The document contains 16 multiple choice questions related to information systems auditing topics such as project management, software development lifecycles, testing strategies, and security risks. The questions assess knowledge of appropriate audit procedures and controls as well as risks related to common IT practices.
The document contains 16 multiple choice questions related to information systems auditing topics such as project management, software development lifecycles, testing strategies, and security risks. The questions assess knowledge of appropriate audit procedures and controls as well as risks related to common IT practices.
The document contains 16 multiple choice questions related to information systems auditing topics such as project management, software development lifecycles, testing strategies, and security risks. The questions assess knowledge of appropriate audit procedures and controls as well as risks related to common IT practices.
The document contains 16 multiple choice questions related to information systems auditing topics such as project management, software development lifecycles, testing strategies, and security risks. The questions assess knowledge of appropriate audit procedures and controls as well as risks related to common IT practices.
1. An IS auditor has been asked to review proposals to implement a standardized IT infrastructure.
Which of the following findings would likely be featured in the auditor’s report? The proposals likely to: A. Improve the cost-effectiveness of IT service delivery and operational support. B. Increase the complexity of IT service delivery and support. C. Reduce the level of investment in the IT infrastructure. D. Reduce the need for testing of future application changes. 2. Which of the following would BEST help to prioritize project activities and determine the timeline for a project? A. A Gantt chart B. Earned value analysis (EVA) C. Program evaluation review technique (PERT) D. Function point analysis (FPA) 3. An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeded requirements and most of the projects can significantly over budget. Which of these areas of the organization’s project management process is the MOST likely cause of this issue? A. Project scope management B. Project time management C. Project risk management D. Project procurement management 4. An IS auditor is reviewing the software development process for an organization. Which of the following functions would be appropriate for the end users to perform? A. Program output testing B. System configuration C. Program logic specification D. Performance tuning 5. An IS auditor is reviewing system development for a healthcare organization with two application environments—production and test. During an interview, the auditor notes that production data are used in the test environment to test program changes. What is the MOST significant potential risk from this situation? A. The test environment may not have adequate controls to ensure data accuracy. B. The test environment may produce inaccurate results due to use of production data. C. Hardware in the test environment may not be identical to the production environment. D. The test environment may not have adequate access controls implemented to ensure data confidentiality. 6. The IS auditor is reviewing a recently completed conversion to a new enterprise resource planning (ERP) system. As the final stage of the conversion process, the organization ran the old and new systems in parallel for 30 days before allowing the new systems to run on its own. What is the MOST significant advantage to the organization by using this strategy? A. Significant cost savings over other testing approaches B. Assurance that new, faster hardware is compatible with the new system C. Assurance that the new system meets functional requirements D. Increased resiliency during the parallel processing time 7. What kind of software application testing is considered the final stage of testing and typically includes users outside the development team? A. Alpha testing B. White box testing C. Regression testing D. Beta testing 8. During which phase of software application testing should an organization perform the testing of architectural design? A. Acceptance testing B. System testing C. Integration testing D. Unit testing 9. Which of the following is the MOST efficient way to test the design effectiveness of a partially automated change control process? A. Test a sample population of changes B. Perform an end-to-end walk-through of the process C. Test one change that has been authorized D. Use a computer-assisted audit test (CAAT) 10. An organization is replacing a payroll program that it developed in house, with the relevant subsystem of a commercial enterprise resource planning (ERP) system. Which of the following would represent the highest potential risk? A. Undocumented approval of some project changes B. Faulty migration of historical data from the old system to the new system C. Incomplete testing of the standard functionality of the ERP subsystem D. Duplication of existing payroll permissions on the new ERP subsystem 11. An IS auditor is evaluating a virtual machine-based (VM-based) architecture used for all programming and testing environments. The production architecture is a three-tier physical architecture. What is the MOST important IT control to test in order to ensure availability and confidentiality of the web application in production? A. Server configuration hardening B. Allocated physical resources are available C. System administrators are trained to use the VM architecture D. The VM server is included in the disaster recovery plan (DRP) 12. During a post-implementation review, which of the following activities should be performed? A. User acceptance testing (UAT) B. Return on investment (ROI) analysis C. Activation of audit trails D. Updates of the future state of enterprise architecture (EA) diagrams 13. An IS auditor reports that the financial module of an enterprise resource planning (ERP) application is very slow because the audit trails are activated on some sensitive tables. The vendor has asked to disable audit trails on these transactional tables and restrict auditing only to successful and unsuccessful logons to the system. What is the GREATEST threat if this recommendation is implemented? A. The integrity of the financial data could not be guaranteed B. The integrity of the system logs could not be guaranteed C. Access to sensitive data is not logged D. Fraud could occur 14. An IS auditor should ensure that review of online electronic funds transfer (EFT) reconciliation procedures should include: A. Vouching B. Authorizations C. Corrections D. Tracing 15. Web application developers sometimes use hidden fields on web pages to save information about a client session. This technique is used in some cases to store session variables that enable persistence across web pages, such as maintaining the contents of a shopping chart on a retail web site application. The MOST likely web-based attack due to this practice is: A. Parameter tampering B. Cross-site scripting C. Cookie poisoning D. Stealth commanding 16. After consulting with senior management, and organization’s IT department decided that all IT hardware would be replaced three years from the procurement date. The MOST likely reason for doing this is to: A. Manage IT assets in a cost-effective manner B. Keep pace with new cost-effective technologies C. Ensure that existing capacity can meet all users’ needs D. Ensure that IT hardware is covered by the manufacturer warranty.