Escolar Documentos
Profissional Documentos
Cultura Documentos
eisa@infosysauditor.com
MOCK TEST
a. Vendor support
b. Security & training
c. Employee’s always want to work with leading edge companies and
this beta test helps towards that cause
d. Helps to retain employee’s in the organization
a. Reconciling accounts
b. Determining whether policies are available
c. Determining whether controls are functioning
d. Determining whether documentation is available
a. Access list
b. Encrypted password
c. Remote logon procedure
d. Application log-on procedure
a. A log
b. Hash totals
c. Batch totals
d. A check-digit control
a. Access list
b. Encrypted password
c. Remote log-on procedure
d. Application log-on procedure
6. An Information Systems Auditor’s primary consideration regarding internal
control policies, procedures, and standards available in the IS department
is whether they are:
a. Documented
b. Distributed
c. Followed
d. Approved
11. While doing the audit under regulatory requirements; auditor suspects a
fraud. In such case to whom he shall report?
a. The management
b. The stakeholders
c. Shall consult the legal experts
a. Inform the management about this situation and take up the audit
b. Decline to perform the audit
c. Involve in the development of application
d. Perform the audit. Since, the IS auditor was part of development
team he could perform the audit in a better manner.
14. Which of the following is the most likely sequence of phases in the system
development process:
15. During the exit interview, the IS manager argues with the IS auditor about
the correctness of findings. What IS auditor should do in this situation?
18. The database administrator has primary responsibility for defining the:
a. Internal schema
b. Logical schema
c. External schema
d. Conceptual schema
19. Which of the following ensures that IT governance is aligned with business
and enterprise strategy?
a. Value analysis
b. Business impact analysis
c. Critical path analysis
d. Break-even point analysis
20. Which of the following activities carried out by the database administrator
is unlikely to be recorded on a machine log maintained by the operating
system or by the database management system:
a. Post-implementation
b. Just before going live
c. During acceptance test
d. During implementation
a. Cost-benefit analysis
b. Design phase
c. Development tools
d. Requirement analysis
a. The risk that cannot be handled by the installation and will not be
handled by an insurance company
b. The risk remaining after risks have been controlled by system
design, installation of security measures, and regular security
audits
c. The risk that must be treated as a cost of doing normal operations
d. The risk not covered in the insurance policies for data processing
assets
a. Fall-back procedures
b. Fault tolerant
c. Re-configuration
d. Hardware redundancy
32. Which of the following actions should be undertaken when a file retention
date expires:
33. The use of Simple Object Access Protocol (SOAP) does the following?
a. Possessed objects
b. Personal information
c. Remembered information
d. Dialog information
a. Benchmark
b. ISO standards
c. Risk assessment
d. IS audit
a. Simplicity
b. Small Key
c. Low error propagation
d. Low work factor
37. When the organization reviews its performance with the similar industry,
which of the following can be used as an effective tool?
a. Benchmark
b. IT scorecard
c. Gap Analysis
d. Business Process Re-engineering (BPR)
a. Removed controls
b. Performance monitoring
c. Process efficiency
d. Customer satisfaction
a. Defined
b. Managed
c. Optimizing
d. Ad-hoc
42. Which of the following actions should not be undertaken when plastic
debit/credit cards are issued:
a. Mail the cards in an envelope that does not identify the name of the
issuing institution
b. Make two different groups responsible for the mailing of cards and
the investigation of returned cards
c. Use pre-mailers to detect invalid addresses
d. Mail the card and the PIN mailer together in a registered envelope
44. Which of the following events is not recorded on a public audit trail in a
digital signature system:
a. Record check
b. Set membership check
c. Field check
d. Batch check
a. Record check
b. Batch check
c. Field check
d. Alphabetic/numeric check
a. Reducing anomalies
b. Operation efficiency
c. Enforcing data security
d. Storing database related index and description
a. Referential integrity
b. Table lookup
c. Existence check
d. Completeness check
52. The purpose of a retention date for a magnetic tape file is to:
a. Sender identity
b. Sender host identity
c. Message path traveled
d. Recipient’s identity
54. During the data input process, the primary purpose of registers and control
totals is to:
a. Ensure errors are corrected and corrected only once
b. Ensure all data enters the system
c. Enable changes in the patterns of input errors to be identified
d. Identify which types of input resources are being consumed so the
efficiency of input validation processes can be improved
55. The retention period of audit trail and log depends upon?
a. Message modification
b. Denial of message service
c. Traffic analysis
d. Changed message order
59. When disposing the write-once media, what is the best course of action?
60. The type of modulation method that performs best in terms of the number
of line errors that arises is:
a. Phase modulation
b. Analog modulation
c. Frequency modulation
d. Amplitude modulation
a. Downtime reports
b. Response time
c. Call Log Report of help desk
d. Utilization report
a. Dynamic equalization
b. Automatic dial-up capabilities
c. Multiple transmission speeds
a. CO2
b. Dry-pipe
c. Wet-pipe
d. Halon
a. A digital line
b. A conditioned line
c. An optical fiber line
d. A satellite line
65. Which of the following not suitable topology when there is heavy traffic in
the network?
