Certified Information Systems Auditor

Multiple Choice Questions:

1. Which of the following is not one of the models and approaches of
Integrated Manufacturing Systems?
a. Bill of Materials
b. Interactive Voice Response
c. Manufacturing Resources Planning
d. Computer-Assisted Design

2. Which of the following is not the type of E-commerce?

a. Business-to-consumer
b. Business-to-government
c. Business-to-management
d. Consumer-to-government

3. Which of the following is not an important element of E-commerce Risk?

a. Integrity
b. Authentication and nonrepudiation
c. Availability
d. Building a business case

4. Is the following statement true or false?

At the beginning of the audit process, audit planning is conducted to build
the overall audit strategy and describe the particular procedures to be
fulfilled for the implementation of the strategy and completion of the audit.
a. True
b. False
5. Which of the following statements are correct regarding the Risk Analysis?
I. Risk analysis is the process of identifying and analysing issues that
can affect key business initiatives or critical projects to help
organisations to avoid or reduce those risks.
II. Risk analysis is the analysis of the risks associated with a particular
event or action.
III. A risk analysis is the process of identifying what hazards currently
exist or may appear in the workplace.
IV. A risk analysis is simply a careful examination of what, in your work,
could cause harm to people.
a. I and II only
b. II and III only
c. II and IV only
d. I, II, III, and IV

6. What is the full form of EAI?

a. External Authoring Interface
b. Enterprise Application Integration
c. Executive Agent Instruction
d. Enterprise Application Interface

7. Which of the following is the fourth step of the Risk Management Process?
a. Calculation of Risk
b. Evaluation of the Impact
c. Evaluation of and Response to Risk
d. Evaluation of Threats and Vulnerabilities to Assets

8. Which of the following is the third step of Plan Testing?

a. Plan Maintenance
b. Result Analysis
c. Documentation
d. Test Execution
9. In an organisation’s modern inter-networking environment, all the tasks
can be accomplished by a set of tools generically called
__________management tools.
a. System
b. Network
c. Accounting
d. Sales

10. Combinations of procedures whereby an IS auditor uses the same

techniques as a hacker are called ___________tests, intrusion tests or
ethical hacking.
a. Regression
b. Penetration
c. Integration
d. Component

11. How many types of Project Management structures?

a. 3
b. 2
c. 4
d. 5

12. Which of the following is the third stage of Rapid Application

Development?
a. Development Stage
b. Functional Design Stage
c. Deployment Stage
d. Concept Definition Stage
13. Which of the following statement is incorrect regarding the Software
Testing?
a. Test plans identify the particular portions of the system to be tested
and may include a categorisation of types of deficiencies that can be
found during the test.
b. The tester determines the severity of the problem found during
testing.
c. Based on the severity level, the problem may be fixed prior to
implementation.
d. When Software Testing checking is done against authorised source
documentation, it is common to check only a portion of the file at a
time.

14. Which of the following is not the type of Disk-based backup system?
a. Virtual Tape Libraries
b. Flat rack container
c. Disk-Array-Based Replication
d. Host-Based Replication

15. Which of the following is the fifth stage of the IDEAL Model?
a. Diagnosis
b. Learning
c. Action
d. Establishment

16. Which of the following is not the type of Penetration test?

a. Blind testing
b. Targeted testing
c. Automated testing
d. Internal testing
17. On which of the following category wireless Security threat cannot be
classified?
a. Malicious Hackers
b. Written security policies and procedures
c. Threats to Personal Privacy
d. Malicious Code

18. Which of the following is not the characteristic of cloud computing?

a. Broad Network Access
b. Measured Service
c. Resource Pooling
d. Multiple heterogeneous machines

19. In __________ key cryptographic systems, the symmetric encryption

algorithm uses a secret key to encrypt the plaintext to the ciphertext.
a. Symmetric
b. Asymmetric
c. Hash function
d. Public

20. Is the following statement true or false?

Supply chain management (SCM) is linking the business processes between
the related entities such as the buyer and the seller.
a. True
b. False

21. Which of the following is not an element of data life cycle?

a. Design
b. Use/Operate
c. Monitor
d. Data Transformation
22. ______________is a critical step in developing the business continuity
strategy and the subsequent implementation of the risk countermeasures
and the BCP in particular.
a. Business impact analysis
b. Project management
c. Program management
d. Risk analysis and review

23. What is the full form of COM?

a. Customer Owned Material
b. Collection Operations Management
c. Component Object Model
d. Character-Oriented Messages

24. Which of the following is not the type of test?

a. Structured walk-through
b. Simulation test
c. Half interruption tests
d. Parallel test

25. Which of the following is not the Risk Assessment?

a. Risk mitigation
b. Risk acceptance
c. Risk sharing
d. Risk transference
26. Which of the following statement is correct regarding the Abrupt
Changeover technique?
a. In an abrupt changeover approach, the newer system is changed
over from the older system on a cutoff date and time, and the older
system is discontinued once the changeover to the new system takes
place.
b. In an abrupt changeover approach, the older system is broken into
deliverable modules.
c. The abrupt changeover technique includes running the old system,
then running both the old and new systems in parallel, and, finally,
fully changing over to the new system after gaining confidence in the
working of the new system.
d. The abrupt changeover technique is appropriate only before testing
the old system concerning its program and relevant data.

27. Which of the following statement is not correct about the Radio Frequency
Identification?
a. Radio frequency identification (RFID) is the use of radio waves to find
tagged objects within a narrow radius.
b. In RFID, the microchip saves information along with an ID to
recognise a product, while the antenna transmits this information to
an RFID reader.
c. In RFID, a tag comprises a microchip and an antenna.
d. RFID offers high record ability, power-free storage, a small form
factor, and sharp environmental specifications.
28. Which of the following statement is incorrect regarding the private branch
exchange?
a. A PBX is a computer-based switch that acts as an in-house phone
company for the organisation.
b. An unsecured PBX can result in exposing the organisation to toll
fraud, theft of proprietary or confidential information, loss of
revenue, or legal entanglements.
c. PBXs are now being phased out gradually but have been part of the
organisations infrastructure.
d. PBX address the security aspects of the deployment of a mail server
through maintenance and administration standards.

29. What is the Mobile Computing?

a. Mobile computing refers to devices that are moved during normal
usage.
b. Mobile computing presents a global threat to an enterprise’s
information resources and must be properly controlled
c. In Mobile Computing, devices can connect from any location, there
should be adequate policies and procedures for additional.
d. In Mobile Computing, the IS auditor should know the fact that these
types of media can be used for stealing data and programs for
personal use or gain.

30. Which of the following is the third step to Perform Audit Planning?
a. Gain an understanding of the organisation’s governance structure
and practices associated to the audit objectives.
b. Understand changes in the business environment of the auditee.
c. Identify stated contents such as policies, standards and required
guidelines, procedures, and organisation structure.
d. Perform a risk analysis to help in designing the audit plan and set the
audit scope and audit objectives.