CPE Quiz #
113
Based on Information Systems Control Journal Volume 2, 2007
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Moeller Article1. The Sarbanes-Oxley assessment of internal controls—including controls over traditional hard and digital soft assets—is known as a section 404 review.
2. Section 302 of Sarbanes-Oxley requires key management to disclose whether there were any significant changes in the enterprise's internal controls.
3. Preventing and detecting the loss of private information become much easier as information is stored in digital format.
Tharp Article4. A malicious user can use a USB drive to install a key catcher program, a password gathering program, a vulnerability scanner program or a virus.
5. There is little point in developing a "removable media" policy covering USB drives.
6. Organizations may be tempted to disable all USB ports, but often this is not practical.
7. The Windows Vista Operating System will allow administrators to prevent users from installing devices that are on a "prohibited" list.
Pironti Article8. When designed and implemented properly, key performance indicators (KPIs) provide business-aligned, useful measures related to business processes, personnel, technology and organizational effectiveness.
9. When evaluating a firewall, the scope can be defined in terms of uptime, performance or protection.
10. A trend analysis graph of information security incidents can never be as effective for senior management as a detailed report.
11.Availability and user experience KPIs are rarely used by business process owners to assist them in their activities.
Handrawirawan, Tanriverdi, Zetterlund, Hakam, Kim, Paik and Yoon Article12. Enterprise resource planning (ERP) systems pay little attention to security implications, as their main purpose is to solve business problems within time and budget.
13. While integration through ERP provides better quality and availability of financial information, it also increases the risk of fraud and misappropriations.
14. A recent trend in IS audit and control is that there has been a decline in new product offerings to implement and monitor segregation of duties within ERP systems.
15. Most of the security tools available in ERP packages provide efficient and effective audit of ERP security.
Handscombe Article16. Continuous monitoring requires the collection of audit evidence on a continuous basis.
17. One of the biggest benefits of continuous auditing is that control effectiveness does not slip between auditor visits.
18. One of the benefits of continuous auditing is that auditors require less contact with their clients.
19. Continuous auditing means that the environment does not need to be as well controlled, and a high number of exceptions is acceptable.
20. The criteria for choosing a technology tool include it being unobtrusive and platform-independent.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|