السؤال #1

What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?

A. Paper

B. Preparedness

C. Walk-through

D. Parallel

عرض الإجابة

اجابة صحيحة: B

السؤال #2

IT governance is PRIMARILY the responsibility of the:

A. chief executive office

B. board of director

C. IT steering committe

D. audit committe

عرض الإجابة

اجابة صحيحة: A

السؤال #3

What is often assured through table link verification and reference checks?

A. Database integrity

B. Database synchronization

C. Database normalcy

D. Database accuracy

عرض الإجابة

اجابة صحيحة: B

السؤال #4

An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?

A. Evidence collected through personal observation

B. Evidence collected through systems logs provided by the organization's security administration

C. Evidence collected through surveys collected from internal staff

D. Evidence collected through transaction reports provided by the organization's IT administration

عرض الإجابة

اجابة صحيحة: B

السؤال #5

Assessing IT risks is BEST achieved by:

A. evaluating threats associated with existing IT assets and IT project

B. using the firm's past actual loss experience to determine current exposur

C. reviewing published loss statistics from comparable organization

D. reviewing IT control weaknesses identified in audit report

عرض الإجابة

اجابة صحيحة: A

السؤال #6

Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.

A. Documented routines

B. Authorized routines

C. Accepted routines

D. Approved routines

عرض الإجابة

اجابة صحيحة: D

السؤال #7

Which of the following is the MOST critical step in planning an audit?

A. Implementing a prescribed auditing framework such as COBIT

B. Identifying current controls

C. Identifying high-risk audit targets

D. Testing controls

عرض الإجابة

اجابة صحيحة: A

السؤال #8

An advantage of using sanitized live transactions in test data is that:

A. all transaction types will be include

B. every error condition is likely to be teste

C. no special routines are required to assess the result

D. test transactions are representative of live processin

عرض الإجابة

اجابة صحيحة: B

السؤال #9

The directory system of a database-management system describes:

A. The access method to the data

B. The location of data AND the access method

C. The location of data

D. Neither the location of data NOR the access method

عرض الإجابة

اجابة صحيحة: A

السؤال #10

Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:

A. include the finding in the final report, because the IS auditor is responsible for an accurate report of all finding

B. not include the finding in the final report, because the audit report should include only unresolved finding

C. not include the finding in the final report, because corrective action can be verified by the IS auditor during the audi

D. include the finding in the closing meeting for discussion purposes onl

عرض الإجابة

اجابة صحيحة: A

السؤال #11

An IS auditor should carefully review the functional requirements in a systems-development project to ensure that the project is designed to:

A. Meet business objectives

B. Enforce data security

C. Be culturally feasible

D. Be financially feasible

عرض الإجابة

اجابة صحيحة: A

السؤال #12

Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: A

السؤال #13

As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

A. The same valu

B. Greater valu

C. Lesser valu

D. Prior audit reports are not relevan

عرض الإجابة

اجابة صحيحة: B

السؤال #14

What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

A. Repeatable but Intuitive

B. Defined

C. Managed and Measurable

D. Optimized

عرض الإجابة

اجابة صحيحة: B

السؤال #15

To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer.

A. The business objectives of the organization

B. The effect of segregation of duties on internal controls

C. The point at which controls are exercised as data flows through the system

D. Organizational control policies

عرض الإجابة

اجابة صحيحة: B

السؤال #16

Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?

A. Multiplexer

B. Modem

C. Protocol converter

D. Concentrator

عرض الإجابة

اجابة صحيحة: A

السؤال #17

Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?

A. Multiple cycles of backup files remain availabl

B. Access controls establish accountability for e-mail activit

C. Data classification regulates what information should be communicated via e-mai

D. Within the enterprise, a clear policy for using e-mail ensures that evidence is availabl

عرض الإجابة

اجابة صحيحة: A

السؤال #18

Who is responsible for the overall direction, costs, and timetables for systems-development projects?

A. The project sponsor

B. The project steering committee

C. Senior management

D. The project team leader

عرض الإجابة

اجابة صحيحة: B

السؤال #19

When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:

A. project be discontinue

B. business case be updated and possible corrective actions be identifie

C. project be returned to the project sponsor for reapprova

D. project be completed and the business case be updated late

عرض الإجابة

اجابة صحيحة: D

السؤال #20

Parity bits are a control used to validate:

A. Data authentication

B. Data completeness

C. Data source

D. Data accuracy

عرض الإجابة

اجابة صحيحة: A

السؤال #21

Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?

A. WAP is often configured by default settings and is thus insecur

B. WAP provides weak encryption for wireless traffi

C. WAP functions as a protocol-conversion gateway for wireless TLS to Internet SS

D. WAP often interfaces critical IT system

عرض الإجابة

اجابة صحيحة: B

السؤال #22

What is used as a control to detect loss, corruption, or duplication of data?

