CITP Practice MCQ Bank questions with verified solutions

CITP Practice MCQ Bank questions with verified solutions
|| || || || || || ||




One reason why IT auditing evolved from traditional auditing was that:
|| || || || || || || || || ||




A. Auditors realized that computers had impacted their ability to perform the attestation
|| || || || || || || || || || || || ||




function



B. Computers and information processing were not a key resource
|| || || || || || || || || ||




C. Professional associations such as AICPA and ISACA did not recognize the need
|| || || || || || || || || || || || ||




D. Government did not recognize the need - ✔✔A
|| || || || || || || ||




IT auditing may involve:
|| || ||




A. Organizational IT audits
|| || || ||




B. Application IT audits
|| || || ||




C. Development/implementation IT audits
|| || || ||




D. All of the above - ✔✔D
|| || || || || ||




Breadth and depth of knowledge required to audit IT and systems are extensive and may
|| || || || || || || || || || || || || || ||




include:

,A. Application of risk-oriented audit approaches
|| || || || || ||




B. Reporting to management and performing follow-up review to insure action taken
|| || || || || || || || || || || ||




C. Assessment of security and privacy issues that can put the organization at risk
|| || || || || || || || || || || || || ||




D. All of the above - ✔✔D
|| || || || || ||




COBIT stands for: || ||




A. A computer language
|| || || ||




B. A derafel agency
|| || || ||




C. Control Objective for Information and Related Technology
|| || || || || || || ||




D. None of the above - ✔✔C
|| || || || || ||




ISACA stands for: || ||




A. Information Systems Security Association
|| || || || ||




B. Institute of Internal Auditors
|| || || || ||




C. Information Systems Audit and Control Association
|| || || || || ||

,D. International Association for Computer Educators - ✔✔C
|| || || || || || ||




ISO is: ||




A. A government organization
|| || || ||




B. A private company
|| || || ||




C. International Organization for Standardization
|| || || || ||




D. None of the above - ✔✔C
|| || || || || ||




Federal government plan for improving security on the Internet is called:
|| || || || || || || || || ||




A. FIP 102 Computer Security and Accreditation
|| || || || || ||




B. National Strategy for Securing Cyberspace
|| || || || ||




C. Computer Abuse Act of 1984
|| || || || ||




D. Privacy Act of 1974 - ✔✔B
|| || || || || ||




Sarbanes-Oxley Act of 2002: || || ||




A. Does not affect the attestation function
|| || || || || ||

, B. Applies only to the Big Four accounting firms
|| || || || || || || ||




C. Requires auditor rotation
|| || ||




D. Does not apply to small accounting/audit firms - ✔✔C
|| || || || || || || || ||




Which is the most recent federal law that addresses computer security or privacy?
|| || || || || || || || || || || ||




A. Computer Fraud and Abuse Act
|| || || || ||




B. Computer Security Act
|| || ||




C. Homeland Security Act
|| || ||




D. Electronic Communications Privacy Act - ✔✔C
|| || || || || ||




Which act has a provision where punishment can be up to life in prison if electronic hackers
|| || || || || || || || || || || || || || || || ||




are

found guilty of causing death to others through their actions?
|| || || || || || || || ||




A. Computer Fraud and Abuse Act
|| || || || ||




B. Freedom of information Act
|| || || ||




C. Communications DcenDcey Act
|| || ||