Isa Module 6
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Isa Module 6 as PDF for free.
More details
- Words: 1,669
- Pages: 5
1.
The Primary objectives for auditing IT change management is to ensure that a. Only Approved Changes were made b. All changes are documented c. Changes control Procedure variance are recorded and accounted d. Latest Version of Software is used
The Most Appropriate answer is A Only Approve changes were made 2.
In auditing outsourcing, which of the following is the IS auditor most likely to consider for formulating scope and objectives a. Benefit of Outsourcing b. Technical skills of service providers c. Service Level Agreements d. Quality of services provided
The most appropriate answer is C Service Level Agreements as it the document which defines the scope of work as well the intended quality and objectives of outsourcing. 3.
The most critical factor to be considered in segregation of duties in IT Environment is : a. Business Operation b. Security Policy c. Organization Structure d. IT Resources
The most appropriate answer is C Organization Structure as it defines the position of an individual in the organization and duties should be assigned on the basis of authority given to him 4.
Which of the following is most likely to be the result of inadequate IT policies and standards? a. Absence of Guidelines and Benchmarks b. Security and control may be compromised c. Audit opinion on quality of control and security will be open to question. d. Time required for audit will be higher.
The most appropriate answer is B Security and control may be compromised 5.
Which of the following additional duties performed by the Information Security manager poses the greatest risk to the organization a. Maintaining Custody of documents b. Operating computer hardware c. Entering data for processing d. Programming
The Most Appropriate answer is C Entering data for processing because if he enters the Data himself and he will be the data custodian then management will not be able to determine the security level. 6.
The most critical consideration in preparing a security policy is the : a. Analysis of the Assets b. Analysis of the Perceived Risk c. Review of Intellectual property to be safeguarded d. Availability of tools to monitor security
The most appropriate answer is B Analysis of the Perceived Risk as the security level will be determined on the basis of Involved Risk. 7.
The most critical consideration for an IS auditor in reviewing access Authorization is to understand the : a. Security Policies b. IT Resources c. Functionalities d. Organisation Structure
The Most appropriate answer is Organisation Structure 8.
In review of Job description, IS Auditor’s concern from control prospective is : a. Are Current, documented and readily available to the employee b. Establish Instructions on how to do the job and policies define authority of Staff c. Establish responsibilities and the accountability of the employee’s function d. Communicate management’s specific expectations for job performance.
The Most Appropriate answer is “C” Establish responsibilities and the accountability of the employee’s function 9.
The Greatest risk on account of inadequate IT policies and standards is a. Lack of Benchmarks for evaluating the operations b. Security and control may be compromised’ c. Audit opinion on quality of control and security will be open to question. d. Time required for audit will be higher
The most appropriate answer is Lack of Benchmarks for evaluating the operations 10.
In addition to defining the policy objective, which of the following is most critical to ensure implementation of Policy? a. Provide adequate allocation of resources b. Establish clear cut responsibilities c. Commitment from Senior Management d. Monitors changes required on a regular basis
The most appropriate answer is B Establish clear cut responsibilities 11.
Which of the following is the most critical consideration in providing access to information in an enterprise? a. Job description, b. Technical Skills c. Work Experience d. Security Policies
The most appropriate answer is A Job description
12.
For IT Steering Committee to be effective, it’s member must necessarily include: a. Users
b. IT Head c. Director d. Functional Head The most appropriate answer is IT Head as in Steering committee only higher management is involved and strategic issues are discussed. 13.
Which of the following is not a function of IT Steering committee? a. Establish size and scope of the IT Function b. Set priorities for IT projects c. Formulate IT procedures and Practices d. Review and approve standards, policies and Standards.
The Most Appropriate answer is “C” Formulate IT procedures and Practices. 14.
Which of the following is the basis of providing authorization and access to the employee in an enterprises : a. Style of Management b. Nature of Business Process c. Type of technology d. Organisation Structure
The Most appropriate answer is “d” Organisation Structure 15.
The Most critical consideration in IT strategy Planning from perspective of IT governance is a. Senior Management should formulate and implement long and short range plans b. IT issues as well as opportunities are adequately assessed and reflected c. It is aligned with the mission and business strategies of the enterprises d. Strategic plan must address and help determine priorities to meet business needs.
