Assessment

Question 1

Testing that obtains audit evidence on the completeness, accuracy, or existence of activities or transactions during the audit period

Answer 1

Substantive Testing

Question 2

Testing that gathers evidence for the purpose of testing an enterprises compliance with control procedures. This differs from substantive testing in which evidence is gathered to evaluate the integrity of individual transactions, data or other information.

Answer 2

Compliance/Control Testing

Question 3

Testing that evaluates the relationship of two sets of data and discerns inconsistencies in the relationship.

Answer 3

Analytical Testing

Question 4

The risk that a review will not detect or notice a material issue

Answer 4

Detection Risk

Question 5

The risk that a material error could occur, if there are no related internal controls to prevent or detect the error.

Answer 5

Inherent Risk

Question 6

The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls.

Answer 6

Control Risk

Question 7

Tools used for accessing data in an electronic form from diverse software environments, record formats etc.

Answer 7

Computer-Assisted Auditing Tools (CAATs)

Question 8

Sampling method used when an IS auditor is trying to determine whether a type of event has occurred. Best suited to assess the risk of fraud and to identify whether a single occurrence has taken place.

Answer 8

Discovery Sampling

Question 9

Sampling method that helps limit the size of a sample and allows the test to be stopped at the earliest possible moment.

Answer 9

Stop-or-go Sampling

Question 10

Sampling method used to test compliance of transactions to controls.

Answer 10

Attribute Sampling

Question 11

Sampling method used in substantive testing situations and deals with population characteristics that vary, such as monetary values and weights.

Answer 11

Variable Sampling

Question 12

Internal controls that are intended to reduce the risk of an existing or potential control weakness that may arise when duties cannot be appropriately segregated.

Answer 12

Compensating Controls

Question 13

Test technique that identifies specific program logic that has not been tested and analyzes programs during execution to indicate whether program statements have been executed.

Answer 13

Mapping

Question 14

Test technique that records the flow of designated transactions through logic paths within programs.

Answer 14

Snapshot

Question 15

Test technique that shows the trail of instructions executed during an application.

Answer 15

Trace & Tagging

Question 16

Test technique that represents the activity of recording specific tasks for future review

Answer 16

Logging

Question 17

Testing used to test for the introduction of new errors in the system after changes have been applied.

Answer 17

Regression Testing

Question 18

Testing used to test the functionality of the system against detailed requirements to ensure that software construction is traceable to customer requirements

Answer 18

Validation Testing

Question 19

Testing used to see whether the system can operate in the target environment without adverse impacts on the existing systems.

Answer 19

Sociability Testing

Question 20

Testing that evaluates the performance of the software under normal and peak conditions.

Answer 20

Load Testing

Question 21

Testing that determines the capacity of the software to cope with an abnormal number of users or simultaneous operations.

Answer 21

Stress Testing

Question 22

Testing that evaluates the ability of a system to recover after a failure.

Answer 22

Recovery Testing

Question 23

Testing that evaluates the impact of incremental volume of records (not users) on a system.

Answer 23

Volume Testing

Question 24

After the full backup, only the files that have changed are backed up, thus minimizing media storage.

Answer 24

Incremental Backup

Question 25

A number of internet-connected devices, each of which is running one or more bots used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.

Answer 25

Botnet

Question 26

Programs designed to destroy or modify data at a specific event or time in the future.

Answer 26

Logic Bombs

Question 27

An attack, normally via email, pretending to be an authorized person or organization requesting information.

Answer 27

Phishing

Question 28

A program that picks up information from PC drives by making copies of their contents.

Answer 28

Spyware