ACG 516 Exam 1 | Questions with Verified Answers

ACG 516 Exam 1 | Questions with Verified Answers What is the primary purpose of IT auditing? To ensure the effective use of IT resources. Which of the following is not a typical category of internal control? A. Preventive B. Reductive C. Corrective D. Detective According to the ISO, how is an audit defined? Systematic, independent process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Which distinguishes an audit from other evaluations? A. It uses subjective judgement B. It compares against a predefined standard C. It focuses on employee behavior D. It always conducted externally What control type includes policies and procedures? A. Technical B. Administrative C. Physical D. Operational What is a key reason organizations conduct internal IT audits? A. To comply with international trade laws B. To evaluate the effectiveness of implemented controls C. To increase marketing reach D. To reduce hardware costs Which of the following is a technical control? A. Security awareness training B. Locked server cabinets C. Application firewall D. Disaster recovery plan Who typically performs external IT audits? A. Internal compliance officers B. IT operations staff C. Independent auditors or firms D. Marketing consultants What legislation mandates internal control audits for public corporations in the U.S.? A. HIPAA B. Sarbanes-Oxley Act C. Single Audit Act D. HITECH Act What certification is commonly held by IT auditors? A. PMP B. CPA C. CISA D. CISSP What is the primary reason organizations establish IT audit programs? A. To comply with external regulations B. To support enterprise management initiatives C. To reduce IT costs D. To improve employee satisfaction What framework is commonly held for IT governance? A. Six Sigma B. ISO/IEC 9001 C. COBIT D. SERVQUAL What does IT governance aim to achieve? A. Increase marketing reach B. Align IT strategy with enterprise strategy C. Reduce the number of audits D. Eliminate all IT risks Which of the following is not a key focus of IT governance according to COBIT? A. Resource management B. Performance measurement C. Strategic alignment D. Customer relationship management What is the main function of risk management in organizations? A. To eliminate all risks B. To identify, respond, and assess risks C. To increase profits D. To hire more IT staff What is the purpose of compliance activities in organizations? A. To increase IT spending B. To assess adherence to internal and external requirements C. To develop new products D. To improve customer service Certification in IT audit typically involves A. Internal self-assessment B. External evaluation by an authorized entity C. No evaluation D. Peer review by employees What cycle is crucial to quality management and IT processes? A. Waterfall B. Agile C. Plan-Do-Check-Act (PDCA) D. Spiral What is the main goal of information security management? A. To increase network speed B. To protect confidentiality, integrity, and availability of information systems C. To reduce hardware costs D. To improve software usability What role does IT audit play in organizational management functions? A. It is only used for financial reporting B. It supports governance, risk management, compliance, and quality management. C. It replaces external audits D. It is optional for most organizations What is the main purpose of having an IT audit conducted? The primary purpose is to: 1. Address the adequacy of technology based controls and 2. Their ability to effectively support internal financial controls. What is the key factor that makes an audit differ from an evaluation? An audit always has a baseline or standard reference against which the subject of the audit is compared. Audit evidence is collected to identify deficiencies for the subject of the audit (EXAMPLE - internal control over financial reporting) An audit is a TYPE of evaluation, and it is not intended to improve any metric of the subject of the audit, it is simply to evaluate whether the criteria of the audit have been met. What is the auditor's primary responsibility in an audit? The auditor's primary responsibility in an audit is to gather audit evidence, evaluate this evidence against the baseline, and finally, compare the evidence against the baseline criteria. * An example is financial reporting. The baseline would be GAAP, an an auditor may check to see if the company is recording accounts receivable at net realizable value, which is standard GAAP procedure. For external audits, who sets the "baseline" or criteria for the audit? Generally, the criteria is established by regulatory bodies that are both known to the auditor and the one being audited. For example, the FASB sets the standards for GAAP. Another example is the ASB sets the standards for GAAS. COSO Definition of Internal Control a process (policies, plans, procedures) designed to provide reasonable assurance regarding the achievement of objectives. What are the categories of controls within IT auditing? What are the three categories they can be further broken down into? Preventive, Detective, and Corrective Controls Physical, Technical, Administrative Which of the following is an example of a physical preventive IT control? A. Lock on server cabinets B. Network monitoring C. Video surveillance D. Sprinkler system Which of the following is an example of a physical detective IT control? A. Acceptable use policy B. Disaster recovery plan C. Plan of action and milestones D. Burglar alarm What is an example of a physical corrective IT control? A. Biometric access control B. Vulnerability scanning C. Sprinkler system D. Data and system backup What is an example of a technical preventive IT control? A. Security awareness training B. Networking monitoring C. Application firewall D. Burglar alarm What is an example of an a technical detective IT control? A. Vulnerability scanning B. Application firewall C. Burglar Alarm D. Alternate processing facility What is an example of a technical corrective IT control? A. Alternate processing facility B. Application firewall C. IT audit program D. Data and system backup What is an example of an administrative preventive IT control? A. Audit log review B. Locked server cabinets C. Security awareness training D. Alternate processing facility What is an example of an administrative detective control? A. Vulnerability scanning B. IT audit program C. Logical access control D. Sprinkler system What is an example of an administrative corrective control? A. Data and system backup B. Burglar alarm C. Disaster recovery plan D. Logical access control What is the main purpose of cookies in web browsers? To store information that can identify users when they revisit web servers What is cyberspace primarily composed of? All connected digital infrastructure, including the Internet, private networks, and devices Which identifier is tied to the hardware of a mobile phone? IMEI (International Mobile Equipment Identity) What is the main function of Domain Name Service (DNS) Map human-readable domain names to IP addresses What is packet-switching Dividing data into small packets sent independently over the network What is the deep web? Content not indexed by search engines and not accessible to everyone What is the dark web most commonly accessed through? Tor anonymizing router and .onion addresses What is a firewall used for in cyberspace? Blocking or filtering certain types of network traffic What is THE major challenge in cyberspace security? Defenders must protect against all types of attacks, while an attacker must only succeed in one type of attack What is social engineering in the context of cyberspace? Manipulating human actions to compromise security (e.g., phishing, clickbait) What is the name of the shipping company that was impacted by "NotPetya"