A. Redundancy check

B. Reasonableness check

C. Hash totals

D. Accuracy check

عرض الإجابة

اجابة صحيحة: D

السؤال #23

After an IS auditor has identified threats and potential impacts, the auditor should:

A. Identify and evaluate the existing controls

B. Conduct a business impact analysis (BIA)

C. Report on existing controls

D. Propose new controls

عرض الإجابة

اجابة صحيحة: B

السؤال #24

In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?

A. Testing whether inappropriate personnel can change application parameters

B. Tracing purchase orders to a computer listing

C. Comparing receiving reports to purchase order details

D. Reviewing the application documentation

عرض الإجابة

اجابة صحيحة: B

السؤال #25

In the process of evaluating program change controls, an IS auditor would use source code comparison software to:

A. examine source program changes without information from IS personne

B. detect a source program change made between acquiring a copy of the source and the comparison ru

C. confirm that the control copy is the current version of the production progra

D. ensure that all changes made in the current source copy are detecte

عرض الإجابة

اجابة صحيحة: D

السؤال #26

An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:

A. report that the control is operating effectively since deactivation happens within the time frame stated in the IS polic

B. verify that user access rights have been granted on a need-to-have basi

C. recommend changes to the IS policy to ensure deactivation of user IDs upon terminatio

D. recommend that activity logs of terminated users be reviewed on a regular basi

عرض الإجابة

اجابة صحيحة: A

السؤال #27

Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?

A. Test data run

B. Code review

C. Automated code comparison

D. Review of code migration procedures

عرض الإجابة

اجابة صحيحة: C

السؤال #28

During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

A. Create an IT risk management department and establish an IT risk framework with the aid of external risk management expert

B. Use common industry standard aids to divide the existing risk documentation into several individual risks which will be easier to handl

C. No recommendation is necessary since the current approach is appropriate for a medium-sized organizatio

D. Establish regular IT risk management meetings to identify and assess risks, and create a mitigation plan as input to the organization's risk managemen

عرض الإجابة

اجابة صحيحة: A

السؤال #29

Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?

A. Define a balanced scorecard (BSC) for measuring performance

B. Consider user satisfaction in the key performance indicators (KPIs)

C. Select projects according to business benefits and risks

D. Modify the yearly process of defining the project portfolio

عرض الإجابة

اجابة صحيحة: C

السؤال #30

An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?

A. Design further tests of the calculations that are in erro

B. Identify variables that may have caused the test results to be inaccurat

C. Examine some of the test cases to confirm the result

D. Document the results and prepare a report of findings, conclusions and recommendation

عرض الإجابة

اجابة صحيحة: A

السؤال #31

Which of the following would provide the highest degree of server access control?

A. A mantrap-monitored entryway to the server room

B. Host-based intrusion detection combined with CCTV

C. Network-based intrusion detection

D. A fingerprint scanner facilitating biometric access control

عرض الإجابة

اجابة صحيحة: C

السؤال #32

An IS auditor who was involved in designing an organization's business continuity plan (BCP) has been assigned to audit the plan. The IS auditor should:

A. decline the assignmen

B. inform management of the possible conflict of interest after completing the audit assignmen

C. inform the business continuity planning (BCP) team of the possible conflict of interest prior to beginning the assignmen

D. communicate the possibility of conflict of interest to management prior to starting the assignmen

عرض الإجابة

اجابة صحيحة: C

السؤال #33

Run-to-run totals can verify data through which stage(s) of application processing?

A. Initial

B. Various

C. Final

D. Output

عرض الإجابة

اجابة صحيحة: D

السؤال #34

An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

A. Project sponsor

B. System development project team (SPDT)

C. Project steering committee

D. User project team (UPT)

عرض الإجابة

اجابة صحيحة: A

السؤال #35

CORRECT TEXT The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?

A. Test data

B. Generalized audit software

C. Integrated test facility

D. Embedded audit module

عرض الإجابة

اجابة صحيحة: B

السؤال #36

An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?

A. That an audit clause is present in all contracts

B. That the SLA of each contract is substantiated by appropriate KPIs

C. That the contractual warranties of the providers support the business needs of the organization

D. That at contract termination, support is guaranteed by each outsourcer for new outsourcers

عرض الإجابة

اجابة صحيحة: A

السؤال #37

Which of the following is the key benefit of control self-assessment (CSA)?

