit client is
to:
Answer: A
Explanation/Reference:
QUESTION 59
Answer: B
Explanation/Reference:
QUESTION 60
An IS auditor observed that users are occasionally granted the authority to change
system data. This elevated
system access is not consistent with company policy yet is required for smooth
functioning of business
operations. Which of the following controls would the IS auditor MOST likely
recommend for long-term
resolution?
Answer: C
Explanation/Reference:
QUESTION 61
Answer: D
Explanation/Reference:
QUESTION 62
A. Executive management
B. IT management
C. Board of directors
D. Steering committee
Answer: B
Explanation/Reference:
QUESTION 63
To ensure that audit resources deliver the best value to the organization, the
FIRST step would be to:
A. schedule the audits and monitor the time spent on each audit.
B. train the IS audit staff on current technology used in the company.
C. develop the audit plan on the basis of a detailed risk assessment.
D. monitor progress of audits and initiate cost control measures.
Answer: C
Explanation/Reference:
QUESTION 64
A. Ensure that the IT security risk assessment has a clearly defined scope.
B. Require the IT security officer to approve each risk rating during the workshop.
C. Suggest that the IT security officer accept the business unit risk and rating.
D. Select only commonly accepted risk with the highest submitted rating.
Answer: A
Explanation/Reference:
QUESTION 65
Answer: A
Explanation/Reference:
QUESTION 66
Answer: D
Explanation/Reference:
QUESTION 67
Which of the following is the MOST efficient way to test the design effectiveness
of a change control process?
Answer: D
Explanation/Reference:
QUESTION 68
A. Transfer
B. Mitigation
C. Avoidance
D. Acceptance
Answer: B
Explanation/Reference:
QUESTION 69
Answer: C
Explanation/Reference:
QUESTION 70
An IS auditor should ensure that review of online electronic funds transfer (EFT)
reconciliation procedures
should include:
A. vouching.
B. authorizations.
C. corrections.
D. tracing.
Answer: D
Explanation/Reference:
QUESTION 71
Which of the following would BEST help to prioritize project activities and
determine the time line for a project?
A. A Gantt chart
B. Earned value analysis (EVA)
C. Program evaluation review technique (PERT)
D. Function point analysis (FPA)
Answer: C
Explanation/Reference:
QUESTION 72
Who should review and approve system deliverables as they are defined and
accomplished to ensure the
successful completion and implementation of a new business system application?
A. User management
B. Project steering committee
C. Senior management
D. Quality assurance staff
Answer: A
Explanation/Reference:
QUESTION 73
Answer: B
Explanation/Reference:
QUESTION 74
Due to resource constraints of the IS audit team, the audit plan as originally
approved cannot be completed.
Assuming that the situation is communicated in the audit report, which course of
action is MOST acceptable?
Answer: C
Explanation/Reference:
QUESTION 75
A. IS auditor
B. Database administrator
C. Project manager
D. Data owner
Answer: D
Explanation/Reference: