Practice Free IT Audit Fundamentals Certificate Exam Online Questions
Question #1
What is the main function of Error Reporting and Handling in input controls?
- A . Grouping input transactions
- B . Balancing control totals
- C . Authorization of input
- D . Identifying and correcting input errors
Correct Answer: D
D
Explanation:
Identification and correction of input errors to maintain data accuracy and integrity.
D
Explanation:
Identification and correction of input errors to maintain data accuracy and integrity.
Question #2
What do auditors use to provide assurance that management’s actions are aligned with the enterprise’s mission?
- A . Market analysis and competitor benchmarking
- B . Financial statements and balance sheets
- C . Risk management and compliance programs
- D . Internal controls and control objectives
Correct Answer: D
D
Explanation:
Auditors use internal controls and control objectives to ensure alignment of management’s actions with the enterprise’s mission.
D
Explanation:
Auditors use internal controls and control objectives to ensure alignment of management’s actions with the enterprise’s mission.
Question #3
In reviewing system development for a health care organization using production data in the test environment, what is the MOST significant potential risk?
- A . Hardware in the test environment may not be identical to the production environment.
- B . The test environment may produce inaccurate results due to use of production data.
- C . The test environment may not have adequate controls to ensure data accuracy.
- D . The test environment may not have adequate access controls implemented to ensure data
confidentiality.
Correct Answer: D
D
Explanation:
Test environments should have adequate access controls to prevent unauthorized access to production data.
D
Explanation:
Test environments should have adequate access controls to prevent unauthorized access to production data.
Question #4
What controls is MOST important to integrated into an AI system?
- A . Allowing unrestricted modification of critical algorithms and parameters
- B . Restricting alterations to fundamental assumptions and formulas
- C . Incorporating auditability for algorithms from the system’s outset
- D . Preventing manual intervention to avoid AI system overrides
Correct Answer: C
C
Explanation:
To ensure control, it is essential to thoroughly document and appropriately explain the logic of AI algorithms, encompassing all facets of the program. Enabling auditability for AI algorithms from the beginning allows for a comprehensive understanding of the decision-making process and judgments reached by the algorithm.
C
Explanation:
To ensure control, it is essential to thoroughly document and appropriately explain the logic of AI algorithms, encompassing all facets of the program. Enabling auditability for AI algorithms from the beginning allows for a comprehensive understanding of the decision-making process and judgments reached by the algorithm.
Question #5
What should an IT auditor do when auditing web applications?
- A . Avoid considering business and IT goals
- B . Use a attack-based approach to assess vulnerabilities
- C . Focus on technical vulnerabilities
- D . Use a risk-based approach to assess vulnerabilities
Correct Answer: D
D
Explanation:
An IT auditor should apply a risk-based approach to assess web application vulnerabilities.
D
Explanation:
An IT auditor should apply a risk-based approach to assess web application vulnerabilities.
Question #6
When an outsourced monitoring process for remote access is insufficient, and management disputes this due to the presence of intrusion detection system (IDS) and firewall controls, the IS auditor’s best course of action is:
- A . Retract the finding because the firewall rules are monitored.
- B . Revise the finding in the audit report per management’s feedback.
- C . Document the identified finding in the audit report.
- D . Retract the finding because the IDS controls are in place.
Correct Answer: C
C
Explanation:
IS auditor independence requires consideration of additional information provided by the auditee, without automatically retracting or revising findings.
C
Explanation:
IS auditor independence requires consideration of additional information provided by the auditee, without automatically retracting or revising findings.
Question #7
For a health care organization, which reason MOST likely indicates that the patient benefit data warehouse should remain in-house rather than be outsourced?
- A . Time zone differences could impede customer service.
- B . It is harder to monitor remote databases.
- C . Member service representative training cost will be much higher.
- D . There are regulations regarding data privacy.
Correct Answer: D
D
Explanation:
Regulations restricting cross-border data flow may hinder locating a data warehouse in another country, affecting customer/member information.
D
Explanation:
Regulations restricting cross-border data flow may hinder locating a data warehouse in another country, affecting customer/member information.
Question #8
To verify the proper management of a big data project, an IT auditor must ensure that the organization:
- A . Has assessed the risks associated with centralizing data in one location for analysis purposes.
- B . Does not exclusively perceive the project as a technology-focused endeavor.
- C . Plans to rely solely on untested and outdated data analysis approaches.
- D . Intends to analyze data using conventional relational or multidimensional database techniques.
Correct Answer: A
A
Explanation:
When consolidating data elements for analysis in a central location, it is crucial to take into account technical risks. For instance, the act of centralizing data poses the risk of exposing all aggregated data to potential compromise by unauthorized users, rather than just a subset of the data. Additionally, the amalgamation of data may lead to data privacy concerns, especially if semi-anonymous information becomes non-anonymous or easily identifiable when combined.
A
Explanation:
When consolidating data elements for analysis in a central location, it is crucial to take into account technical risks. For instance, the act of centralizing data poses the risk of exposing all aggregated data to potential compromise by unauthorized users, rather than just a subset of the data. Additionally, the amalgamation of data may lead to data privacy concerns, especially if semi-anonymous information becomes non-anonymous or easily identifiable when combined.
Question #9
How do deepfakes relate to the misuse of AI technology?
- A . Deepfakes are used to impact the integrity of data
- B . Deepfakes prevent secure data storage for enterprises
- C . Deepfakes have no connection to AI systems
- D . Deepfakes are use to create counterfeit videos
Correct Answer: D
D
Explanation:
Deepfakes, as mentioned, are synthetic videos created using AI that can deceive viewers into believing they are real.
D
Explanation:
Deepfakes, as mentioned, are synthetic videos created using AI that can deceive viewers into believing they are real.
Question #10
The decisions and actions of an IS auditor are most likely to affect which type of risk?
- A . Detection
- B . Control
- C . Inherent
- D . Business
Correct Answer: A
A
Explanation:
Detection risk, influenced by the IS auditor’s choice of procedures, is the risk that a review fails to notice a material issue.
A
Explanation:
Detection risk, influenced by the IS auditor’s choice of procedures, is the risk that a review fails to notice a material issue.