Practice Free IT Audit Fundamentals Certificate Exam Online Questions
What knowledge and skills are required for conducting penetration testing?
- A . Knowledge of control monitoring and evaluation
- B . Understanding of IT technology and vulnerabilities
- C . Familiarity with specialized assessments
- D . Expertise in data accuracy and completeness
B
Explanation:
Penetration testing requires specialized knowledge of vulnerabilities, exploits, IT technology, and the use of testing tools.
___________, is an attack designed to entice specific individuals or groups to obtain important
information.
- A . Spear phishing
- B . Social engineering
- C . Phishing
- D . Spoofing
A
Explanation:
Spear phishing is an attack designed to entice specific individuals or groups to obtain important information.
Which NIST cybersecurity framework function involves the implementation of the enterprise cybersecurity awareness and training program?
- A . Respond
- B . Detect
- C . Protect
- D . Recover
C
Explanation:
The protect function within the NIST cybersecurity framework incorporates the enterprise cybersecurity awareness program.
What is an important consideration when implementing effective change management procedures?
- A . Maximizing operational objectives
- B . Minimizing the identification and authentication of users
- C . Increasing the speed of IT services
- D . Ensuring integrity and reliability of systems
D
Explanation:
When implementing effective change management procedures, it is important to ensure the integrity and reliability of systems are maintained.
Among backup techniques, what is the most appropriate when an organization requires extremely granular data restore points?
- A . Virtual tape libraries
- B . Continuous data backup
- C . Disk-based snapshots
- D . Disk-to-tape backup
B
Explanation:
Recovery Point Objective (RPO) determines acceptable data loss, making continuous data backup the preferred option for organizations with short RPOs.
Finding that a disaster recovery plan for critical business functions does not cover all systems, what is the most appropriate course of action for the IS auditor?
- A . Cancel the audit.
- B . Complete the audit of the systems covered by the existing DRP.
- C . Alert management and evaluate the impact of not covering all systems.
- D . Postpone the audit until the systems are added to the DRP.
C
Explanation:
An IS auditor should alert management if certain systems are omitted from the disaster recovery plan, evaluating the impact of this omission.
What "as a service" model provides a platform for software development and remote configuration?
- A . Platform as a Service (PaaS)
- B . Cyber as a Service (CaaS)
- C . Software as a Service (SaaS)
- D . Infrastructure as a Service (IaaS)
A
Explanation:
Platform as a Service (PaaS) model allows a platform for software creation and remote configuration
When reviewing data file change management controls, what best helps decrease the research time needed to investigate exceptions?
- A . File updating and maintenance authorization
- B . Data file security
- C . Transaction logs
- D . One-for-one checking
C
Explanation:
Audit trails generated by logs provide detailed information on input date, time, user ID, and location, aiding in exception investigations and transaction tracking.
The primary factor influencing the timing of a follow-up program by an IT auditor to assess the implementation of agreed-upon corrective actions by the auditee is MOST determined by:
- A . The number of audit findings
- B . The criticality of the audit findings
- C . The alphabetical order of the audit findings
- D . The duration since the completion of the audit
B
Explanation:
Establishing a follow-up program is essential for an IT auditor to verify the implementation of agreed-upon corrective actions. The timing of this follow-up is contingent upon the criticality of the findings and is at the discretion of the IT auditor’s judgment.
What "as a service" model offers virtual machines, abstracted hardware, and operating systems to clients without the necessity of on-premise equipment?
- A . Cyber as a Service (CaaS)
- B . Infrastructure as a Service (IaaS)
- C . Platform as a Service (PaaS)
- D . Software as a Service (SaaS)
B
Explanation:
Infrastructure as a Service (IaaS) model provides virtual machines, other abstracted hardware and operating systems to clients without the need for on-premise equipment