a. Bus
b. Ring
c. Star
d. Mesh
a. Multiplexing technique
b. Line conditioning technique
c. Concentration technique
d. Modulation technique
a. WEP security
b. WPA security
c. MAC filtering
d. SSID was disabled
a. Star network
b. Completely connected network
c. Ring network
d. Multidrop line network
a. Integrity
b. Privacy
c. Availability
d. Confidentiality
a. Message insertion
b. Traffic analysis
c. Spurious associations
d. Change of message order
71. If enabled, which of the following will pose great risk to the organization?
a. FTP
b. HTTP
c. SNMP
d. SMTP
73. To prevent the virus spreading through the network, which of the following
service should be blocked?
a. Anonymous FTP
b. Uploading of files
c. Access to external websites
d. Mail services
a. Identification
b. Authentication
c. Privacy
d. Availability
a. Authentication
b. Confidentiality
c. Integrity
d. Availability
a. Authentication
b. Confidentiality
c. Integrity
d. Availability
79. Which of the following enables the IS auditor to understand the firewall
configuration?
a. Review rule-base
b. Conduct penetration test
c. Interview the Security Admin
d. Review firewall installation manual
83. While auditing the IS function of an organization the IS auditor was told by
the client that recently an external auditor has completed the assessment.
Which of the following an IS auditor can do?
a. Repudiation
b. Confidentiality
c. Integrity
d. Availability
86. Contingency planning for local area networks should consider all of the
following except:
a. Password length
b. Password lifetime
c. Password Secrecy
d. Password Storage
91. Which of the following is concern while using Voice over Internet Protocol
(VOIP)
a. A form of authenticator
b. An actual signature written on the computer
c. The same as the checksum
d. Different from analog signature
96. Identify the computer-related crime and fraud method, which involves
obtaining information that, may be left in or around a computer system
after the execution of a job.
a. Data diddling
b. Salami technique
c. Scavenging
d. Piggybacking
98. In an electronic data interchange (EDI) system, which one of the following
is not a formatting standard?
101. An organization takes full backup and incremental backup, which of the
following ensures its recoverability when any disruption occurs?
a. It should be knowledge-based
b. It should be cycle-based
c. It should be request-based
d. It should be risk-based
a. Mitigation
b. Avoidance
104. Which one of the following items includes the other three items?
a. Inherent risk
b. Control risk
c. Audit risk
d. Detection risk
a. IT balanced scorecard
b. Benchmarking
c. IS auditor’s report
d. IS Policy & Strategy defined by the Board
a. User
b. Sponsor
c. Owner
d. Customer
a. Firewall
b. Password encryption
c. IDS
d. SSL
a. IT planning
b. IT governance
c. IT standards
d. IT infrastructure
a. Stop entry
b. Exit entry
c. Entry point
d. Pause entry
a. Make money
b. Expand the business
c. Save money
d. Increase revenues
a. Assessment facilitator
b. Risk assessment
c. Control assessment
d. Independent review
a. Cost drivers
b. Business drivers
c. Technology drivers
d. Decision drivers
a. Certification authority
b. Registration authority
c. Certificate revocation list
d. Certificate of practice
a. Cost strategy
b. Business strategy
c. Staffing strategy
d. Computing strategy
115. The certification authority is responsible for issuing private key in PKI.
When Certification Authority (CA) encrypts message, it will encrypt
116. Preventive controls against private branch exchange (PBX) or voice mail
system attacks do not include which of the following?
117. The auditor concludes that the internal control is strong, and expected to
find the errors at a minimum level. Which of the sampling the auditor can
make use?
a. Attribute sampling
b. Stop or go sampling
c. Variable sampling
d. Discovery sampling
118. All of the following are controls against network service attacks except:
120. Which of the following tools is most useful in detecting security intrusions?
121. IS auditor founds that the PC was used to perpetrate a fraud. The auditor
should report this matter to
122. Which of the following design objectives is most important for a local area
network?
a. IT balanced scorecard
b. Risk assessment
c. Benchmark
d. Business Process re-engineering (BPR)
a. Auditing requirements
b. Passwords
c. Identification controls
d. Authentication controls
a. Asset
b. Threat
c. Vulnerability
d. Controls
126. Which of the following provide both integrity and confidentiality services for
data and messages?
