Question 1
Which type of audit is performed primarily as a result of suspicious activity or alleged violations?
IT audit
Investigative audit
Compliance audit
Operational audit
Question 2
Which of the following is the definition of Control Objectives for Information and related Technology (COBIT)?
Oversight agencies that deal with administrative law, codifying, and enforcing rules.
The act of adhering to internal policies, as well as applicable laws, regulations, and industry requirements.
A framework providing best practices for IT governance and control.
An organization with the mission of promoting innovation and competitiveness through the advancement of science, standards, and technology to improve economic security and quality of life.
Question 3
A large organization's enterprise resource planning (ERP) system is being audited. Which of the following auditing scopes is most likely to apply?
Organizational
Compliance
Application
Technical
Question 4
___________ represents the controls that protect and defend information and information systems by ensuring con?dentiality, integrity, and availability.
Information assurance
Certi?cation and accreditation
Information resource management
Integrity
Question 5
The results of annual FISMA evaluations are sent to which U.S. federal agency?
Executive Office of the President
Government Accountability Office (GAO)
General Services Administration (GSA)
Office of Management and Budget (OMB)
Question 6
What is meant by compliance?
Assurance that information is not disclosed to unauthorized sources.
The act of adhering to internal policies, as well as applicable laws, regulations, and industry requirements.
An audit of federal systems prior to being placed into a production environment.
Protection of the confidentiality, integrity, and availability of data, and providing for authentication and nonrepudiation of services.
Question 7
By having sound policies in place and a framework for the application of controls, you will be able to map existing controls to each regulation, including future regulations. Thereafter, organizations perform a __________ to identify anything that is missing.
gap analysis
risk analysis
risk assessment
policy analysis
Question 8
Backup procedures for a server would be found in the _______ Domain.
User
Workstation
LAN
Remote Access
Question 9
The end users' operating environment is called the _____________.
User Domain
Workstation Domain
LAN Domain
All options are correct
Question 10
Which of the following is not a characteristic of an IT security framework?
Is a conceptual set of rules and ideas that provides structure to a complex situation
Is rigid in structure and content
Provides a consistent system of controls to which IT departments can adhere
Provides an auditor a consistent approach for conducting audits
Question 11
What term is used to describe measures to be applied to a system that are high level and provide a lot of flexibility?
Descriptive control
Prescriptive control
NIST 800-53A
Control objectives
Question 12
What term is used to describe an audit that combines the assessment of financial reporting along with the assessment of related IT controls?
ISO/IEC 27001
Integrated audit
Auditing Standard No. 5
NIST 800-53A