ISACA: Serving IT Governance Professionals

English
Chinese (Simplified)
Chinese (Traditional)
Deutsch
Espanol
Francais
Hebrew
Italiano
Japanese
Korean
Nederlands
Polski
Portuguese

Advanced Search

ABOUT
Membership
CERTIFICATION
Education
COBIT
Knowledge Center
Journal
Bookstore

What We Offer & Whom We Serve

@ISACA Newsletter

Licensing and Promotion

Volunteering

IT Governance
Institute

	Professional Membership
	Student Membership
	Academic Membership

	Local Chapter Information
	Join Today
	Professional Growth Global Community Advance Your Career


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

Why Certify

How to Earn CPE

Maintain Your Certification

Write an Exam Question

US DoD Information

Exam Registration

CONFERENCES

ONLINE LEARNING

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM

Call for Papers

Browse All Events

Exhibitors and Sponsors


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

Browse Knowledge Center topics

Where networking and knowledge intersect.

	BMIS (Information Security)
	COBIT 5 \| COBIT 4.1
	ITAF (IT Assurance\Audit)
	Research (Deliverables\Projects)
	Risk IT (IT Risk Management)
	Standards (Assurance\Audit\Control)
	Val IT (Value Delivery)

Featured Resources

Career Centre

Legislative Reporting

Current Issue

Past Issues

Author Blog

CPE Quizzes

Submit an Article

COBIT Process Assessment Model (PAM): Using COBIT 5

A New Auditor's Guide to Planning, Performing and Presenting IT Audits

A New Auditor's Guide to Planning, Performing and Presenting IT Audits

Top Sellers

Security, Audit and Control Features SAP ERP, 3rd Edition

English: CISA Practice Question Database v12 (CD-ROM)

IT Project Management:30 Steps to Success

IT Governance: Policies & Procedures, 2012 Edition

The Operational Risk Handbook for Financial Companies

ISACA
My ISACA

Join ISACA
Feedback
Shopping Cart

Sign In

ISACA > Journal > Past Issues > 2009 > Volume 1

Quiz 122

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.

Ross Article
Thorp Article
Le Grand and Sarel Article
Rozek Article
Marcella Article
Chandola Article

CPE Quiz # 122

Based on Information Systems Control Journal Volume 5, 2008

A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit

Your results will appear in a new window.

Enter your name below so it displays on the quiz results page:

Name:

Ross Article

1. Identity management and automated compliance are two obvious examples of where human intervention can be minimized.
TrueFalse2. Risk management is a frequently explored reason to explain the unreliability of information security.
TrueFalse3. “Probability” describes whether an event will occur at all, whereas “likelihood” refers to the number of instances of a certain event over a period of time.
TrueFalse4. A source of a problem related to risk management is time lag. The underlying asset may change but the protective mechanisms do not keep up.
TrueFalse

Thorp Article

5. The Val IT Framework 2.0 aligns more closely with COBIT and extends the Val IT framework beyond new investments to encompass all IT expenditures including ongoing IT services, assets and other resources.
TrueFalse6. Among the updates and enhancements to the Val IT framework are the opportunity for IT to influence, not simply support, business strategy as well as the linkage of expected investment benefits to business targets, forecasts and budgets to reinforce accountability and facilitate monitoring.
TrueFalse7. The Val IT Framework 2.0 excludes guidance for executives interested in establishing a more effective approach to value management, but work is underway.
TrueFalse

Le Grand and Sarel Article

8. The 2007 Computer Crime and Security Survey, by the Computer Security Institute, identifies respondents who actually detected attacks and abuses of net access at 25 percent, unauthorized access to information at 17 percent, and theft of customer or employee data at 59 percent.
TrueFalse9. There are known fundamental weaknesses in perimeter controls—the bad guys are frequently a step ahead of the protection and the insider threat is now recognized to be at least as serious as the threat of attack from outside the organization.
TrueFalse10. The centralized data access controls via the agent and monitoring system provide a focal point for knowing exactly who accessed what data, and they are also not subject to the limitations of identity access management or applications because the policy can be specified right in the agent itself.
TrueFalse11. It is common to implement controls specifically to compensate for known system vulnerabilities and their related exploits.
TrueFalse12. Compliance is best accomplished by meeting requirements and ensuring that the ways in which requirements are met actually provide effective security and accountability. The goal is to provide security first, and compliance as required.
TrueFalse

Rozek Article

13. The work required to meet the requirements of the Sarbanes-Oxley Act is no longer being regarded as a compliance process, but instead as an opportunity to establish a strong governance model designed to ensure accountability and responsiveness.
TrueFalse14. While testing the operational effectiveness of controls, IT management will first determine and document which controls will be tested. There is no quantitative formula or prescriptive checklist to follow.
TrueFalse15. Multiple areas of IT that do not directly affect financial data integrity are not required to be reviewed in the IT Sarbanes-Oxley program.
TrueFalse

Marcella Article

16. Two important concepts related to electronically stored information (ESI) are hold management (the ability to respond to a legal action) and spoliation (the willful destruction of evidence that is germane to the case in litigation).
TrueFalse17. ESI audit considerations include the development of repeatable processes that have the flexibility to accommodate a variety of discovery and regulatory processes.
TrueFalse18. Because the US court system's Federal Rules of Civil Procedure (FRCP) is US-centric in its applications, they are not global in their implication and application.
TrueFalse

Chandola Article

19. The high cost of noncompliance has enabled the shift in the question of compliance from “if” to “when” for executives who were traditionally focused on tangible return on security investments.
TrueFalse20. One of the compliance project challenges presented in this article pertains to “pockets of internal resistance to compliance.” This can be resolved with buy-in from the process execution owners coordinated through the steering committee.
TrueFalse21. The security compliance and remediation project landscape has matured to the extent that mapping and aligning the business processes and culture with the planned remediation changes is no longer a challenge.
TrueFalse

Your results will appear in a new window.

Please note: This quiz requires a JavaScript-enabled browser. If the quiz is not displayed above, you either do not have a browser which supports JavaScript or JavaScript support has been disabled.

© 2013 ISACA. All Rights Reserved

Site Map
Contact Us
Press Room
Terms of Use
ISACA PRIVACY POLICY – YOUR PRIVACY RIGHTS
IP Guidelines