a. Digital signatures
b. Encryption
c. Cryptographic checksums
d. Granular access control
a. Leased line
b. Alternate site for processing
c. Off-site backup facilities
d. Hardware maintenance program
a. Digital signature
b. Authentication
c. Encryption
d. Data integrity
129. An organization makes use of DBMS software for data and information
storage. Which of the following is less risky when considered for data
retrieval?
a. View
b. Join
c. Trigger
d. Merge
a. Audit trails
b. Access control lists
c. Security clearances
d. Host-based authentication
131. An IS auditor conducts review of data center, what should the auditor do
for evaluation of performance?
a. Top–down approach
b. Bottom-up approach
c. Combination of top–down and bottom-up approaches
d. Consultant-directed approach
135. Which of the following provides BEST security for wireless network?
a. Prototype
b. Iterative
c. Pilot
d. Grand design
139. User acceptance test planning happens at which stage of SDLC process?
a. Feasibility study
b. Requirement analysis
c. Design
d. Implementation
a. Flowchart
b. Process chart
c. Gantt chart
d. Data chart
141. Which of the following about Alpha and Beta test is not correct?
a. Alpha and Beta test helps to plug the loopholes in security and
controls of the product
b. It helps to retain the IS skilled employees in the organization as
skilled software professionals always like to work with leading edge
technology companies
c. It helps to establish relationship with the users
d. It helps to penetrate in the market much earlier than the
competitors
145. A software development company has its process certified by ISO under
ISO 9001 quality process. This implies that
a. Easy in use
b. Enrollment
c. Acceptance of users
d. Security of the biometric sample
149. The risk of network based Intrusion Detection System (IDS) are?
153. The BEST media for storage of information for archival purpose is
a. Magnetic Tape
b. Hard Disk
c. WORM disk drives
d. Floppy Disk
154. From information systems audit perspective, which of the following is the
most valuable asset in an information system facility:
a. Hardware
b. Database
c. Personnel
d. Software
155. Few master file records containing the details of suppliers with standing
order is deleted accidentally. Which of the following would have prevented
such occurrence?
a. Existence Check
b. Referential integrity
c. Limit Check
d. Reasonableness Check
157. When converting the data from the legacy old system to newly migrated
system of a foreign exchange dealer the exchange rate was accidentally
modified. Which of the following would detect that
a. Limit Check
b. Range Check
c. Sequence check
d. Validity check
159. To protect the hardware from the surge of power, which of the following is
to be used: -
a. Detective control
b. Corrective control
c. Preventive control
d. Redundancy control
a. Halon Gas
b. Carbon die Oxide
c. Dry-pipe sprinkler system
d. FM2
162. Under which circumstance will the level of achieved audit risk decrease?
164. Over which type of risk does the auditor have greatest control?
a. Password
b. Encryption with password tables
c. Smart card and user password
d. Smart card and bio-metrics
167. The measure which would protect the information when the password in
sniffed
168. The primary factor affecting the design of a data-entry screen is:
171. An IS auditor contended that there are weakness in the controls, and
recommended implementation of further controls. But the management
argued that it is unnecessary, as no incident has taken place so far. What
evidence would have forced the auditor to come to this conclusion?
a. Vulnerability assessment
b. A report in media about the fraud happened in similar industry due
to lack of internal control
c. Statistical sampling findings
d. Auditor’s own judgment based on his past experience
a. Truncation error
b. Double transposition error
c. Random error
d. Transcription error
175. A banking company uses fireproof cabinet to store the backup of data. In
using the fireproof cabinet, which of the following should be considered?
176. Given the code 7215, modulus 13, and the weights 2-1-2-1, the check digit
is:
a. 1
b. 10
c. 0
d. 3
178. Which of the following guidelines should not be used when designing a
batch?
a. Normalization
b. Entity integrity
c. Internal Scheme
d. Referential integrity
a. Arithmetic capabilities
b. File reorganization capabilities
c. File access capabilities
d. File creation and updating capabilities
a. Concurrency control
b. Atomicity
c. Integrity
d. Durability
a. VPN
b. SSL
c. Symmetric encryption
d. Asymmetric encryption
188. Which of the following tasks probably would be most difficult to perform
using utility software?
190. Which of the following utilities can be used to directly examine the
authenticity, accuracy, and completeness of program logic?
a. Test data
b. Independent program review
c. Source and object code comparison
d. Time stamp review of source and object code
a. Inference engine
b. Knowledge acquirer
c. Knowledge base
d. Tutor
a. Input components
b. Output components
c. Hidden components
d. Connection weight components
a. Confidentiality
b. Integrity
c. Availability
d. Durability
198. Which of the following types of database access control will prevent
personnel clerks from accessing the names of employees whose salaries
exceed Rs. 30,000 unless they are seeking to perform some type of
statistical function?
200. An Audit trail record should include sufficient information to trace a user's
actions and events. Which of the following items of information in the Audit
trail record would help determine if the user was a masquerader or the
actual person specified?