CISA Practice Test On Auditing! Trivia Quiz!
Settings
Information is one of the most valuable assets in any organization. It is the utmost priority of every organization and to protect and guard information that is in their possession jealously. Today, qualified Certified Information Systems Auditor is forced to acknowledge the need to share information safely in the IT world. This quiz is aimed at testing your ability on CISA auditing.
- 1.Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?
- A.
Response
- B.
Correction
- C.
Detection
- D.
Monitoring
- 2.The PRIMARY objective of an audit of IT security policies is to ensure that:
- A.
They are distributed and available to all staff
- B.
Security and control policies support business and IT objectives.
- C.
There is a published organisational chart with functional descriptions.
- D.
Duties are appropriately segregated.
- 3.Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
- A.
User management coordination does not exist
- B.
Specific user accountability cannot be established
- C.
Audit recommendations may not be implemented
- D.
Unauthorised users may have access to originate, modify or delete data
- 4.The advantage of a bottom-up approach to the development of organisational policies is that the policies:
- A.
Are developed for the organisation as a whole.
- B.
Are more likely to be derived as a result of a risk assessment.
- C.
Will not conflict with overall corporate policy.
- D.
Will not conflict with overall corporate policy.
- 5.When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
- A.
Establishment of a review board.
- B.
Creation of a security unit.
- C.
Effective support of an executive sponsor
- D.
Selection of a security process owner
- 6.The development of an IS security policy is ultimately the responsibility of the: mark one answer:
- A.
IS department
- B.
Security committee
- C.
Security administrator
- D.
Board of directors.
- 7.When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
- A.
Incorporates state of the art technology.
- B.
Addresses the required operational controls
- C.
Articulates the IT mission and vision
- D.
Specifies project management practices.
- 8.When reviewing an organisation's strategic IT plan an IS auditor should expect to find:
- A.
An assessment of the fit of the organisation's application portfolio with business objectives
- B.
Actions to reduce hardware procurement cost.
- C.
A listing of approved suppliers of IT contract resources.
- D.
A description of the technical architecture for the organisation's network perimeter security.
- 9.Which of the following is of most significant concern when performing an IS audit?
- A.
Users' ability to submit queries to the database
- B.
Users' ability to directly modify the database.
- C.
Users' ability to indirectly modify the database
- D.
Users' ability to directly view the database
- 10.What are intrusion-detection systems (IDS) primarily used for?
- A.
To identify and prevent intrusion attempts to a network.
- B.
To prevent intrusion attempts to a network
- C.
Forensic incident response
- D.
To identify intrusion attempts to a network
Back to top