AIS test 3 questions with complete
solutions
Which statement about Information Technology (IT) is FALSE?
a. IT includes systems for the processing and distribution of data.
b. IT includes controls for facility power and utilities.
c. IT includes the technology and processes involved with technology.
d. IT is concerned with both hardware and software. - correct answer ✔✔ b. IT includes controls
for facility power and utilities.
What is the most widely used international standard for IT governance?
a. COSO
b. COBIT
c. ISACA
d. ITGC - correct answer ✔✔ b. COBIT
What determines when data is being stored during data back?
a. Backup time
b. Backup calendar
c. Backup event
d. Backup cycle - correct answer ✔✔ d. Backup cycle
When disaster strikes, what two metrics concerning system and data restoration are important
to consider?
a. Recovery Technology Objective (RTO) and Recovery Process Objective (RPO)
,b. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
c. Recovery Time Objective (RTO) and Recovery Process Objective (RPO)
d. Recovery Technology Objective (RTO) and Recovery Point Objective (RPO) - correct answer
✔✔ b. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Which user has access to all three change management environments?
a. No user has access to all environments.
b. IT Analyst
c. Developer
d. Production control - correct answer ✔✔ a. No user has access to all environments.
Which framework would an IT manager select to make sure that access to sensitive customer
data is limited to only those who require access?
a. COSO
b. ISACA
c. ITGC
d. COBIT - correct answer ✔✔ d. COBIT
Disaster recovery planning involves categorizing systems and data based on importance to the
business. Which of the following types of systems going down could have a detrimental impact
on a business and should have a restoration plan that minimizes downtime to a few hours or
less?
a.Employee benefits system
b. Payroll system
c. Retail point of sale system
d. Customer service management system - correct answer ✔✔ c. Retail point of sale system
Which of the following statements about user access de-provisioning is FALSE?
, a. User access de-provisioning is the formal process of changing a user's access.
b. Removing someone's access does not create risk for the system.
c. User access de-provisioning should occur after an employee's termination or transfer.
d. Removing access to systems is not required for employee promotions. - correct answer ✔✔
d. removing access to systems is not required for employee promotions.
Moore Software Development (MSD), Inc. began operations in Moore, Oklahoma, an area prone
to tornadoes. Recent business growth necessitates the need for a larger data center. Select the
most appropriate statement associated with MSD's new data center.
a. All of these statements are correct.
b. MSD should expand their current on-site data center so that all components will be secure in
one location.
c. MSD should locate a space for an off-site data center in an area away from the risk of bad
weather to mitigate the risk of losing both centers at the same time.
d. MSD should lease data center space nearby to allow current IT staff easy access to additional
components. - correct answer ✔✔ c. MSD should locate a space for an off-site data center in an
area away from the risk of bad weather to mitigate the risk of losing both centers at the same
time.
Which of these access roles would you assign an internal auditor reviewing accounts payable
and accounts receivable transactions?
a. Creator
b. Administrator
c. User
d. Read-only - correct answer ✔✔ d. read-only
Which of the following represents an accurate definition of external fraud?
a. External fraud is fraud committed by a company's accounting firm to misrepresent the
financial status of the firm to the public.
solutions
Which statement about Information Technology (IT) is FALSE?
a. IT includes systems for the processing and distribution of data.
b. IT includes controls for facility power and utilities.
c. IT includes the technology and processes involved with technology.
d. IT is concerned with both hardware and software. - correct answer ✔✔ b. IT includes controls
for facility power and utilities.
What is the most widely used international standard for IT governance?
a. COSO
b. COBIT
c. ISACA
d. ITGC - correct answer ✔✔ b. COBIT
What determines when data is being stored during data back?
a. Backup time
b. Backup calendar
c. Backup event
d. Backup cycle - correct answer ✔✔ d. Backup cycle
When disaster strikes, what two metrics concerning system and data restoration are important
to consider?
a. Recovery Technology Objective (RTO) and Recovery Process Objective (RPO)
,b. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
c. Recovery Time Objective (RTO) and Recovery Process Objective (RPO)
d. Recovery Technology Objective (RTO) and Recovery Point Objective (RPO) - correct answer
✔✔ b. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Which user has access to all three change management environments?
a. No user has access to all environments.
b. IT Analyst
c. Developer
d. Production control - correct answer ✔✔ a. No user has access to all environments.
Which framework would an IT manager select to make sure that access to sensitive customer
data is limited to only those who require access?
a. COSO
b. ISACA
c. ITGC
d. COBIT - correct answer ✔✔ d. COBIT
Disaster recovery planning involves categorizing systems and data based on importance to the
business. Which of the following types of systems going down could have a detrimental impact
on a business and should have a restoration plan that minimizes downtime to a few hours or
less?
a.Employee benefits system
b. Payroll system
c. Retail point of sale system
d. Customer service management system - correct answer ✔✔ c. Retail point of sale system
Which of the following statements about user access de-provisioning is FALSE?
, a. User access de-provisioning is the formal process of changing a user's access.
b. Removing someone's access does not create risk for the system.
c. User access de-provisioning should occur after an employee's termination or transfer.
d. Removing access to systems is not required for employee promotions. - correct answer ✔✔
d. removing access to systems is not required for employee promotions.
Moore Software Development (MSD), Inc. began operations in Moore, Oklahoma, an area prone
to tornadoes. Recent business growth necessitates the need for a larger data center. Select the
most appropriate statement associated with MSD's new data center.
a. All of these statements are correct.
b. MSD should expand their current on-site data center so that all components will be secure in
one location.
c. MSD should locate a space for an off-site data center in an area away from the risk of bad
weather to mitigate the risk of losing both centers at the same time.
d. MSD should lease data center space nearby to allow current IT staff easy access to additional
components. - correct answer ✔✔ c. MSD should locate a space for an off-site data center in an
area away from the risk of bad weather to mitigate the risk of losing both centers at the same
time.
Which of these access roles would you assign an internal auditor reviewing accounts payable
and accounts receivable transactions?
a. Creator
b. Administrator
c. User
d. Read-only - correct answer ✔✔ d. read-only
Which of the following represents an accurate definition of external fraud?
a. External fraud is fraud committed by a company's accounting firm to misrepresent the
financial status of the firm to the public.
