Scribd
Upload
2K views4 pages

CISA Practice Questions IT Governance

The document contains 24 multiple choice practice questions related to IT governance topics like IT auditing, security, and strategy. Some sample questions address evaluating an organization's IT strategy, responsibilities of a database administrator, and appropriate disposal of obsolete magnetic tapes. The questions would be useful for someone preparing to take an exam on IT governance, auditing, or general IT control topics.

Uploaded by

JoeFSabater
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
2K views4 pages

CISA Practice Questions IT Governance

The document contains 24 multiple choice practice questions related to IT governance topics like IT auditing, security, and strategy. Some sample questions address evaluating an organization's IT strategy, responsibilities of a database administrator, and appropriate disposal of obsolete magnetic tapes. The questions would be useful for someone preparing to take an exam on IT governance, auditing, or general IT control topics.

Uploaded by

JoeFSabater
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

Chapter : I.T.

Governance (Practice Questions)


1. Which of the following situations would increase the likelihood of fraud?
A. Application programmers are implementing changes to production programs.
B. Application programmers are implementing changes to test programs.
C. Operations support staff are implementing changes to batch schedules.
D. Data base administrators are implementing changes to data structures.
2. Which of the following criteria would an IS auditor consider to be the MOST important
when evaluating the organizations IS strategy?
A. That it has been approved by line management.
B. That it does not vary from the IS Department preliminary budget.
C. That it complies with procurement procedures.
D. That it supports the business objectives of the organization.
3. Which of the following would provide the LEAST justification for an organizations
investment in a security infrastructure?
A. Risk analysis of internal / external threats.
B. A white paper on Internet attacks, companies attacked and damage inflicted.
C.
A penetration test of the organizations network demonstrates that the threat from
intruders is high.
D. Reports generated internally from the use of high-profile network tools.
4. Which of the following is NOT a responsibility of a database administrator?
A. Designing database applications.
B. Changing physical data definition to improve performance.
C. Specifying physical data definition.
D. Monitoring database usage.
5.

An IS auditor who is reviewing application run manuals would expect them to contain:
A. Details of source documents.
B. Error codes and their recovery actions.
C. Program logic flowcharts and file definitions.
D. Change records for the application source code.

6. An IS auditor performing a review of the MIS department discovers that formal project
approval procedures do not exist. In the absence of these procedures the MIS manager has
been arbitrarily approving projects that can be completed in a short duration and referring
other more complicated projects to higher levels of management for approval. The IS
auditor should recommend FIRST that:
A. Users participate in the review and approval process.
B. Formal approval procedures be adopted and documented.
C. All projects are referred to appropriate levels of management for approval.
D. The MIS manager job description be changed to include approval authority.
7. An IS auditor performing an audit of the companys information system (IS) strategy would
be LEAST likely to:
A. Assess IS security procedures.
B. Review both short and long-term IS strategies.
C. Interview appropriate corporate management personnel.
D. Ensure that the external environment has been considered.

Chapter : I.T. Governance (Practice Questions)


8. Which of the following procedures would normally be performed last by an IS auditor who
is auditing the outsourcing process?
A. Assess the business needs of the organization.
B. Perform a cost/benefit analysis including the assumptions behind it.
C. Perform a control risk assessment.
D. Review contracts with legal counsel.
9. Which of the following provisions in a contract for external information systems services
would an IS auditor consider to be LEAST significant?
A. Ownership of program and flies.
B. Statement of due care and confidentiality.
C. Continued service of outsourcer in the event of a disaster.
D. Detailed description of computer hardware used by the vendor.
10. Which of the following issues would be of LEAST concern when reviewing an outsourcing
agreement in which the outsourcing vendor assumes responsibility of the information
processing function?
A. The organizations right to audit vendor operations.
B. The loyalty of the thid-party personnel.
C. The access control system that protects the outsourcing vendors data.
D. The outsourcing vendors software acquisition procedures.
11. Which of the following is a role of an information systems steering committee?
A. Initiate computer applications.
B. Ensure efficient use of a data processing resources.
C. Prepare and monitor system implementation plans.
D. Review the performance of the system implementation plans.
12. Which is the following is the BEST way to handle obsolete magnetic tapes before disposing
of them?
A. Overwriting the tapes.
B. Initializing the tape labels.
C. Degaussing the tapes
D. Erasing the tapes
13. The initial step in establishing an information security program is the:
A. Development and implementation of an information security standards manual.
B. Performance of a comprehensive security control review by the IS auditor.
C. Adoption of a corporate information security policy statement.
D. Purchase of security access control software.
14. An IS steering committee should:
A. Include a mix of members from different departments and management levels.
B. Ensure that IS security policies and procedures have been properly executed.
C. Have formal terms of reference and maintain minutes of its meetings.
D. Be briefed about new trends and products at each meeting by a vendor.
15. Which of the following tasks would NOT normally be performed by a data security officer?
A. Developing the data classification methodology
B. Implementing the security measures (e.g. password change procedures)
C. Monitoring the effectiveness of security over data

