ISACA: Serving IT Governance Professionals

English
Chinese (Simplified)
Chinese (Traditional)
Deutsch
Espanol
Francais
Hebrew
Italiano
Japanese
Korean
Nederlands
Polski
Portuguese

Advanced Search

ABOUT
Membership
CERTIFICATION
Education
COBIT
Knowledge Center
Journal
Bookstore

What We Offer & Whom We Serve

@ISACA Newsletter

Licensing and Promotion

Volunteering

IT Governance
Institute

	Professional Membership
	Student Membership
	Academic Membership

	Local Chapter Information
	Join Today
	Professional Growth Global Community Advance Your Career


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

Why Certify

How to Earn CPE

Maintain Your Certification

Write an Exam Question

US DoD Information

Exam Registration

CONFERENCES

ONLINE LEARNING

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM

Call for Papers

Browse All Events

Exhibitors and Sponsors


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

Browse Knowledge Center topics

Where networking and knowledge intersect.

	BMIS (Information Security)
	COBIT 5 \| COBIT 4.1
	ITAF (IT Assurance\Audit)
	Research (Deliverables\Projects)
	Risk IT (IT Risk Management)
	Standards (Assurance\Audit\Control)
	Val IT (Value Delivery)

Featured Resources

Career Centre

Legislative Reporting

Current Issue

Past Issues

Author Blog

CPE Quizzes

Submit an Article

COBIT Process Assessment Model (PAM): Using COBIT 5

A New Auditor's Guide to Planning, Performing and Presenting IT Audits

A New Auditor's Guide to Planning, Performing and Presenting IT Audits

Top Sellers

Security, Audit and Control Features SAP ERP, 3rd Edition

English: CISA Practice Question Database v12 (CD-ROM)

IT Project Management:30 Steps to Success

IT Governance: Policies & Procedures, 2012 Edition

The Operational Risk Handbook for Financial Companies

ISACA
My ISACA

Join ISACA
Feedback
Shopping Cart

Sign In

ISACA > Journal > Past Issues > 2003 > Volume 4 > Quiz 89

Quiz 89

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.

Ataya Article
Finne Article
Schreider Article
Zawada and Schwartz Article
Doughty Article
Brancik Article

CPE Quiz # 89

Based on Information Systems Control Journal Volume 2, 2003

A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit

Your results will appear in a new window.

Enter your name below so it displays on the quiz results page:

Name:

Ataya Article

1. According to the author, Gartner recommends that organizations evaluate IT infrastructure projects solely on derived internal rates of return (RRT) or other return on investment (ROI) measures.
TrueFalse2. As a whole, the IT profession does a very good job of identifying the value of IT spending, such that business managers clearly understand their IT cost allocations and the value of IT investments.
TrueFalse

Finne Article

3. Positive aspects of research and development (R&D) collaboration include flexibility, speed and reliability. Negative aspects include the loss of control, potential communication issues and difficulties in project management.
TrueFalse4. In a typical R&D collaboration, there are fewer than 100 risks that need to be managed-most relate to the finance, legal and sourcing phases of collaboration.
TrueFalse5. Activities that may reduce risks in R&D collaboration include clearly defining collaboration requirements in a memorandum of understanding, documenting scope changes in writing and using audit trails.
TrueFalse

Schreider Article

6. Worldwide revenue for risk management software for 2003 is projected at US $350 million. Some leading vendors include Insight Consulting, RiskWatch, CSCI and Norman Security Solutions.
TrueFalse7. These products adhere to one or more industry-accepted risk standard, such as HIPAA, BS7799 and ISO. Each product has a customized and proprietary way to calculate annual loss expectancy, an important feature that is recommended by the author.
TrueFalse8. These risk management products are differentiated primarily by their reporting modules, in that there are a variety of canned and tailored charts and reports that each program features.
TrueFalse

Zawada and Schwartz Article

9. Control frameworks and regulatory standards with guidelines for business continuity management (BCM) include HIPAA, COBIT, NIST and FERC.
TrueFalse10. An important step in a BCM program is the identification of individuals with the formal authority to declare a disaster. These individuals are responsible for implementing the contingency strategies identified in a BCM plan.
TrueFalse

Doughty Article

11. The article describes a case study of an organization that implemented an enterprise security framework across a large geographic area. The first action taken was the appointment of a dedicated resource for data security.
TrueFalse12. Challenges in the security environment within the organization profiles in the case study include no approved security policies, no awareness program, no e-mail or URL filtering, and no IDS system.
TrueFalse13. A project task in the enterprise security implementation was an IT asset inventory. Management was somewhat surprised to find that 47 percent fewer PCs were physically at the organization than their asset records suggested. The author believes that asset theft by contractors was the cause of the shortfall.
TrueFalse

Brancik Article

14. The computer forensics and cybersecurity governance model described in the article combines a mix of prevention and detective controls to implement improved processes.
TrueFalse15. US federal legislation that directly impacts computer forensics includes: the USA Patriot Act, Computer Security and Privacy Act of 1987, and the Gramm-Bliley's Homeland Security Advisory Program.
TrueFalse16. A padded cell is a type of preventive control that often is used by computer incident response teams. These controls involve using dedicated hosts that bait intruders with what is presumed to be attractive data and information.
TrueFalse

Your results will appear in a new window.

Please note: This quiz requires a JavaScript-enabled browser. If the quiz is not displayed above, you either do not have a browser which supports JavaScript or JavaScript support has been disabled.

© 2013 ISACA. All Rights Reserved

Site Map
Contact Us
Press Room
Terms of Use
ISACA PRIVACY POLICY – YOUR PRIVACY RIGHTS
IP Guidelines