Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Rosenberg Article
Busta, Portz, Strong and Lewis Article
Olatilu Article
Pareek Article
Poon, Chen, Tang, Tse and Yu Article
CPE Quiz #
111
Based on Information Systems Control Journal Volume 6, 2006
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Rosenberg Article (JOnline)1. Dial-up modems can no longer be found in critical infrastructures such as electrical grids and other public utilities.
2. The ISO 17799 standard is a comprehensive set of controls comprising best practices in information security.
3. Computer auditors can use exactly the same tools used by computer attackers, as they only need to identify exploitable vulnerabilities.
4. Network ports have become attackers’ entry of choice, but companies should still periodically conduct a vulnerability scan with a war dialer.
Busta, Portz, Strong and Lewis Article5. For small businesses, controlling information security is fairly straightforward task, and the only risk they face is that of financial loss.
6. A Delphi survey uses no more than three experts. Its results are purely indicative and should not be considered as any kind of consensus on the subject of the survey.
7. According to one Delphi survey, the three most important IT controls for a small business are updated firewalls and secure wireless connections, up-to-date virus and spyware protection, and regular and tested backup procedures.
Olatilu Article8. These days, it is virtually impossible to conduct any type of transaction without collecting and storing personal information.
9. Data backed up to tapes pose a very minor risk, as these tapes are usually taken offsite for safe storage.
10. Dumpster diving involves a criminal going through a dumpster, which is against the law wherever it occurs.
11. Storage media that are no longer needed must be properly disposed; in many instances, physically destroying a CD or degaussing a hard drive is sufficient.
Pareek Article12. Risk and reward are positively correlated the higher the risk accepted by a business, the higher the business’s expectations of return.
13. Members of management need not demand a higher return for higher risks taken as long as they are able to identify and assess the risks assumed.
14. According to Basel II, risk includes market risk, credit risk, operational risk and exogenous risk.
15. Once an organization knows its risks, its response may include acceptance, reduction, avoidance and transfer.
Poon, Chen, Tang, Tse and Yu Article16. In recent years, researchers have proposed applying testing techniques at the end of the SDLC.
17. Michael E. Fagan of IBM made formal inspection an integral part of the development process.
18. Well-written software inspection checklists are widely available. These help reviewers focus on the more important aspects of a specification.
19. Typically, testing consists of a series of tasks:- Defining testing objectives
- Designing and generating test cases
- Executing the software with the generated test cases
- Analyzing the result by comparing the actual and the expected outputs
20. The black box approach generates test cases according to the information derived from the source code of the software being tested.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|