Practice Free IT Audit Fundamentals Certificate Exam Online Questions
Question #21
Which action should an IT auditor take FIRST if a major fraud is identified?
- A . Report it to law enforcement or regulators only
- B . Report it to enterprise management only
- C . Communicate it in a timely manner to the audit committee
- D . Perform throughouh analysis to determine the effect of the act
Correct Answer: D
D
Explanation:
An operational audit examines whether IT operations are being accomplished efficiently and meeting effectiveness targets.
D
Explanation:
An operational audit examines whether IT operations are being accomplished efficiently and meeting effectiveness targets.
Question #22
When reviewing an enterprise’s system development testing policy, what statement concerning the use of production data for testing would the IS auditor consider MOST appropriate?
- A . Senior IS and business management must approve use before production data can be used for testing.
- B . Production data can never be used. All test data must be developed and based on documented test cases.
- C . Production data can be used if they are copied to a secure test environment.
- D . Production data can be used provided that confidentiality agreements are in place.
Correct Answer: A
A
Explanation:
Using production data for testing carries risks, requiring flexibility and conditions to mitigate associated risks.
A
Explanation:
Using production data for testing carries risks, requiring flexibility and conditions to mitigate associated risks.
Question #23
What is the PRIMARY purpose of specific IT control objectives?
- A . Safeguarding assets
- B . Ensuring integrity of general OS environments
- C . Ensuring system development life cycle processes
- D . Authorization of the input
Correct Answer: A
A
Explanation:
Specific IT control objectives focus on safeguarding assets so that information on automated systems is up to date and secure from improper access.
A
Explanation:
Specific IT control objectives focus on safeguarding assets so that information on automated systems is up to date and secure from improper access.
Question #24
What is the purpose of evaluating the disaster recovery plan?
- A . To review the marketing strategy of the enterprise
- B . To assess the cost of the disaster recovery plan
- C . To evaluate the enterprise’s preparedness for a major business disruption
- D . To assess the HR policies of the enterprise
Correct Answer: C
C
Explanation:
The purpose of evaluating the disaster recovery plan is to assess the enterprise’s preparedness in the event of a major business disruption.
C
Explanation:
The purpose of evaluating the disaster recovery plan is to assess the enterprise’s preparedness in the event of a major business disruption.
Question #25
What is the BIGGEST concern regarding a superintelligent AI system?
- A . It can take over human decision-making.
- B . It can duplicate itself.
- C . It lacks the ability to offer economic or military advantages.
- D . It can only learn when supervised by humans.
Correct Answer: A
A
Explanation:
A superintelligent AI system may become a security threat if it considers humans unable to make their own decisions and takes over.
A
Explanation:
A superintelligent AI system may become a security threat if it considers humans unable to make their own decisions and takes over.
Question #26
In which type of testing does the penetration tester and security have limited knowledge of the test?
- A . External testing
- B . Double blind testing
- C . Blind testing
- D . Targeted testing
Correct Answer: B
B
Explanation:
Double blind testing refers to an extension of blind testing because the administrator and security staff at the target are also not aware of the test.
B
Explanation:
Double blind testing refers to an extension of blind testing because the administrator and security staff at the target are also not aware of the test.
Question #27
What is the PRIMARY purpose of assessing third-party risk management?
- A . To assess whether the third party is compliant with the agreement
- B . To review employee competency
- C . To evaluate customer satisfaction
- D . To assess the environmental impact of third-party operations
Correct Answer: A
A
Explanation:
The purpose of assessing third-party risk management is to assess whether the third party is compliant with the terms of the agreement with the enterprise.
A
Explanation:
The purpose of assessing third-party risk management is to assess whether the third party is compliant with the terms of the agreement with the enterprise.
Question #28
What differentiates a private cloud deployment model?
- A . Use of metatags to segregate client data
- B . Communal sharing of processing power and storage capacity
- C . Involvement of a single client or enterprise
- D . Multiple clients from different enterprises
Correct Answer: C
C
Explanation:
Private clouds consist of one client (individual or enterprise) within the same enterprise.
C
Explanation:
Private clouds consist of one client (individual or enterprise) within the same enterprise.
Question #29
Man-in-the-middle attacks ___________.
- A . transfer information between systems using existing infrastructure
- B . intercept communication between two components of a victim system, replacing the traffic with the intruder’s own data to eventually assume control of the communication.
- C . conceals messages, images, or files within others, often using media files due to their large size.
- D . deceive users or administrators into divulging confidential information, allowing unauthorized access to systems through manipulation and trickery.
Correct Answer: B
B
Explanation:
Man-in-the-Middle (MitM) attacks intercept communication between two components of a victim system, replacing the traffic with the intruder’s own data to eventually assume control of the communication.
B
Explanation:
Man-in-the-Middle (MitM) attacks intercept communication between two components of a victim system, replacing the traffic with the intruder’s own data to eventually assume control of the communication.
Question #30
What will BEST ensure the successful offshore development of business applications?
- A . Detailed and correctly applied specifications
- B . Stringent contract management practices
- C . Post-implementation review
- D . Awareness of cultural and political differences
Correct Answer: A
A
Explanation:
Detailed specifications are crucial for offshore operations to bridge language differences and communication gaps between developers and remote end users, preventing misunderstandings and inaccurate specifications.
A
Explanation:
Detailed specifications are crucial for offshore operations to bridge language differences and communication gaps between developers and remote end users, preventing misunderstandings and inaccurate specifications.