The Most appropriate answer is “C” It is aligned with the mission and business strategies of the enterprises 16.
The Primary objectives of segregation of duties is: a. Distribution of work responsibilities as per experience b. Prevention/monitoring of accidental or purposeful errors/omissions c. Distribution of Work as per technical skills d. Provide better services to the customers
The Most appropriate answer is Prevention/monitoring of accidental or purposeful errors/omissions 17.
Which of the following relating to policies is incorrect a. Provide management guidance and direction overall effective deployment of information and its activities b. Provide details of actions to be taken for preventing, detecting, correcting and reporting security lapses c. Refers to specific security rules for particulars systems d. State the high level enterprises position and scope.
The most appropriate answer is C Refers to specific security rules for particulars systems 18.
Which of the following is most critical for effective implementation of security?
a. b. c. d.
Defining and communicating individual roles, responsibilities and authority Having regular external audit of security implementation User training covering all aspects of security Senior management is well versed with the technical aspects of security
The most appropriate answer is “A” Defining and communicating individual roles, responsibilities and authority 19.
Which of the following statements relating to practices is correct a. Refer to implementation aspects for various Information systems and related activities b. Outline set of steps to be performed to ensure that a policy guideline is met c. Provide management guidance and direction overall effective deployment of information and its activities d. Formulating by senior management and represents strategic philosophy.
The Most appropriate answer is “A” Refer to implementation aspects for various Information systems and related activities 20.
The most important resource for successful deployment of information technology in an enterprises is: a. Effective Business processes b. Trained human resources c. Well defined organization structure d. Implementing latest technology.
The most appropriate answer is “B” Trained human resources 21.
Which among of the following combination of roles results has maximum risks a. Data entry and operations b. Librarian and Help desk c. System Analysis and Quality assurance d. Data base administration and Data entry
The most appropriate answer is “D” Data base administration and Data entry 22.
During the preliminary stage of review of an IT strategic Plan, the most critical audit procedure is to verify the existence of: a. Documented long range plan for facilities, hardware and system and application software b. Short range plans, which has been prepared outlining specific projects c. Specific assignments for each IT managers that support completion of short range plans.\ d. Methodology for progress reporting and monitoring relating to adequacy of long/short range plans.
The Most Appropriate answer is “A” Documented long range plan for facilities, hardware and system and application software 23.
Security policy to be most effective has to be defined, based on: a. Technology deployed b. Risk Analysis c. User Requirement d. Security standards
The Most Appropriate answer is “B” Risk Analysis
24.
Two overall primary goals of IT Governance are: a. Consider critical success factors that leverages IT resources and measure them b. Ensure delivery of Information to business and measure using key goal Indicators c. Create and Maintain system of Process/control excellence and monitor business value delivery of IT. d. Add value to business and balance risk versus return
The most appropriate answer is “D” Add value to business and balance risk versus return 25.
The primary purpose in management implementing IT controls and IS auditor reviewing these control is to : a. Maintain Data Integrity b. Safeguard computers c. Provide assurance that business objectives are achieved d. Provide proper segregation of duties
The most appropriate answer is “C” Provide assurance that business objectives are achieved 26.
In Reviewing segregation of duties, the IS auditor as a measure of best control would review whether the security administrator is : a. Performing functions as defined b. Well trained in business processes c. Technically competent d. Aware of the security policy
The most appropriate answer is “A” Performing functions as defined 27.
Which of the following is the most critical consideration in segregation of duties? a. The possibility for a single individual to subvert a critical process is prevented b. Senior management ensures Implementation of division of roles and responsibilities c. Staff is performing only those duties stipulated for their respective job and positions d. Experience staff review all critical functions performed by the Junior Staff.
The most appropriate answer is ‘A” The possibility for a single individual to subvert a critical process is prevented 28.
In an Organisation providing services of outsourcing, the primary objectives of business continuity plan is to ensure a. Safeguard assets from a Disaster b. Redundancy of IT resources c. Continuity of critical business processes as per SLA d. Identify single points of failures relating to technology The most appropriate answer is “C” Continuity of critical business processes as per SLA
The Primary objectives for auditing IT change management is to ensure that a. Only Approved Changes were made b. All changes are documented c. Changes control Procedure variance are recorded and accounted d. Latest Version of Software is used
The Most Appropriate answer is A Only Approve changes were made 2.
