IT Audit Fundamentals Certificate 시험 - ISACA실제시험문제와 답 - 180문항

Question No : 1

Finding that a disaster recovery plan for critical business functions does not cover all systems, what is the most appropriate course of action for the IS auditor?

A.Cancel the audit.
B.Complete the audit of the systems covered by the existing DR
C.Alert management and evaluate the impact of not covering all systems.
D.Postpone the audit until the systems are added to the DR

정답:
Explanation:
An IS auditor should alert management if certain systems are omitted from the disaster recovery plan, evaluating the impact of this omission.

Question No : 2

What type of audit assesses the various internal controls, economy, and efficiency of a function or department?

A.Cybersecurity audit
B.Operational audit
C.IT infrastructure audit
D.IT process audit

정답:
Explanation:
An operational audit is designed to evaluate the various internal controls, economy, and efficiency of a function or department.

Question No : 3

What is the main function of Error Reporting and Handling in input controls?

A.Grouping input transactions
B.Balancing control totals
C.Authorization of input
D.Identifying and correcting input errors

정답:
Explanation:
Identification and correction of input errors to maintain data accuracy and integrity.

Question No : 4

What type of services can an external audit firm provide?

A.Human resource management
B.Consulting on marketing strategies
C.Independent audit of financial statements
D.Maintenance of IT systems

정답:
Explanation:
An external audit firm provides services like independent audit of financial statements, risk and regulatory compliance, and managed services related to controls testing.

Question No : 5

What is the purpose of audit hooks in application systems?

A.To process live transactions or test transactions during regular processing runs
B.To record selected information for subsequent review by an IT auditor
C.To simulate the instruction execution of the application during a process run
D.To function as red flags and alert IT auditors to potential errors or irregularities

정답:
Explanation:
Audit hooks are embedded in application systems to function as red flags and alert IT auditors to act before an error or irregularity gets out of hand.

Question No : 6

Which type of testing involves the penetration tester having limited or no knowledge of the target information systems?

A.External testing
B.Double blind testing
C.Targeted testing
D.Blind testing

정답:
Explanation:
Blind testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target information systems.

Question No : 7

When planning an IS audit, the identification of the most critical step is:

A.time allotted for the audit.
B.test steps in the audit.
C.areas of significant risk.
D.skill sets of the audit staff.

정답:
Explanation:
In the creation of a risk-based audit plan, identifying the areas of highest risk is crucial for determining the scope of the audit.

Question No : 8

Among backup techniques, what is the most appropriate when an organization requires extremely granular data restore points?

A.Virtual tape libraries
B.Continuous data backup
C.Disk-based snapshots
D.Disk-to-tape backup

정답:
Explanation:
Recovery Point Objective (RPO) determines acceptable data loss, making continuous data backup the preferred option for organizations with short RPOs.

Question No : 9

What is the PRIMARY purpose of specific IT control objectives?

A.Safeguarding assets
B.Ensuring integrity of general OS environments
C.Ensuring system development life cycle processes
D.Authorization of the input

정답:
Explanation:
Specific IT control objectives focus on safeguarding assets so that information on automated systems is up to date and secure from improper access.

Question No : 10

What is the primary role of auditors in relation to the enterprise's mission and goals?

A.To set financial goals and reduce risk for the enterprise
B.To provide assurance that management's actions are in line with the mission
C.To develop marketing strategies for the enterprise
D.To manage and implement the enterprise's mission

정답:
Explanation:
The primary role of auditors is to provide assurance that management's actions are aligned with the enterprise's mission and goals.

Question No : 11

An IT steering committee should:

A.maintain minutes of its meetings and keep the board of directors informed.
B.include a mix of members from different departments and staff levels.
C.be briefed about new trends and products at each meeting by a vendor.
D.ensure that IS security policies and procedures have been executed properly.

정답:
Explanation:
It is important to keep detailed IT steering committee minutes to document the decisions and activities of the IT steering committee. The board of directors should be informed about those decisions on a timely basis.

Question No : 12

The waterfall life cycle model in software development is most appropriately used when:

A.the project intends to apply an object-oriented design and programming approach.
B.requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate.
C.requirements are well understood and the project is subject to time pressures.
D.the project will involve the use of new technology.

정답:
Explanation:
The waterfall model is historically best suited to stable conditions and well-defined requirements.

Question No : 13

What's a feature of Agile auditing?

A.Utilizing automated tools for real-time analysis.
B.Choosing audit resources for specific tasks.
C.Planning and doing IT audit work at the same time.
D.Reporting audit results at the end of the audit.

정답:
Explanation:
In an Agile audit method, IT audit planning and fieldwork can overlap. Execution can commence on pre-planned steps, and if key resources or stakeholders are unavailable, only specific audit steps may be postponed, allowing other work to proceed.

Question No : 14

What action could be taken to ensure the portability of an application connected to a database?

A.Verification of database import and export procedures
B.Usage of a Structured Query Language
C.Analysis of stored procedures/triggers
D.Synchronization of the entity-relation model with the database physical schema

정답:
Explanation:
Using Structured Query Language (SQL) supports portability because it is a widely adopted industry standard.

Question No : 15

Which of the following controls can reduce the risk of disclosure of sensitive data stored on a mobile device?

A.Baselining and controlling the configuration and use of standard mobile device applications.
B.Providing all mobile device users with the same access privileges.
C.Allowing unrestricted data sharing between mobile devices.
D.Requiring users to store data locally on a mobile device for immediate access.

정답:
Explanation:
The configuration and utilization of standard mobile device applications should undergo baselining and stringent control. Only applications that adhere to the enterprise security architecture or come pre-installed on the mobile device as standard should receive authorization for use. Furthermore, all software applications must be properly licensed and installed by the enterprise's IT support team.

ISACA IT Audit Fundamentals Certificate 시험