CIA CIA Information Technology & Systems

Question 1

Which IT general control category is most directly concerned with ensuring that only authorized users can access financial systems?

Accepted Answer

Logical access controls

Answer

Change management controls

Answer

Computer operations controls

Answer

System development controls

Question 2

In an IT audit, a 'segregation of duties' weakness most commonly occurs when a single user can both:

Accepted Answer

Initiate transactions and approve them

Answer

Read reports and print them

Answer

View audit logs and export them

Answer

Create user accounts and delete files

Question 3

What is the primary purpose of an IT change management process?

Accepted Answer

To ensure changes to systems are authorized, tested, and documented

Answer

To speed up software deployments

Answer

To track user complaints about software

Answer

To monitor network bandwidth usage

Question 4

A CIA examiner reviewing a company's IT controls finds that system administrators also perform end-user functions. This is an example of a failure in:

Accepted Answer

Segregation of duties

Answer

Business continuity planning

Answer

Data encryption standards

Answer

Patch management

Question 5

Which of the following best describes a 'data dictionary' in the context of IT general controls?

Accepted Answer

A repository defining the structure, format, and relationships of data elements

Answer

A list of approved software vendors

Answer

A log of all database transactions

Answer

A glossary of IT audit terms

Question 6

During a CIA audit, an auditor assesses whether backups are stored offsite. This control is primarily designed to support:

Accepted Answer

Business continuity and disaster recovery

Answer

Access control compliance

Answer

Change management procedures

Answer

User authentication standards