Chapter : I.T. Governance (Practice Questions)


D.

Monitoring the completeness and accuracy of the data

16. Which of the following is LEAST likely to be associated with an incident response
capability?
A. Developing a database repository of past incidents and actions to facilitate future
corrective actions
B. Declaring the incident, which not only helps to carry out corrective measures, but also to
improve the awareness level
C. Developing a detailed operations plan that outlines specific actions to be taken to recover
from an incident
D. Establishing multi-disciplinary teams consisting of executive management, security
staff, information systems staff, legal counsel, public relations, etc to carry out the
response
17. An IS auditor has recently discovered that because of a shortage of skill operations
personnel, the security administrator has agreed to work one late night shift a month as the
senior computer operator. The MOST appropriate course of action that the IS auditor
should take is to:
A. Advise senior management of the risk involved.
B. Agree to work with the security officer on these shifts as a form of preventative control
C. Develop a computer-assisted audit technique to detect instances of abuses of this
arrangement
D. Review the system log for each of the late-night shifts to determine whether any
irregular actions occurred.
18. Employee termination practices should address all of the following EXCEPT:
A. Arrangement for the final pay and removal of the employee from the active payroll files.
B. Notification to other staff and facilities security to increase awareness of the terminated
employees status
C. Employee bonding to protect against losses due to theft
D. Deletion of assigned logon-ID and passwords to prohibit system access
19. Is it appropriate for an IS auditor from a company which is considering outsourcing its IS
processing to request and review a copy of each vendors business continuity plan?
A. Yes, because the IS auditor will evaluate the adequacy of the service bureaus plan and
assist his/her company in implementing a complementary plan
B. Yes, because, based on the plan, the IS auditor will evaluate the financial stability of the
service bureau and its ability to fulfill the contract
C. No, because backup to be provided should be adequately specified in the contract
D. No, because the service bureaus business continuity plan is proprietary information to
which users IS auditors are not usually allowed access.
20. A long-term IS employee with a strong technical background and broad managerial
experience has applied for a vacant position in the IS audit department. Determining
whether to hire this individual for this position should be based on the individuals vast
experience and:
A. The length of service since this will help ensure technical competence
B. The individuals age as training in audit techniques may be impractical
C. IS knowledge since this will bring enhanced credibility to the audit function
D. Existing IS relationships where the ability to retain audit independence may be difficult

Chapter : I.T. Governance (Practice Questions)

21. Which of the following key performance indicators would an IS manager be LEAST likely
to systematically report to the board of directors?
A. Average response time to users requirements
B. Cost per transaction
C. IS costs per area
D. Disk storage space free
22. Which of the following is NOT an advantage of cross training employees?
A. It provides for succession planning
B. It decreases dependence on one employee
C. It provides back-up personnel in the event of absence
D. It allows individuals to understand all parts of a system
23. While conducting an audit of managements planning of IS, what would an IS auditor
consider the MOST relevant to short-term planning for the IS department?
A. Allocating resources
B. Keeping current with technology advance
C. Conducting control self-assessment
D. Evaluating hardware needs
24. Which of the following IS functions may be performed by the same individual, without
compromising on control or violating segregation of duties?
A. Job control analyst and applications programmer
B. Mainframe operator and system programmer
C. Change / problem and quality control administrator
D. Application and system programmer

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy