1.

The audit client represents:

A. Mandatory, the audited organization
B. The organizations for audit certification
C. Mandatory, the organization that sustains the all costs of an audit process
D. Organizations that carries out the audit process

2. Vulnerability is:
A. Identification of the security risks, establishing of their levels and the areas
with protection need
B. Potential given by a threat to be materialized
C. Consequence of a unwanted incident
D. Residual risk after the implementation of the protection
E. Feature or propriety exploitable by a threat to produce damages

3. In the initiation stage of the audit, selection of the audit team does NOT include:
A. Optional inclusion of some technical experts
B. Establishing the size of the audit team
C. Designation of the team leader
D. Optional inclusion of some auditors ongoing training
E. Establishing the team members skills

4. In risk evaluation process, an electronic invoice modified without authorization in

order to commit fraud addressed:
A. Traceability;
B. Integrity;
C. Confidentiality;
D. Availability;
E. Compliance;

5. Which of the following elements is audit area?

A. Product
B. Service
C. Process
D. Management system.

6. Which of the following statements is FALSE?

A. The audit is not a management tool
B. The audit established the effectiveness of the management system
C. The audit represents the starting point for management system development
D. The audit established the compliance or noncompliance of the management
system in relation to the audit criteria
E. The audit ensures the improvement of the management system.

7. In the implementation stage of a program audit, what are the activities that are
not included?
A. Establishing the responsibilities in the audit program
B. Audits planning
C. Selection of the audit team
D. Leading of the audit activities
E. Auditors assessment
8. Specify which of the following elements are considered risk control strategies:
A. Probability reducing
B. Impact reducing
C. Early reducing
D. Risk transfer

9. Physical and environment security for the audited system is:

A. Required skill of the audit team leader
B. Development stage of an audit process
C. Activity in an audit program
D. Control type provided by the standard ISO/IEC 17799:2005
E. Standard of informatics security

10.Specify which of the following elements are control classes for asset
management as control type in ISO/IEC 17799:2005
A. Operational procedures and responsibilities
B. Secure areas
C. Responsibility for the asset
D. Information classification

11.Specify the stage of an audit process in which the audit plan is build:
A. Audit initiation
B. Document analysis
C. Audit report preparation
D. Audit preparation on site
E. Carrying out the audit on site

12.Which of the following statements regarding the security policy of an

organization is FALSE?
A. It is published and communicated to the employees and relevant third parties
B. It includes details regarding the information security definition, the
importance and the covered area
C. It is a documented approved by management
D. It specifies the responsibilities of the information security management
E. It eliminates the managements specifications regarding the security
intents

13.Which of the following elements must be included in the employees manual?

A. Rules about the work out of program
B. Employment out of the organization
C. Urgent procedures
D. Disciplinary actions

14.Specify which of the following features define the concept of informatics audit,
according to ISO 19011:2003
A. Systematic review
B. Documented review
C. Independent review
D. It is made by persons with specialized skills
 E. It aims the all assumed requirements without to be mandatorily implemented

15.In ISACA manual for CISA certification, the hardware acquisition is include in the
chapter:
A. Disaster recovery and business process continuity
B. Development, acquisition, implementation and maintenance of the software
systems for business process
C. Informational asset protection
D. The audit process of the information system
E. Technical infrastructure and operational practices