In auditing outsourcing, which of the following is the IS auditor most likely to consider for formulating scope and objectives a. Benefit of Outsourcing b. Technical skills of service providers c. Service Level Agreements d. Quality of services provided
The most appropriate answer is C Service Level Agreements as it the document which defines the scope of work as well the intended quality and objectives of outsourcing. 3.
The most critical factor to be considered in segregation of duties in IT Environment is : a. Business Operation b. Security Policy c. Organization Structure d. IT Resources
The most appropriate answer is C Organization Structure as it defines the position of an individual in the organization and duties should be assigned on the basis of authority given to him 4.
Which of the following is most likely to be the result of inadequate IT policies and standards? a. Absence of Guidelines and Benchmarks b. Security and control may be compromised c. Audit opinion on quality of control and security will be open to question. d. Time required for audit will be higher.
The most appropriate answer is B Security and control may be compromised 5.
Which of the following additional duties performed by the Information Security manager poses the greatest risk to the organization a. Maintaining Custody of documents b. Operating computer hardware c. Entering data for processing d. Programming
The Most Appropriate answer is C Entering data for processing because if he enters the Data himself and he will be the data custodian then management will not be able to determine the security level. 6.
The most critical consideration in preparing a security policy is the : a. Analysis of the Assets b. Analysis of the Perceived Risk c. Review of Intellectual property to be safeguarded d. Availability of tools to monitor security
The most appropriate answer is B Analysis of the Perceived Risk as the security level will be determined on the basis of Involved Risk. 7.
The most critical consideration for an IS auditor in reviewing access Authorization is to understand the : a. Security Policies b. IT Resources c. Functionalities d. Organisation Structure
The Most appropriate answer is Organisation Structure 8.
In review of Job description, IS Auditor’s concern from control prospective is : a. Are Current, documented and readily available to the employee b. Establish Instructions on how to do the job and policies define authority of Staff c. Establish responsibilities and the accountability of the employee’s function d. Communicate management’s specific expectations for job performance.
The Most Appropriate answer is “C” Establish responsibilities and the accountability of the employee’s function 9.
The Greatest risk on account of inadequate IT policies and standards is a. Lack of Benchmarks for evaluating the operations b. Security and control may be compromised’ c. Audit opinion on quality of control and security will be open to question. d. Time required for audit will be higher
The most appropriate answer is Lack of Benchmarks for evaluating the operations 10.
In addition to defining the policy objective, which of the following is most critical to ensure implementation of Policy? a. Provide adequate allocation of resources b. Establish clear cut responsibilities c. Commitment from Senior Management d. Monitors changes required on a regular basis
The most appropriate answer is B Establish clear cut responsibilities 11.
Which of the following is the most critical consideration in providing access to information in an enterprise? a. Job description, b. Technical Skills c. Work Experience d. Security Policies
The most appropriate answer is A Job description
12.
For IT Steering Committee to be effective, it’s member must necessarily include: a. Users
b. IT Head c. Director d. Functional Head The most appropriate answer is IT Head as in Steering committee only higher management is involved and strategic issues are discussed. 13.
Which of the following is not a function of IT Steering committee? a. Establish size and scope of the IT Function b. Set priorities for IT projects c. Formulate IT procedures and Practices d. Review and approve standards, policies and Standards.
The Most Appropriate answer is “C” Formulate IT procedures and Practices. 14.
Which of the following is the basis of providing authorization and access to the employee in an enterprises : a. Style of Management b. Nature of Business Process c. Type of technology d. Organisation Structure
The Most appropriate answer is “d” Organisation Structure 15.
The Most critical consideration in IT strategy Planning from perspective of IT governance is a. Senior Management should formulate and implement long and short range plans b. IT issues as well as opportunities are adequately assessed and reflected c. It is aligned with the mission and business strategies of the enterprises d. Strategic plan must address and help determine priorities to meet business needs.
The Most appropriate answer is “C” It is aligned with the mission and business strategies of the enterprises 16.
The Primary objectives of segregation of duties is: a. Distribution of work responsibilities as per experience b. Prevention/monitoring of accidental or purposeful errors/omissions c. Distribution of Work as per technical skills d. Provide better services to the customers
The Most appropriate answer is Prevention/monitoring of accidental or purposeful errors/omissions 17.
