Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Sarup Article
Bindseil Article
Andrew Article
Sparks Article
Schreider Article
Ahuja Article
Piper Article
CPE Quiz #
93
Based on Information Systems Control Journal Volume 6, 2003
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Sarup Article1. The author identifies several common causes of project failure. These include lack of a well-defined project scope, unrealistic business objectives and lack of internal audit oversight.
2. Factors that cause decision makers to get locked into losing courses of action on large projects include perception that project setbacks are temporary or transient, reluctance for managers to accept failure as an acceptable outcome and administrative inertia.
3. Methods that can help ensure commitment to a project does not escalate beyond a reasonable point include establishing an early warning system, focusing on the quality of the outcome instead of the quality of the decision and establishing independent reviews of the project.
Bindseil Article4. Benefits of wireless LANs (WLANs) include easier reconfiguration than wired networks, untethered network access for users and improved security relative to wired systems.
5. WLANs are susceptible to man in the middle attacks when a hacker exploits a network with a series of challenges and responses between the client and an access point. By noting the plaintext challenge and encrypted text response, an attacker reproduces an encryption/decryption key.
6. Providing VPN service can improve wireless security because VPNs use stronger encryption than non-VPN connections, making it more difficult for hackers to decrypt data.
Andrew Article7. More than three-quarters of successful cyberattacks against Linux and UNIX servers were successful in May 2003, in part because of an accidental leak from CERT to the general public.
8. Sendmail is a UNIX/Linux utility program that is frequently attacked because of weaknesses in older versions of the program.
9. UNIX/Linux systems are typically much easier to keep patched than Microsoft systems, since fewer patches are usually needed and a more integrated, less modular operating system design is featured with UNIX/Linux.
Sparks Article10. The rating system described by the author would assign an overall rating of red to a site if there were an incomplete software inventory and poor software purchase record-keeping, because software licensing was so important to that enterprise.
11. Implementation of the rating system included a pilot period, where ratings were assigned and discussed with auditees but not actually recorded in written audit reports. In addition to the pilot, a joint memo from the IT audit director and CIO helped with implementation of the system.
12. Preaudit preparation included sharing the details of the rating system and the audit programs that would be used in conducting the audit to eliminate surprises.
13. To keep the rating criteria timely and up-to-date, the program required an annual review of the rating matrix. Any changes in rating criteria were made with the company's annual audit cycle.
Schreider Article14. Recent privacy-based laws in the US include Gramm-Leach-Bliley and HIPAA, which primarily affect financial institutions and healthcare organizations, respectively.
15. Heightened requirements for customer privacy are also resulting in increased employer activity to protect employee privacy.
16. Recommended best privacy practices by the author include assigning responsibility for a privacy officer, writing clear, crisp and unambiguous privacy policies, and designing an architecture that supports enforcement of these privacy policies.
Ahuja Article17. Core components of identity management are an enterprise user directory, authentication, access control and user management technologies. User management technologies are systems that enable management of privileges for a large number of users across an enterprise.
18. Identity management implementations should seek to secure networks, operating systems, databases, web services and applications.
Piper Article19. Attackers wishing to impersonate other users' digital identities in a public key system can attempt to obtain their private key or substitute the attackers' own public keys for those of the genuine users.
20. Processes to revoke certificates are not needed in a public key infrastructure system because users can easily bring their digital identity from one organization to another should they change employers or affinity groups.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|