ISACA: Serving IT Governance Professionals

English
Chinese (Simplified)
Chinese (Traditional)
Deutsch
Espanol
Francais
Hebrew
Italiano
Japanese
Korean
Nederlands
Polski
Portuguese

Advanced Search

ABOUT
Membership
CERTIFICATION
Education
COBIT
Knowledge Center
Journal
Bookstore

What We Offer & Who We Serve

@ISACA Newsletter

Licensing and Promotion

Volunteering

IT Governance
Institute

	Professional Membership
	Student Membership
	Academic Membership

	Local Chapter Information
	Join Today
	Professional Growth Global Community Advance Your Career


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

Why Certify

How to Earn CPE

Maintain Your Certification

Write an Exam Question

US DoD Information

Exam Registration

Online Learning

Upcoming Events

Conferences

COBIT Education

On-Site Training

Exam Review Courses

Sponsor & Exhibit Opportunities

Call for Papers


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

Browse Knowledge Center topics

Where networking and knowledge intersect.

	BMIS (Information Security)
	COBIT 5 \| COBIT 4.1
	ITAF (IT Assurance\Audit)
	Research (Deliverables\Projects)
	Risk IT (IT Risk Management)
	Standards (Assurance\Audit\Control)
	Val IT (Value Delivery)

Featured Resources

Career Centre

Legislative Reporting

Current Issue

Past Issues

Author Blog

CPE Quizzes

Submit an Article

COBIT 5

COBIT 5: Enabling Processes

COBIT 5: Enabling Processes

Top Sellers

Accounting Information Systems, 9th Edition

CISA Review Manual 2012

CRISC Review Manual 2012

CISM Practice Question Database v12

Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition

Implementing Service Quality Based on ISO/IEC 20000

ISACA
My ISACA

Join ISACA
Feedback
Shopping Cart

Sign In

ISACA > Journal > Past Issues > 2007 > Volume 5

Quiz 114

Journal
- Current Issue
- JOnline
- Past Issues
  - 2012
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.

Chatterji Article
Thorp Article
Cobb, Guan and Levitan Article
Dimitriadis Article
Pareek Article
Anand Article

CPE Quiz # 114

Based on Information Systems Control Journal Volume 3, 2007

A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit

Your results will appear in a new window.

Enter your name below so it displays on the quiz results page:

Name:

Chatterji Article

1.For enterprise architecture practitioners, chief information officers and IT heads, one of the most difficult challenges is to obtain an understanding of the "stream of logic" that links the business drivers and business strategic requirements directly to an IT investment portfolio designed to support those strategies and respond to those threats and opportunities.
TrueFalse2. Enterprise architecture is the fundamental planning and enabling discipline that enforces business-IT alignment and ensures that value is derived from the better-designed and cost-efficient solutions.
TrueFalse

Thorp Article

3. One of the cornerstones of the Val IT approach is broadening horizons from stand-alone IT project management to business program management, managing programs of business change where technology initiatives contribute to business results in concert with other elements of the overall business systems.
TrueFalse4. When building a Results Chain for a program, every initiative must be followed by an outcome, and all outcomes must be described in a way that enables meaningful and objective quantification.
TrueFalse

Cobb, Guan and Levitan Article

5. In an object-oriented (OO) model of an information system, the auditor must be able to interpret the inheritance hierarchy represented in the class diagram documentation to understand what operations and attributes, in addition to those defined within a class, may pertain to that class.
TrueFalse6. Two risks of the OO model identified by the authors are a new paradigm that IS designers and auditors may not be familiar with and incorrect application of design tools.
TrueFalse7. Auditors cannot rely on the unique nature of the documentation and message passing in OO systems to assess and monitor IS control within such a system.
TrueFalse

Dimitriadis Article

8. The recent International Organization for Standardization's ISO 21188:2006 standard describes a framework of requirements to enable certificate-based solutions for secure Internet banking applications. ISO 21188:2006 defines security targets as well as procedures that guide and facilitate the risk management process.
TrueFalse9. Attack trees provide a formal methodology for analyzing the security of systems and subsystems. An attack tree has a root node and leaf nodes. The root node represents the final target of the attacker.
TrueFalse10. Both hard-token certificate/SSL-TLS and one-time password/time-based code generators are based on the "proof by knowledge" principle.
TrueFalse

Pareek Article

11.Controls may be expensive to put in place and operate, but they do not create further downstream costs, such as increased audit hours and a decline in process throughput.
TrueFalse12. Quick initial wins can often be scored by leveraging the existing Sarbanes-Oxley process documentation and looking for manual interactions, approvals and reconciliations inherent in the financial reporting process.
TrueFalse13. While cost savings are an important outcome from automating controls, the longer-term benefit is obtained from improved risk management that comes from transparency of processes, visibility of exceptions, access to past events that are logged electronically and ease of implementation of management's governance directions.
TrueFalse

Anand Article

14. This article focuses on demonstrating how complying with one regulation, such as Sarbanes-Oxley, can enable an organization to achieve a significant amount of compliance with other relevant legislation and tangible business and technology benefits that have a payoff beyond compliance.
TrueFalse15. An obvious benefit of leveraging synergies across various regulations is in the area of relationships where benefits of compliance with multiple regulations help improve relationships between the company and its various stakeholders.
TrueFalse16. Although the road map to multiregulation compliance should begin with the end in mind, acquiring compliance software should not be on the map because compliance is seldom about technology.
TrueFalse

Your results will appear in a new window.

Please note: This quiz requires a JavaScript-enabled browser. If the quiz is not displayed above, you either do not have a browser which supports JavaScript or JavaScript support has been disabled.

© 2012 ISACA. All Rights Reserved

Site Map
Contact Us
Press Room
Terms of Use
ISACA PRIVACY POLICY – YOUR PRIVACY RIGHTS
IP Guidelines