CPE Quiz #
Based on Information Systems Control Journal Volume 4, 2005
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Van Grembergen, De Haes and Moons Article1. In today's environment, it is possible for business executives in most sectors or industries to delegate or avoid IT decisions.
2. The research results highlight one of the key characteristics of the financial sector as highly regulated by national and international laws and standards.
3. One of the key value drivers in the financial sector on account of IT deployment is the increasing emphasis on product orientation instead of customer orientation.
4. Research found that more than 50 percent of the IT goals are specific to the sector (i.e., they are not equally important for all sectors).
5. Defining the link among business goals, IT goals and IT processes was a difficult exercise for the interviewees, and many of the mentioned business and IT goals were generic.
Kennedy Article6. The information sent by users via browsers through web sites in HTML messages to web applications housed on web servers can be used illegitimately in unauthorized ways to compromise security vulnerabilities.
7. One of the measures to mitigate the risks of web application weakness resulting from failure to provide strong authentication is to implement authorization (access control).
8. One of the controls to mitigate the risks of denial-of-service attacks is to prevent application overload by performing content filtering with the firewall.
9. The responsibility for the security of web applications is primarily that of the web developer and security personnel, as the related security issues are technology-oriented.
Serepca and Moody Article10. The purpose of an RFID system is to enable data to be transmitted via a portable device called a tag, which is read by an RFID reader and processed according to the needs of a particular application.
11. RFID requires line-of-sight reading, and RFID scanning can be done at a short distance only.
12. RFID readers installed in stores can facilitate remote audit or inventory stock and movement.
Pang Article13. Identity management does not require traditional controls of authentication, authorization/access controls and user management.
14. One of the best practices of identity management is that the strength of the authentication method should be uniformly applied regardless of the value of the data being safeguarded.
Hoesing and Raval Article15. One of the recurring topics in the test scope of operating systems audit includes the applications to verify whether only the necessary and approved applications are installed and running on the system.
16. A key requirement of a testing tool for an OS is that it should be designed to analyze multiple machines at a time to optimize time and costs.
Hettigei Article17. The auditor's primary objective of auditing IT development projects is not only to review the safeguards of capital investments and proactively recommend internal controls but, in the context of high-risk projects, also to pay special attention to the monitoring controls.
18. Audit deliverables in IT audit project management do not include formal audit reports to be provided on a periodic or as-needed basis, as IT audit project management is focused more on advising and monitoring IT projects.
Muthukrishnan Article19. BCP is the act of proactively strategizing a method to prevent, if possible, and manage the consequences of a disaster, thus limiting the consequences to the extent that a business can absorb the impact.
20. The key distinction between a BCP and a DRP is that a BCP refers to the process of rebuilding the operations or infrastructure after the disaster has passed, whereas a DRP includes the activities required to keep running during a period of displacement or interruption of normal operations.
21. The audit approach must consider the critical areas, such as prioritization of business processes and results of risk assessment, to provide reasonable assurance that the BCP is effectively implemented as intended.
Your results will appear in a new window.
If the quiz is not displayed above, you either do not have a browser which