Practice Free IT Audit Fundamentals Certificate Exam Online Questions
Question #41
Why is it MOST important for IT auditors to maintain their competencies?
- A . To decrease the cost of performing an IT audit
- B . To disclose information obtained during an IT audit
- C . To reduce the level of testing in audits
- D . To comply with developments in professional standards
Correct Answer: D
D
Explanation:
IT auditors need to maintain their competencies to comply with developments in professional standards, ensure technical competence, and address all concerns regarding the application of standards during the conduct of the audit.
D
Explanation:
IT auditors need to maintain their competencies to comply with developments in professional standards, ensure technical competence, and address all concerns regarding the application of standards during the conduct of the audit.
Question #42
How can an IS auditor ascertain whether unauthorized modifications were made to production programs?
- A . Analytical review
- B . Forensic analysis
- C . Compliance testing
- D . System log analysis
Correct Answer: C
C
Explanation:
Reviewing the change management process provides evidence of authorized modifications to production programs, aiding in consistent application.
C
Explanation:
Reviewing the change management process provides evidence of authorized modifications to production programs, aiding in consistent application.
Question #43
For ensuring the integrity of a server’s operating system, what BEST practice should be followed?
- A . Hardening the server configuration
- B . Implementing activity logging
- C . Protecting the server in a secure location
- D . Setting a boot password
Correct Answer: A
A
Explanation:
Hardening involves configuring a system in the most secure manner, installing the latest security patches, defining access authorization, disabling insecure options, and uninstalling unused services. This prevents nonprivileged users from gaining unauthorized access and ensures the integrity of the operating system.
A
Explanation:
Hardening involves configuring a system in the most secure manner, installing the latest security patches, defining access authorization, disabling insecure options, and uninstalling unused services. This prevents nonprivileged users from gaining unauthorized access and ensures the integrity of the operating system.
Question #44
What are management assertions?
- A . Formal declarations made by the board of directors
- B . Formal declarations made by IT auditors
- C . Formal declarations made by external regulators
- D . Formal declarations made by senior management
Correct Answer: D
D
Explanation:
Management assertions are formal declarations made by senior management about the business.
D
Explanation:
Management assertions are formal declarations made by senior management about the business.
Question #45
In the event of a data center disaster, what would be the FOREMOST appropriate strategy to enable a complete recovery of a critical database?
- A . Hard disk mirroring to a local server
- B . Daily data backup to tape and storage to a remote site
- C . Real-time replication to a remote site
- D . Real-time data backup to the local storage area network
Correct Answer: C
C
Explanation:
Real-time replication to a remote site ensures data updates in two separate locations, preventing data loss in case of a disaster in one site, assuming both sites are not affected by the same disaster.
C
Explanation:
Real-time replication to a remote site ensures data updates in two separate locations, preventing data loss in case of a disaster in one site, assuming both sites are not affected by the same disaster.
Question #46
What is the primary purpose of Batch Controls and Balancing in input controls?
- A . Handling error reports
- B . Identifying input errors
- C . Grouping input transactions for control totals
- D . Verifying total items in a transaction
Correct Answer: C
C
Explanation:
Grouping input transactions to provide control totals for accuracy and completeness.
C
Explanation:
Grouping input transactions to provide control totals for accuracy and completeness.
Question #47
What type of services can an external audit firm provide?
- A . Human resource management
- B . Consulting on marketing strategies
- C . Independent audit of financial statements
- D . Maintenance of IT systems
Correct Answer: C
C
Explanation:
An external audit firm provides services like independent audit of financial statements, risk and regulatory compliance, and managed services related to controls testing.
C
Explanation:
An external audit firm provides services like independent audit of financial statements, risk and regulatory compliance, and managed services related to controls testing.
Question #48
A company determined that its web site was compromised, and a rootkit was installed on the server hosting the application.
What choice would have most likely prevented the incident?
- A . Operating system patching
- B . A host-based intrusion prevention system
- C . A firewall
- D . A network-based intrusion detection system
Correct Answer: B
B
Explanation:
To prevent unauthorized alterations to the host, this mechanism denies the installation of a rootkit during a malware attack without the administrator’s consent.
B
Explanation:
To prevent unauthorized alterations to the host, this mechanism denies the installation of a rootkit during a malware attack without the administrator’s consent.
Question #49
What action could be taken to ensure the portability of an application connected to a database?
- A . Verification of database import and export procedures
- B . Usage of a Structured Query Language
- C . Analysis of stored procedures/triggers
- D . Synchronization of the entity-relation model with the database physical schema
Correct Answer: B
B
Explanation:
Using Structured Query Language (SQL) supports portability because it is a widely adopted industry standard.
B
Explanation:
Using Structured Query Language (SQL) supports portability because it is a widely adopted industry standard.
Question #50
Which cloud deployment model presents the greatest security and risk challenges?
- A . Private cloud
- B . Hybrid cloud
- C . Community cloud
- D . Public cloud
Correct Answer: D
D
Explanation:
Public cloud models tend to present the greatest assurance challenges for security and risk managers.
D
Explanation:
Public cloud models tend to present the greatest assurance challenges for security and risk managers.