Practice Quiz

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Practice Quiz

After you enter a purchase order in an on-line system, you get the message, “The request could not be processed due to lack of funds in your budget”. This is an example of error? *

1 point

Detection

Correction

Prevention

Recovery

Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? *

1 point

The use of diskless workstations

Periodic checking of hard drives

The use of current antivirus software

Policies that result in instant dismissal if violated.

For effective computer capacity planning the most essential activity is: *

1 point

Liaising with the management and hardware suppliers

Evaluating for the cheapest Hardware

Determining the workload of applications

Evaluating a cost effective DBMS

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: *

1 point

the availability of CAATs.

management's representation.

organizational structure and job responsibilities.

the existence of internal and operational controls

An IS auditor reviewing a proposed application software acquisition should ensure that the: *

1 point

operating system (OS) being used is compatible with the existing hardware platform.

planned OS updates have been scheduled to minimize negative impacts on company needs.

OS has the latest versions and updates.

products are compatible with the current or planned OS.

Which of the following is a benefit of a risk-based approach to audit planning? *

1 point

Audit scheduling may be performed months in advance.

Audit budgets are more likely to be met by the IS audit staff.

Audit staff will be exposed to a variety of technologies.

Audit resources are allocated to the areas of highest concern.

Which of the following is a risk of availing cloud computing services? *

1 point

Dependence on third party

Ability to access the application & data from anywhere

Reduced Hardware Costs

Reduced need for physical space

Which of the following is most important critical success factor for ERP? *

1 point

Expense & Time in implementation.

Vendor Lock in

Improved Data Access

Selection and configuration of ERP package

Overall business risk for a particular threat can be expressed as *

1 point

a product of the probability and magnitude of the impact of a threat successfully exploits vulnerability.

the magnitude of the impact should a threat source successfully exploit the vulnerability.

the likelihood of a given threat source exploiting a given vulnerability

the collective judgment of the risk assessment team

The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: *

1 point

information assets are overprotected

a basic level of protection is applied regardless of asset value

appropriate levels of protection are applied to information assets

an equal proportion of resources are devoted to protecting all information assets

Which of the following is a substantive test? *

1 point

Checking a list of exception reports

Ensuring approval for parameter changes

Using a statistical sample to inventory the tape library

Reviewing password history reports

Which of the following is NOT generally considered a category of Audit Risk? *

1 point

Detection Risk

Scoping Risk

Inherent Risk

Control Risk

The most common reason for the failure of information systems to meet the needs of users is that: *

1 point

user needs are constantly changing

the growth of user requirements was forecast inaccurately

the hardware system limits the number of concurrent users.

user participation in defining the system's requirements was inadequate.

What means the rate at which opinion of the IS Auditor would change if he selects a larger sample size? *

1 point

Audit Risk

Materiality

Risk Based Audit

Controls

The decision and actions of an IS Auditor are most likely to affect which of the following *

1 point

Inherent Risk

Detection Risk

Control Risk

Business Risk

An IS auditor is assigned to perform a post-implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: *

1 point

implemented a specific control during the development of the application system

designed an embedded audit module exclusively for auditing the application system

participated as a member of the application system project team, but did not have operational responsibilities

provided consulting advice concerning application system best practices

Reviewing management's long-term strategic plans helps the IS auditor: *

1 point

Gains an understanding of an organization's goals and objectives.

Tests the enterprise's internal controls.

Assess the organization's reliance on information systems.

Determine the number of audit resources needed.

Which of the following is not a type of internal controls? *

1 point

Detective

Corrective

Preventive

Administrative

A Company selling used computers would ensure that: *

1 point

The computers were not used to store confidential data.

A nondisclosure agreement has been signed.

Data from data storage media are Erased

No backups are retained

The PRIMARY advantage of a continuous audit approach is that it: *

1 point

does not require an IS auditor to collect evidence on system reliability while processing is taking place

requires the IS auditor to review and follow up immediately on all information collected

can improve system security when used in time-sharing environments that process a large number of transactions

does not depend on the complexity of an organization's computer systems

Which of the following would be of concern for an information system auditor auditing BPO (Business Process Outsourcing) Service provider? *

1 point

BPO has identified all External Compliance requirements.

BPO exceeds Turn Around Time defined in SLA

BPO has a documented security policy

BPO has a proper Background checks for staff

Senior management has requested that an IS auditor assist the departmental management in the implementation of necessary controls. The IS auditor should: *

1 point

refuse the assignment since it is not the role of the IS Auditor

inform management of his/her inability to conduct future audits

perform the assignment and future audits with due professional care

obtain the approval of user management to perform the implementation and follow-up

An audit charter should: *

1 point

be dynamic and change often to coincide with the changing nature of technology and the audit profession

clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls

document the audit procedures designed to achieve the planned audit objectives

outline the overall authority, scope and responsibilities of the audit function

An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of *

1 point

Variable sampling

Substantive testing

Compliance testing

Stop-or-go sampling

From the perspective of Hardware maintenance, which is the best option?MTBF stands for "Mean Time between Failures" and MTTR stands for "Mean Time to recover" *

1 point

Low MTBF and Low MTTR

Low MTBF and High MTTR

High MTBF and Low MTTR

High MTBF and High MTTR

To Take care of e-waste regulations we need: *

1 point

Hardware Monitoring Plans

Audit of Hardware

Hardware Maintenance Plans

Hardware Retirement Policies

Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? *

1 point

Multiple cycles of backup files remain available

Access controls establish accountability for e-mail activity

Data classification regulates what information should be communicated via e-mail

Within the enterprise, a clear policy for using e-mail ensures that evidence is available

Which of the following sampling methods is MOST useful when testing for compliance? *

1 point

Attribute sampling

Variable sampling

Stratified mean per unit

Difference estimation

When choosing off-the-shelf software, which of the following are the two most important criteria? *

1 point

Documentation and response time

Flexibility and functionality

Vendor viability and vendor support

Cost and functionality

Which of the following are most commonly used to mitigate risks discovered by organizations? *

1 point

Controls

Personnel

Resources

Threats

Submit

Clear form

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms