Exam Questions Flashcards Preview

CITP - Certified Information Technology Professional Exam > Exam Questions > Flashcards

Flashcards in Exam Questions Deck (200)
Loading flashcards...
1

One reason why IT auditing evolved from traditional auditing was that:

A. Auditors realized that computers had impacted their ability to perform the attestation function.
B. Computers and information processing were not a key resource.
C. Professional Associations such as AICPA and ISACA did not recognize the need.
D. Government did not recognize the need.

A. Auditors realized that computers had impacted their ability to perform the attestation function.

2

IT auditing may involve:

A. Organizational IT audits
B. Application IT audits
C. Development / implementation IT audits
D. All of the above.

D. All of the above

3

Breadth and depth of knowledge required to audit IT and systems are extensive and may include:

A. Application of risk-oriented audit approaches
B. Reporting to management and performing follow-up review to insure action taken
C. Assessment of security and privacy issues that can put the organization at risk
D. All of the above

D. All of the above

4

COBIT stands for:

A. A computer language
B. A derafel agency
C. Control Objective for Information and Related Technology
D. None of the above

C. Control Objective for Information and Related Technology.

5

ISACA stands for:

A. Information Systems Security Association
B. Institute of Internal Auditors.
C. Information Systems Audit and Control Association.
D. International Association for Computer Educators.

C. Information Systems Audit and Control Association

6

ISO is:

A. A government organization
B. A private company
C. International Organization for Standardization
D. None of the above

C. International Organization for Standardization

7

Federal government plan for improving security on the Internet is called:

A. FIP 102 Computer Security and Accreditation
B. National Strategy for Securing Cyberspace
C. Computer Abuse Act of 1984
D. Privacy Act of 1974

B. National Strategy for Securing Cyberspace

8

Sarbanes-Oxley Act of 2002:

A. Does not affect the attestation function
B. Applies only to the Big Four accounting firms
C. Requires auditor rotation
D. Does not apply to small accounting / audit firms

C. Requires auditor rotation.

9

Which is the most recent federal law that addresses computer security or privacy?

A. Computer Fraud and Abuse Act
B. Computer Security Act
C. Homeland Security Act
D. Electronic Communications Privacy Act

C. Homeland Security Act.

10

Which act has a provision where punishment can be up to life in prison if electronic hackers are found guilty of causing death to others through their actions/

A. Computer Fraud and Abuse Act
B. Freedom of Information Act
C. Communications DeenDcey Ac
D. Homeland Security Act

D. Homeland Security Act.

11

According to a recent CSI and FBI study:

A. 90 percent of respondents have detected computer security breaches within the last 12 months
B. 74 percent cited their Internet connection as the frequent point of attack
C. 80 percent acknowledged financial losses due to computer security breaches
D. All of the above

D. All of the above

12

Cyber law is:

A. State law
B. Federal law
C. Law governing use of the computer and the internet
D. International law

C. Law governing use of the computer and the internet

13

Software piracy costs the computer industry more than

A. $1 billion per year
B. $4 billion per year
C. $9 billion per year
D. More than $10 billion per year

D. More than $10 billion per year

14

CFAA covers:

A. Fraudulent trespass
B. Intentional destructive trespass
C. Reckless destructive trespass
D. All of the above

D. All of the above

15

Sarbanes-Oxley Act requires that the board of an organization must:

A. Register public accounting firms
B. Establish or adopt, by rule, auditing, quality control, ethics, independence, and other standards related to preparation of the audit report for issuers
C. Conduct inspections of accounting firms
D. All of the above

D. All of the above

16

Cyber Security Enhancement Act as incorporated into the Homeland Security Act of 2002.

A. Demands life sentences for those hackers who recklessly endanger lives
B. Does not require ISPs to hand over records
C. Does not outlaw publications such as details of PGP
D. None of the above

A. Demands life sentences for those hackers who recklessly endanger lives

17

Key areas to look at in IT contracts are:

A. Vendor contract terms that limit vendor liability
B. Contract objectives and performance measurements to ensure objectives have been met
C. Review and inclusion in future contracts specific clauses for protecting customer interests
D. All of the above.

D. All of the above.

18

A federal agency that protects consumers and has increased its monitoring and review of the Internet for customer and identity theft is the:

A. NSA
B. CIA
C. FTC
D. None of the above

C. FTC

19

National Strategy for Securing Cyberspace:

A. Applies only to defense area
B. Applies only to medical records
C. Provides a framework for protecting the nation's infrastructures that is essential to the economy, security, and the way of life
D. None of the above

C. Provides a framework for protecting the nation's infrastructures that is essential to the economy, security, and the way of life

20

Which act is the first ever federal privacy standard to protect patients' medical records

A. Encrypted Communications Privacy Act of 1966
B. Privacy Act of 1974
C. HIPAA of 1996
D. All of the above

C. HIPAA of 1996

21

Which of the following is not one of the 10 top reasons for the start up of IT audit?

A. Auditing around the computer was becoming unsatisfactory for the purposes of database reliance
B. Accessibility of personal computers for office and home use
C. Very little advancement in technology
D. Growth of corporate hackers

C. Very little advancement in technology

22

Professional associations that have Standards of Practice:

A. IIA
B. ISACA
C. AICPA
D. All of the above

D. All of the above

23

A federal agency that develops and issues government auditing standards is:

A. GSA
B. GAO
C. Federal Bureau of Investigation (FBI)
D. Federal Trade Commission (FTC)

B. GAO

24

A special condition where an auditor must be free of any bias or influence, and have

A. IT skills
B. Good writing skills
C. Professional development
D. Independence

D. Independence.

I'm not sure of the context of this question, it will be interesting to actually see if it's on the exam.

25

Which federal law was developed and passed by the U.S. lawmakers in reaction to recent financial frauds such as Enron?

A. FCPA
B. SEC Act
C. Sarbanes-Oxley Act
D. Computer Fraud and Abuse Act

C. Sarbanes-Oxley Act

26

In the author's opinion, an auditor must have:

A. High ethical standards
B. Limited training
C. Poor communication skills
D. Poor time management skills

A. High ethical standards

27

GAAS was developed and issued by:

A. NIST
B. AICPA
C. FTC
D. NSA

B. AICPA

28

Certifications that may be helpful to an IT auditor are:

A. CIA
B. CFE
C. CISSP
D. All of the above

D. All of the above

29

An auditor who works for IBM directly and is on its audit staff is considered to be:

A. An external auditor
B. An internal auditor
C. A consultant
D. None of the above

B. An internal auditor

30

Computer forensic specialists are experts who:

A. Investigate under extreme secrecy so that other individuals do not know exactly what they are doing or what information they have gathered
B. May testify in court where an independent opinion is needed on complex technical issues
C. Have an extensive background working with computers and dealing with technical issues and are, of course, familiar with gathered information and the methods used to acquire that information
D. All of the above

D. All of the above