IIA IIA-CIA-Part2 Quiz 202 Topic 2 Questions 1006-1010

Question: 1

While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs be

AGenerated and maintained on a separate secure server.

BAccessible by administrative users only.

CEncrypted to ensure that the logs cannot be deleted.

DRestored automatically to the Web server from backup files.

Show Answer

Question: 2

When assessing the risk associated with an activity, an internal auditor should

ADetermine how the risk should best be managed

BProvide assurance on the management of the risk

CModify the risk management process based on risk exposures.

DDesign controls to mitigate the identified risks

Show Answer

Question: 3

Which of the following factors would not be considered in determining appropriate followup procedures?

AThe significance of the audit finding

BThe effort and cost needed to correct the reported condition.

CThe availability of funds in the audited department's budget to correct the reported condition.

DThe potential consequences if the corrective action fails.

Show Answer

Question: 4

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use

ASimple random sampling to select a sample of vouchers processed by the department during the past year.

BProbability proportional to size sampling to select a sample of vouchers processed by the department during the past year.

CDiscovery sampling to select a sample of vouchers processed by the department during the past year.

DJudgmental sampling to select a sample of vouchers processed by clerks who were identified by the department manager as acting suspiciously.

Show Answer

Question: 5

A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess

AKnowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse.

BKnowledge of what constitutes evidence acceptable in a court of law.

CSuperior analytical skills that would facilitate the identification of computer abuse.

DSuperior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board.

Show Answer

IIA IIA-CIA-Part2 Quiz:202 Topic:2 Questions:1006-1010