CPE Quiz #
118
Based on Information Systems Control Journal Volume 1, 2008
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Milligan and Hutcheson Article1. Up to 4 gigabytes of data (equating to approximately 20,000 boxes of paper) can be stored in a device as small as a pen.
2. The most common risks of using mobile devices include viruses, worms, theft, fraud and spam.
3. To counter the threat of sensitive data theft when using personal information management applications, firewalls should be used to minimize access.
4. Blackjacking allows for hacking into an enterprise system using a BlackBerry.
5. Failure to protect corporate data may thrust businesses into violation of governmental regulations such as Personal Information Protection and Electronic Documents Act.
6. The key elements necessary for mobile device security are different from those used for the last 20 years.
Johnstone and Chung Article7. According to a study, the median financial loss due to occupational fraud association, with 1,134 cases between January 2004 and January 2006, was US $159,000.
8. The Statement on Auditing Standards (SAS) No. 98 from the American Institute of Certified Public Accountants emphasizes auditors exercising their professional skepticism to identify risks that may result in a material misstatement due to fraud.
9. Typically, occupational frauds fall into one of three major categories, including corruption, in which a person uses his/her influence in a business transaction to obtain an unauthorized benefit.
Farao Article10. Hypertext Transfer Protocol (HTTP) is one of the services used to manage and configure printer devices. Transmission Control Protocol (TCP) services are used for printing and managing print jobs.
11. As strict password policies are often applied to printers and their user IDs, passwords are very difficult to obtain as they are never printed in printer manuals.
12. The JetDirect port allows anyone who can connect to it to gather information about the printer configuration or download documents.
Unwala and Dharmadhikari Article13. A fragmented monitoring approach exposes organizations to newer business risks and control issues.
14. An ideal real-time command center needs to log only critical security-related events.
15. In the authors' opinion, the least preferable implementation option is to allow a vendor to implement a solution that provides a product and a service.
Brennan Article16. Although the concept of continuous auditing has been around since the late 1980s, the urgency of Sarbanes-Oxley has helped to make it a reality.
17. Because of mixed results, Siemens has put on hold plans to expand the use of audit automation tools to other business processes.
18. One of the benefits companies can expect from continuous auditing is that they can reduce the number of key controls they need to maintain, monitor and audit.
Micallef Article19. If a chief risk officer is appointed, he/she should not be held accountable to the board for his/her actions.
20. The underlying premise of enterprise risk management, as defined in the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, is that every entity exists to provide value for its stakeholders.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|