CIA CIA IT Audit & Information Systems

Question 1

Which IT general control ensures that only authorized users can access an organization's financial systems?

Accepted Answer

Access controls

Answer

Change management controls

Answer

Backup and recovery controls

Answer

System development lifecycle controls

Question 2

What is the primary objective of IT general controls (ITGCs) as evaluated during an internal audit?

Accepted Answer

Provide a foundation of reliability for application controls and financial data

Answer

Ensure IT projects are completed on schedule

Answer

Reduce IT hardware procurement costs

Answer

Manage vendor contracts for software licenses

Question 3

Which concept describes the process of verifying that a user is who they claim to be before granting system access?

Accepted Answer

Authentication

Answer

Authorization

Answer

Accountability

Answer

Non-repudiation

Question 4

In IT audit, what does 'change management control' primarily prevent?

Accepted Answer

Unauthorized or untested changes to production systems

Answer

Budget overruns on IT projects

Answer

Hardware failures in data centers

Answer

Phishing attacks on end users

Question 5

What is the purpose of a business continuity plan (BCP) from an IT audit perspective?

Accepted Answer

Enable the organization to continue critical operations after a disruptive event

Answer

Ensure daily data backups are performed

Answer

Test employee cybersecurity awareness

Answer

Manage software licensing compliance

Question 6

Which audit procedure is most effective for testing that user access privileges are appropriate and follow least privilege principles?

Accepted Answer

Performing a user access review (UAR)

Answer

Reviewing IT project plans

Answer

Testing disaster recovery procedures

Answer

Inspecting software licensing agreements