A. Management ownership of the internal controls supporting business objectives is reinforce

B. Audit expenses are reduced when the assessment results are an input to external audit wor

C. Improved fraud detection since internal business staff are engaged in testing controls

D. Internal auditors can shift to a consultative approach by using the results of the assessmen

عرض الإجابة

اجابة صحيحة: B

السؤال #38

Which of the following is the dominating objective of BCP and DRP?

A. To protect human life

B. To mitigate the risk and impact of a business interruption

C. To eliminate the risk and impact of a business interruption

D. To transfer the risk and impact of a business interruption

عرض الإجابة

اجابة صحيحة: A

السؤال #39

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

A. controls needed to mitigate risks are in plac

B. vulnerabilities and threats are identifie

C. audit risks are considere

D. a gap analysis is appropriat

عرض الإجابة

اجابة صحيحة: B

السؤال #40

Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?

A. Time zone differences could impede communications between IT team

B. Telecommunications cost could be much higher in the first yea

C. Privacy laws could prevent cross-border flow of informatio

D. Software development may require more detailed specification

عرض الإجابة

اجابة صحيحة: B

السؤال #41

Which of the following IT governance best practices improves strategic alignment?

A. Supplier and partner risks are manage

B. A knowledge base on customers, products, markets and processes is in plac

C. A structure is provided that facilitates the creation and sharing of business informatio

D. Top management mediate between the imperatives of business and technolog

عرض الإجابة

اجابة صحيحة: D

السؤال #42

Which of the following is best suited for searching for address field duplications?

A. Text search forensic utility software

B. Generalized audit software

C. Productivity audit software

D. Manual review

عرض الإجابة

اجابة صحيحة: A

السؤال #43

What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.

A. Lack of funding

B. Inadequate user participation during system requirements definition

C. Inadequate senior management participation during system requirements definition

D. Poor IT strategic planning

عرض الإجابة

اجابة صحيحة: A

السؤال #44

Which of the following BEST supports the prioritization of new IT projects?

A. Internal control self-assessment (CSA)

B. Information systems audit

C. Investment portfolio analysis

D. Business risk assessment

عرض الإجابة

اجابة صحيحة: D

السؤال #45

What can be implemented to provide the highest level of protection from external attack?

A. Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host

B. Configuring the firewall as a screened host behind a router

C. Configuring the firewall as the protecting bastion host

D. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts

عرض الإجابة

اجابة صحيحة: D

السؤال #46

When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?

A. There could be a question regarding the legal jurisdictio

B. Having a provider abroad will cause excessive costs in future audit

C. The auditing process will be difficult because of the distanc

D. There could be different auditing norm

عرض الإجابة

اجابة صحيحة: D

السؤال #47

Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?

A. Ensuring that invoices are paid to the provider

B. Participating in systems design with the provider

C. Renegotiating the provider's fees

D. Monitoring the outsourcing provider's performance

عرض الإجابة

اجابة صحيحة: B

السؤال #48

When developing a security architecture, which of the following steps should be executed FIRST?

A. Developing security procedures

B. Defining a security policy

C. Specifying an access control methodology

D. Defining roles and responsibilities

عرض الإجابة

اجابة صحيحة: D

السؤال #49

An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: B

السؤال #50

Key verification is one of the best controls for ensuring that:

A. Data is entered correctly

B. Only authorized cryptographic keys are used

C. Input is authorized

D. Database indexing is performed properly

عرض الإجابة

اجابة صحيحة: A

السؤال #51

What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.

A. Accuracy check

B. Completeness check

C. Reasonableness check

D. Redundancy check

عرض الإجابة

اجابة صحيحة: B

السؤال #52

To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:

A. control self-assessment

B. a business impact analysi

C. an IT balanced scorecar

D. business process reengineerin

عرض الإجابة

اجابة صحيحة: D

السؤال #53

The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

A. rule

B. decision tree

C. semantic net

D. dataflow diagram

عرض الإجابة

اجابة صحيحة: A

السؤال #54

Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?

A. Exposures

B. Threats

C. Hazards

D. Insufficient controls

عرض الإجابة

اجابة صحيحة: D

السؤال #55

Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

A. A monitored double-doorway entry system

B. A monitored turnstile entry system

C. A monitored doorway entry system

D. A one-way door that does not allow exit after entry

عرض الإجابة

اجابة صحيحة: A

السؤال #56

Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?

A. Specific developments only

B. Business requirements only

C. All phases of the installation must be documented

D. No need to develop a customer specific documentation

عرض الإجابة

اجابة صحيحة: B

السؤال #57

Which of the following is of greatest concern when performing an IS audit?

A. Users' ability to directly modify the database

B. Users' ability to submit queries to the database

C. Users' ability to indirectly modify the database

D. Users' ability to directly view the database

عرض الإجابة

اجابة صحيحة: B

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان