Soal 1: Tipe 1 Tipe 2

Soal 1
Tipe 1 Tipe 2
An IS auditor is evaluating data mining and Which of the following represents
auditing software to be used in future IS
audits. What is the PRIMARY ability that the
an example of a preventive control
IS auditor should look for in the software with respect to IT personnel?
tool? The software tool should
a)review of visitor logs for the
a)Interface with various types of enterprise
resource planning (ERP) software and
data center
databases b)A log server which track logon
b)Preserve data integrity and not modify IP addreses of users
source data in any way
c)Introduce audit hooks into the company's c)Implementation of a badge
financial systems to support continuous entry system for the IT facility
auditing
d)An accounting system which
d)Be customizable and support inclusion of
custom programming to aid in tracks employee telephone
investigative analysis calls
Soal 2
Tipe 1 Tipe 2
Management instructs a junior IS When performance issues are

auditor to prepare and deliver a final discovered during an assessment
report using his/her best judgment of the organization's network, the
since no senior IS auditor is available: MOST efficient way for the IS
a)The loss of reputation because auditor to proceed is to examine
the audit was not performed the:
according to standards
a)anti virus controls that have
b)The audit report fails to identify been put in place
and classify critical risks
b)protocols used on the network
c)Client management will challenge
the findings c)network topology
d)The audit report may not be d)configuration of network
approved by audit management devices
Soal 3
Tipe 1 Tipe 2
An IS auditor is reviewing the process The internal audit department of organization has been
developed and maintained ACL scripts for continuous
performed for the protection of digital auditing purposes. These scripts were provided to IT
evidence. Which of the following findings management for continuous monitoring purposes. This
situation resulted in a potential conflict related to the
should present the MOST concern to the auditor's independence and objectivity. Which of the
IS auditor? following actions would BEST resolve this issue?
a)The internal audit team should stop sharing the scripts
a)The owner of the system was not so that IT management mus developed its own scrips
present at the time of evidence b)Since continuous monitoring & continuous auditing are
retrieval similar function. IT management should assign the
continuous monitoring task to the internal audit
b)The system was powered off by an department
investigator c)IT management should continue to use the scripts for
continuous monitoring purposes with the
c)There are no documented logs of the understanding that it is responsible for testing and
maintaining the scripts that it uses
transportation of evidence
d)The internal audit team should review the areas where
d)The contents of the random access these scripts are being used and reduce the audit
scope and frequency for those areas
memory (RAM) were not backed up
Soal 4
Tipe 1 Tipe 2
Which of the following is the most In a risk based audit approach, the IS
significant risk of changing from using a auditor must consider the inherent risk
traditional audit approach to a facilitated as well as considering:
control self-assessment (FCSA)
workshop approach without adequate a)how to eliminate the risk through
planning and preparation? the application of controls
a)FCSA workshops may not provide b)the balance of loss potential Vs.
enough independence the cost to implement controls
b)The audit work will not be completed c)whether the risk is material
on time regardless of management's
c)Critical risk issues may not be tolerance for risk
identified by the process d)whether the residual risk is higher
d)The final report will not be able to be than the insurance coverage
released to senior management purchased
Soal 5
Tipe 1 Tipe 2
An IS auditor is developing an audit plan for a repeat An IS auditor has been asked to review the security
client. The auditor reviews the prior year audit plan controls for a critical web-based order system shortly
and finds that the previous plan was designed to before the scheduled go-live date. The auditor conducts
review the company network and e-mail systems, a penetration test which produces inconclusive results
which were newly implemented last year, but the plan and additional testing cannot be concluded by the
did not include reviewing the e-commerce web completion date agreed for the audit. Which of the
server. The company IT manager indicates that this following is the BEST option for the auditor?
year the organization prefers to focus the audit on a a)Publish a report based on the available information,
newly-implemented enterprise resource planning highlighting the potential security weaknesses and
(ERP) application. How should the IS auditor the requirement for the follow-up audit testing
respond? b)Publish a report omitting the areas where the
a)Audit the new ERP application as requested by evidence obtained from testing was inconclusive
the IT manager c)Request a delay of the go-live date until additional
security testing can be completed and evidence of
b)Audit the e-commerce server since it was not
appropriate controls can be obtained
audited last year
d)Inform management that audit work cannot be
c)Determine the highest-risk systems and plan the completed within the agreed time frame and
audit based on the results recommend that the audit be postponed
d)Audit both the e-commerce server and the ERP
application
Soal 6
An IS auditor has been asked to review the security An IS auditor is developing an audit plan for a repeat
controls for a critical web-based order system shortly client. The auditor reviews the prior year audit plan
before the scheduled go-live date. The auditor conducts and finds that the previous plan was designed to
a penetration test which produces inconclusive results review the company network and e-mail systems,
and additional testing cannot be concluded by the which were newly implemented last year, but the plan
completion date agreed for the audit. Which of the did not include reviewing the e-commerce web
following is the BEST option for the auditor? server. The company IT manager indicates that this
a)Publish a report based on the available information, year the organization prefers to focus the audit on a
highlighting the potential security weaknesses and newly-implemented enterprise resource planning
the requirement for the follow-up audit testing (ERP) application. How should the IS auditor
b)Publish a report omitting the areas where the respond?
evidence obtained from testing was inconclusive a)Audit the new ERP application as requested by
c)Request a delay of the go-live date until additional the IT manager
security testing can be completed and evidence of
b)Audit the e-commerce server since it was not
appropriate controls can be obtained
audited last year
d)Inform management that audit work cannot be
completed within the agreed time frame and c)Determine the highest-risk systems and plan the
recommend that the audit be postponed audit based on the results
d)Audit both the e-commerce server and the ERP
application
Soal 7
Tipe 1 Tipe 2
In a risk based audit approach, the IS Which of the following is the most
auditor must consider the inherent risk significant risk of changing from using a
as well as considering: traditional audit approach to a facilitated
control self-assessment (FCSA)
a)how to eliminate the risk through workshop approach without adequate
the application of controls planning and preparation?
b)the balance of loss potential Vs. a)FCSA workshops may not provide
the cost to implement controls enough independence
c)whether the risk is material b)The audit work will not be completed
regardless of management's on time
tolerance for risk c)Critical risk issues may not be
d)whether the residual risk is higher identified by the process
than the insurance coverage d)The final report will not be able to be
purchased released to senior management
Soal 8
Tipe 1 Tipe 2
The internal audit department of organization has been An IS auditor is reviewing the process
developed and maintained ACL scripts for continuous
auditing purposes. These scripts were provided to IT performed for the protection of digital
management for continuous monitoring purposes. This evidence. Which of the following findings
situation resulted in a potential conflict related to the
auditor's independence and objectivity. Which of the should present the MOST concern to the
following actions would BEST resolve this issue? IS auditor?
a)The internal audit team should stop sharing the scripts
so that IT management mus developed its own scrips a)The owner of the system was not
b)Since continuous monitoring & continuous auditing are present at the time of evidence
similar function. IT management should assign the retrieval
continuous monitoring task to the internal audit
department b)The system was powered off by an
c)IT management should continue to use the scripts for investigator
continuous monitoring purposes with the
understanding that it is responsible for testing and c)There are no documented logs of the
maintaining the scripts that it uses
transportation of evidence
d)The internal audit team should review the areas where
these scripts are being used and reduce the audit d)The contents of the random access
scope and frequency for those areas
memory (RAM) were not backed up
Soal 9
Tipe 1 Tipe 2
When performance issues are Management instructs a junior IS

discovered during an assessment auditor to prepare and deliver a final
of the organization's network, the report using his/her best judgment
MOST efficient way for the IS since no senior IS auditor is available:
auditor to proceed is to examine a)The loss of reputation because
the: the audit was not performed
according to standards
a)anti virus controls that have
been put in place b)The audit report fails to identify
and classify critical risks
b)protocols used on the network
c)Client management will challenge
c)network topology the findings
d)configuration of network d)The audit report may not be
devices approved by audit management
Soal 10
Tipe 1 Tipe 2
Which of the following represents An IS auditor is evaluating data mining and

auditing software to be used in future IS
an example of a preventive control audits. What is the PRIMARY ability that the
with respect to IT personnel? IS auditor should look for in the software
tool? The software tool should
a)review of visitor logs for the
a)Interface with various types of enterprise
data center resource planning (ERP) software and
b)A log server which track logon databases
IP addreses of users b)Preserve data integrity and not modify
source data in any way
c)Implementation of a badge c)Introduce audit hooks into the company's
entry system for the IT facility financial systems to support continuous
auditing
d)An accounting system which
d)Be customizable and support inclusion of
tracks employee telephone custom programming to aid in
calls investigative analysis

Soal 1: Tipe 1 Tipe 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Soal 1: Tipe 1 Tipe 2

Uploaded by

Copyright:

Available Formats

Soal 1

Management instructs a junior IS When performance issues are

When performance issues are Management instructs a junior IS

Which of the following represents An IS auditor is evaluating data mining and

You might also like