Domain 2 : Practice Questions (ISACA)

Question 1

An IS auditor of a large organization is reviewing the roles and responsibilities for the IT function and has found some individuals serving multiple roles. Which one of the following combinations of roles should be of GREATEST concern for the IS auditor?

A. Network administrators are responsible for quality assurance.
B. System administrators are application programmers.
C. End users are security administrators for critical applications.
D. Systems analysts are database administrators.

Answer 1

B. System administrators are application programmers.

Question 2

Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

A. User management coordination does not exist.
B. Specific user accountability cannot be established.
C. Unauthorized users may have access to originate, modify or delete data.
D. Audit recommendations may not be implemented.

Answer 2

C. Unauthorized users may have access to originate, modify or delete data.