Which of the following relating to policies is incorrect a. Provide management guidance and direction overall effective deployment of information and its activities b. Provide details of actions to be taken for preventing, detecting, correcting and reporting security lapses c. Refers to specific security rules for particulars systems d. State the high level enterprises position and scope.
The most appropriate answer is C Refers to specific security rules for particulars systems 18.
Which of the following is most critical for effective implementation of security?
a. b. c. d.
Defining and communicating individual roles, responsibilities and authority Having regular external audit of security implementation User training covering all aspects of security Senior management is well versed with the technical aspects of security
The most appropriate answer is “A” Defining and communicating individual roles, responsibilities and authority 19.
Which of the following statements relating to practices is correct a. Refer to implementation aspects for various Information systems and related activities b. Outline set of steps to be performed to ensure that a policy guideline is met c. Provide management guidance and direction overall effective deployment of information and its activities d. Formulating by senior management and represents strategic philosophy.
The Most appropriate answer is “A” Refer to implementation aspects for various Information systems and related activities 20.
The most important resource for successful deployment of information technology in an enterprises is: a. Effective Business processes b. Trained human resources c. Well defined organization structure d. Implementing latest technology.
The most appropriate answer is “B” Trained human resources 21.
Which among of the following combination of roles results has maximum risks a. Data entry and operations b. Librarian and Help desk c. System Analysis and Quality assurance d. Data base administration and Data entry
The most appropriate answer is “D” Data base administration and Data entry 22.
During the preliminary stage of review of an IT strategic Plan, the most critical audit procedure is to verify the existence of: a. Documented long range plan for facilities, hardware and system and application software b. Short range plans, which has been prepared outlining specific projects c. Specific assignments for each IT managers that support completion of short range plans.\ d. Methodology for progress reporting and monitoring relating to adequacy of long/short range plans.
The Most Appropriate answer is “A” Documented long range plan for facilities, hardware and system and application software 23.
Security policy to be most effective has to be defined, based on: a. Technology deployed b. Risk Analysis c. User Requirement d. Security standards
The Most Appropriate answer is “B” Risk Analysis
24.
Two overall primary goals of IT Governance are: a. Consider critical success factors that leverages IT resources and measure them b. Ensure delivery of Information to business and measure using key goal Indicators c. Create and Maintain system of Process/control excellence and monitor business value delivery of IT. d. Add value to business and balance risk versus return
The most appropriate answer is “D” Add value to business and balance risk versus return 25.
The primary purpose in management implementing IT controls and IS auditor reviewing these control is to : a. Maintain Data Integrity b. Safeguard computers c. Provide assurance that business objectives are achieved d. Provide proper segregation of duties
The most appropriate answer is “C” Provide assurance that business objectives are achieved 26.
In Reviewing segregation of duties, the IS auditor as a measure of best control would review whether the security administrator is : a. Performing functions as defined b. Well trained in business processes c. Technically competent d. Aware of the security policy
The most appropriate answer is “A” Performing functions as defined 27.
Which of the following is the most critical consideration in segregation of duties? a. The possibility for a single individual to subvert a critical process is prevented b. Senior management ensures Implementation of division of roles and responsibilities c. Staff is performing only those duties stipulated for their respective job and positions d. Experience staff review all critical functions performed by the Junior Staff.
The most appropriate answer is ‘A” The possibility for a single individual to subvert a critical process is prevented 28.
In an Organisation providing services of outsourcing, the primary objectives of business continuity plan is to ensure a. Safeguard assets from a Disaster b. Redundancy of IT resources c. Continuity of critical business processes as per SLA d. Identify single points of failures relating to technology The most appropriate answer is “C” Continuity of critical business processes as per SLA
Related Documents
Isa Module 6
May 2020 5
Module 4 Isa
May 2020 5
Isa Module One
May 2020 9
Module 7 Isa
May 2020 3
Isa Module Two
May 2020 5
Module 6
November 2019 26More Documents from ""
Module 4 Isa
May 2020 5
Isa Module One
May 2020 9
Module 7 Isa
May 2020 3
Disa Module 5
May 2020 7
Isa Module Two
May 2020 5