Which of the following is an example of least privilege access?

An IT employee has access to only those servers that are necessary for his/her daily duties.

An employee has access to all company systems, even if he/she does not use them in his/her work.

The sales manager has full access to the company's financial systems.

The human resources manager has administrative access to all employee accounts in the system.

What is the primary purpose of maintaining a register of technical user accounts?

To maintain a record and control of technical accounts that are used by systems and applications for automated processes.

To maintain a list of all employees of an organization with their work contacts.

Register all administrative users for access to shared company resources.

Maintain a list of user accounts that only have access to public company information.

What is false about Audit report?

Conducted at the end of the audit, provides an IS auditor with the opportunity to discuss findings and recommendations with the auditee management.

Serve as a valued reference for any party researching the auditee or audit topic.

Provide statements of assurance and, if needed, identification of areas requiring corrective action and related recommendations.

Serve as the basis for a follow-up audit if audit findings were presented.

Which of the following SDLC methods are hardly applicable to the large systems?

Software reengineering, prototyping

Prototyping, component-based development

System migration process should ensure following except:

Business impact analysis is in place

There is no disruption in routine operations

There are appropriate controls over data

Choose correct chain:

Unit – integration – system – final acceptance testing

Unit – system – integration – final acceptance testing

System – unit – integration – final acceptance testing

System – integration – unit – final acceptance testing

What is NOT a risk associated with the program development and acquisition process?

Regular monitoring and progress tracking of the project.

Lack of proper testing, leading to software bugs.

Inadequate training for end users, causing operational issues.

Budget overruns due to unforeseen changes.

What is the purpose of a roll-back plan in change management?

To revert the system to its previous state in case the implemented change causes issues.

To permanently remove all previous versions of the system after a successful change.

To ensure that changes are implemented without testing.

To document successful changes for future reference.

What is true about IT strategy committee?

Focuses on the long-term perspective and planning for the future of the company's IT direction.

Manages and controls the implementation of IT projects and resources and monitors their effectiveness.

Focuses on operational issues and solving current problems.

Which of the following is false about IT steering committee?

Focuses on operational issues and solving current problems.

Focuses on the long-term perspective and planning for the future of the company's IT direction.

Manages and controls the implementation of IT projects and resources and monitors their effectiveness.

What is the name of the class of systems that automatically manages the process of granting/modifying/revoking access?

Identification management system

Security information and event management

Which of the following IT controls is primarily focused on risk avoidance?

Deciding not to implement a new software feature due to security vulnerabilities.

Implementing an intrusion detection system to monitor network traffic.

Purchasing cyber insurance to cover potential financial losses from data breaches.

Regularly updating antivirus software to protect against malware

What is the primary purpose of conducting a periodic access review in ITGC: Access to program and data?

To ensure that users have appropriate access rights based on their current roles and responsibilities.

To train employees on the importance of cybersecurity practices.

To monitor the system for unusual login activities in real time.

To develop new policies for password complexity requirements.

IS Audit and Control Quiz

Authored by Anel Aqtasova

Information Technology (IT)

12th Grade

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

29 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

While planning an individual audit assignment, an IS auditor should consider the following:

Prior audit reports

Risk assessment reports

Regulatory requirements

All the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is an example of deterrent control?

Installation of surveillance cameras with warning signs about filming.

Automatic backup of data to restore it in case of loss.

Installing anti-virus software to detect malware.

Regularly testing the system for vulnerabilities to eliminate them.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What can be identified as correct formula for the residual risk?

Residual risk = Gross risk – risks covered by the implemented control

Residual risk = Net risk - risks covered by the implemented control

Residual risk = Gross risk – net risk

Residual risk = Net risk – Gross risk

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What must be included in change management policy?

SoD

Requirements for roll-back plans

Emergency change management

All the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The following description is an example of which control: “In a human resources system, an employee's age can be limited from 18 to 65. If someone enters a value of 70, the system will reject it because it is outside the acceptable range”?

Data integrity principles

Checksums

Checkdigits

Limit checks

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a management’s risk appetite?

The level of risk that an organization is willing to accept in pursuit of its objectives.

A detailed process of identifying and mitigating all risks within an organization.

The minimum level of risk that an organization is legally required to avoid.

The set of policies used to eliminate all potential risks to the organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the options below is not a type of authentication?

Something you know

Something you have

Something you are

None of the above

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Quiz Literasi Digital

Quiz

•

12th Grade

25 questions

ICT Term 3 Quiz

Quiz

•

7th Grade - University

25 questions

PTS TIK 8D

Quiz

•

2nd Grade - University

30 questions

Quiz Analisis Data kelas 8 24/25

Quiz

•

8th Grade - University

30 questions

Quis AP

Quiz

•

9th - 12th Grade

25 questions

Pemahaman Jaringan Komputer

Quiz

•

8th Grade - University

25 questions

SAS Dasar Program Keahlian RPL Kelas X

Quiz

•

10th Grade - University

25 questions

G12IB-Review-Artificial Intelligence Quiz

Quiz

•

12th Grade

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

21 questions

Presidents Day Trivia

Quiz

•

6th - 12th Grade

10 questions

Valentine's Day: History and Modern Celebration

Interactive video

•

9th - 12th Grade

11 questions

Valentine's Day Trivia

Quiz

•

8th - 12th Grade

10 questions

Factor Quadratic Expressions with Various Coefficients

Quiz

•

9th - 12th Grade

18 questions

Success Strategies

Quiz

•

9th - 12th Grade

10 questions

Valentine's Day Trivia

Quiz

•

9th - 12th Grade

IS Audit and Control Quiz

While planning an individual audit assignment, an IS auditor should consider the following:

What is an example of deterrent control?

What can be identified as correct formula for the residual risk?

What must be included in change management policy?

The following description is an example of which control: “In a human resources system, an employee's age can be limited from 18 to 65. If someone enters a value of 70, the system will reject it because it is outside the acceptable range”?

What is a management’s risk appetite?

Which of the options below is not a type of authentication?

Which of the following is an example of least privilege access?

Which of changeovers requires most resources?

What is the primary purpose of maintaining a register of technical user accounts?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)