CPE Quiz #
115
Based on Information Systems Control Journal Volume 4, 2007
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Swaroop Article1. IT project managers now are responsible not only for managing projects from concept to launch, but also for harnessing technology and delivering strategic value.
2. Ranking projects based on traditional financial metrics, such as payback method, internal rate of return and net present value, focuses on financial values, implying a certain amount of precision that matches the existing reality.
3. Business value as a criterion for evaluating and ranking IT projects accounts for future business growth opportunities that are hard to quantify with a financial figure.
4. Communicating requirements from business users to IT, or communicating intentions from IT to business stakeholders, is a source of frustration, and managing these expectations is part of a project manager's job.
Melançon5. Traditional perimeter protection and access control are as effective at blocking attacks from inside organizations as they are at blocking external hackers.
6. The most significant of the foundational controls are not rooted in access control, but in monitoring and managing change.
7. The Pareto Principle states that, for many phenomena, 80 percent of the causes stem from 20 percent of the consequences.
8. Research confirms the direct relationship between higher usage of foundation controls and high performance (and lower usage of foundation controls and low performance), except for controls related to access and resolution.
Ying Shi Article9. Granting database administrator access to business owners is a blatant violation of segregation of duties.
10. Best practices of monitoring focus on the activities of shared system accounts, logon/logoff activities of administrators, database schema structure changes, and Data Manipulation Language (e.g., update, insert, delete) activities against the critical tables.
11. Triggers will not record logon activities of specified users and their attempts to make changes to database objects in an audit trail.
Oliver Article12. In practice, policies are generally effective in acting as a deterrent control by highlighting penalties that may be applied to staff members breaking the code of practice by using any form of USB device to download sensitive data.
13. The best approach of securing USB drives is to automatically encrypt information as it is moved to a USB drive and also protect the data by passwords.
14. The best way to implement a complete ban on mobile data devices is by ensuring that every machine�s operating system is configured to remove the function of allocating drive letters, thus not recognizing any additional drive.
Woda Article15. The Payment Card Industry (PCI) Data Security Standard (DSS) is a mandatory compliance standard for all acquiring organizations; e-commerce sites; retailers; and any organization that collects, processes or stores credit card information.
16. Companies that issue credit cards and authorize transactions, such as banks and large retailers, are not acquiring credit card transactions; therefore, they are required to demonstrate compliance with the PCI DSS.
17. The responsibility of ensuring that the scanning of web sites, servers and firewall devices is completed properly and completely lies with management, not the scanning vendor.
Talpade and Singh Article18. The network devices have to be provided with specific instructions or scripts that indicate exactly how they are to interact with each other for providing the correct end-to-end IP network service.
19. IP network assessments can be adequately performed by using invasive scanning solutions, such as ping, traceroute and their commercial variants.
20. Assessment through configuration management tools is insufficient as they tend to assess the configuration of an individual device in isolation from other devices.
|