Practice Free IT Audit Fundamentals Certificate Exam Online Questions
Question #11
What is the purpose of penetration testing?
- A . To ensure that sensitive information is disclosed
- B . To simulate a real attack and test for potential weaknesses
- C . To provide assurance that all vulnerabilities are discovered
- D . To identify all vulnerabilities in the system
Correct Answer: B
B
Explanation:
Penetration testing is aimed at simulating a real attack and testing for potential weaknesses in the system.
B
Explanation:
Penetration testing is aimed at simulating a real attack and testing for potential weaknesses in the system.
Question #12
Which characteristic ensures that computing capabilities are available over the network and can be accessed by diverse client platforms?
- A . Resource pooling
- B . Broad network access
- C . Rapid elasticity
- D . Measured service
Correct Answer: B
B
Explanation:
Broad network access allows computing capabilities to be available over the network, ensuring accessibility from diverse client platforms.
B
Explanation:
Broad network access allows computing capabilities to be available over the network, ensuring accessibility from diverse client platforms.
Question #13
Which data validation edit is effective in detecting transposition and transcription errors?
- A . Range check
- B . Check digit
- C . Validity check
- D . Duplicate check
Correct Answer: B
B
Explanation:
Appending a numeric value to data, ensuring original data integrity, is effective in detecting errors and alterations.
B
Explanation:
Appending a numeric value to data, ensuring original data integrity, is effective in detecting errors and alterations.
Question #14
What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?
- A . The VPN logon could be spoofed.
- B . Malicious code could be spread across the network.
- C . The VPN gateway could be compromised.
- D . Traffic could be sniffed and decrypted.
Correct Answer: B
B
Explanation:
VPN devices are robust, but enabling remote access can introduce security risks, especially when VPN traffic passes through a firewall without adequate examination.
B
Explanation:
VPN devices are robust, but enabling remote access can introduce security risks, especially when VPN traffic passes through a firewall without adequate examination.
Question #15
What is the purpose of application containerization?
- A . To increase communication between applications
- B . To remove all dependencies from an application
- C . To combine multiple applications into one container
- D . To isolate applications from each other
Correct Answer: D
D
Explanation:
Application containerization is used to isolate applications from each other within a running OS instance.
D
Explanation:
Application containerization is used to isolate applications from each other within a running OS instance.
Question #16
What is a risk associated with penetration testing?
- A . It provides assurance that all vulnerabilities are discovered
- B . It guarantees complete background checks of penetration testers
- C . It may inadvertently trigger escalation procedures
- D . It may results in sensitive information disclosure
Correct Answer: C
C
Explanation:
One of the risks associated with penetration testing is that testing activities may inadvertently trigger escalation procedures that may not have been appropriately planned.
C
Explanation:
One of the risks associated with penetration testing is that testing activities may inadvertently trigger escalation procedures that may not have been appropriately planned.
Question #17
What is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:
- A . complies with security policies of the organization.
- B . has a good market reputation for service and experience.
- C . agrees to be subject to external security reviews.
- D . claims to meet or exceed industry security standards.
Correct Answer: C
C
Explanation:
Obtaining an independent security review of an outsourcing vendor is critical to safeguard customer credit information.
C
Explanation:
Obtaining an independent security review of an outsourcing vendor is critical to safeguard customer credit information.
Question #18
What is meant by ‘objectivity’ in the context of IT auditing?
- A . The ability to exercise judgment with impartiality
- B . The ability to engage in acts that may discredit the auditor or the profession
- C . The ability to present recommendations with skepticism
- D . The ability to exercise judgment with partiality
Correct Answer: A
A
Explanation:
In the context of IT auditing, objectivity refers to the ability to exercise judgment, express opinions, and present recommendations with impartiality.
A
Explanation:
In the context of IT auditing, objectivity refers to the ability to exercise judgment, express opinions, and present recommendations with impartiality.
Question #19
Errors in audit procedures PRIMARILY impact which risk type?
- A . Detection risk
- B . Business risk
- C . Control risk
- D . Inherent risk
Correct Answer: A
A
Explanation:
The risk that audit procedures may fail to detect material errors or fraud is known as detection risk.
A
Explanation:
The risk that audit procedures may fail to detect material errors or fraud is known as detection risk.
Question #20
What’s a feature of Agile auditing?
- A . Utilizing automated tools for real-time analysis.
- B . Choosing audit resources for specific tasks.
- C . Planning and doing IT audit work at the same time.
- D . Reporting audit results at the end of the audit.
Correct Answer: C
C
Explanation:
In an Agile audit method, IT audit planning and fieldwork can overlap. Execution can commence on pre-planned steps, and if key resources or stakeholders are unavailable, only specific audit steps may be postponed, allowing other work to proceed.
C
Explanation:
In an Agile audit method, IT audit planning and fieldwork can overlap. Execution can commence on pre-planned steps, and if key resources or stakeholders are unavailable, only specific audit steps may be postponed, allowing other work to proceed.