Information Technology Audit MCQ
Information Technology Audit MCQ contain set of 10 Information Technology Audit MCQ questions with answers which will help you to clear beginner level quiz. In this Information Technology Audit online test, we will cover topics related to Information Technology Audit, information systems auditing, it auditing, it audit, what is it auditing, what is it, audit in it environment, it auditing process, auditing system, information system auditing, audit system, systems audit, types of it audits, computer system audit and so on.
1. An audit charter should:
-
- be dynamic and change often to coincide with the changing nature of technology and the audit profession.
- clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls.
- document the audit procedures designed to achieve the planned audit objectives.
- outline the overall authority, scope and responsibilities of the audit function.
2. The extent to which data will be collected during an IS audit should be determined based on the:
-
- viability of critical and required information.
- auditor’s familiarity with the circumstances.
- auditee’s ability to find relevant evidence.
- purpose and scope of the audit being done.
3. Which of the following controls would provide the GREATEST assurance of database integrity?
-
- Audit log procedures
- Table link/reference checks
- Query/table access time checks
- Rollback and rollforward database features
4. Which of the following BEST ensures the integrity of a server’s operating system?
-
- Protecting the server in a secure location
- Setting a boot password
- Hardening the server configuration
- Implementing activity logging
5. During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that:
-
- assessment of the situation may be delayed
- execution of the disaster recovery plan could be impacted.
- notification of the teams might not occur.
- potential crisis recognition might be ineffective.
6. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization’s change control procedures?
-
- Review software migration records and verify approvals.
- Identify changes that have occurred and verify approvals.
- Review change control documentation and verify approvals.
- Ensure that only appropriate staff can migrate changes into production.
7. When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
-
- incorporates state of the art technology.
- addresses the required operational controls.
- articulates the IT mission and vision.
- specifies project management practices.
8. An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:
-
- apply the patch according to the patch’s release notes.
- ensure that a good change management process is in place.
- thoroughly test the patch before sending it to production.
- approve the patch after doing a risk assessment.
9. An IS auditor selects a server for a penetration test that will be carried out by an expert. Which of the following is MOST important?
-
- The tools used to conduct the test
- Certifications held by the IS auditor
- Permission from the data owner of the server
- An intrusion detection system (IDS) is enabled
10. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
-
- Automated logging of changes to development libraries
- Additional staff to provide separation of duties
- Procedures that verify that only approved program changes are implemented
- Access controls to prevent the operator from making program modifications
11. When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:
-
- a clear business case has been approved by management.
- corporate security standards will be met.
- users will be involved in the implementation plan.
- the new system will meet all required user functionality.