Based on Volume 4, 2010
Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Hoesing Article
Bell Article
Reed, Wang and Dutta Article
Ee Article
Farahmand Article
CPE Quiz #133
Based on ISACA Journal Volume 4, 2010
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT/CRISC Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Hoesing Article1. The VMware ESX 3.5 virtualization host can provide details of the current configuration by issuing the config-info command.
2. Kismet is a commercial software tool used to assess Payment Card Industry Data Security Standard compliance for wireless access points.
3. Analyzing a single file may not produce useful audit information; often, additional data in secondary files are needed to fully understand the original file.
Bell Article4. Statement on Auditing Standards No. 70 is a defined standard developed by the American National Standards Institute as a set of criteria a service or user organization’s auditor should use while assessing the outsourced internal controls of a service organization.
5. A Type I service auditor’s report is a thorough report of a Statement on Auditing Standards No. 70 audit because it contains a description of the controls in place following a minimum testing period (generally six months or longer). A Type II report examines controls over only one or two days, which arguably has limited value to a user organization.
6. Triple Constraint consists of scope (project size, goals, requirements), cost (people, equipment, material) and schedule (task durations, dependencies, critical path), with quality a requirement for all three constraints.
Reed, Wang and Dutta Article7. A number of studies show that much of the data warehouse information available to business users is not accurate, complete or timely.
8. Causes of information errors within data warehouses include changes in the source system and process failures.
9. Control X2—validation that the extraction, transformation and loading (ETL) process is accurate and complete—involves monitoring transactions and processes, e.g., source to ETL, and data warehouse to data mart.
Ee Article10. In September 2009, the Public Company Accounting Oversight Board found, from a review of more than 250 audits, that areas for improvement include risk assessment, consideration of fraud, entity-level controls and deficiency evaluation.
11. Four key risk factors for fraud are inherent susceptibility, keys to the kingdom, process maturity and organizational maturity.
12. According to the article, there was a real-life situation in which a systems administrator planted a logic bomb that cost the company more than US $4 million in remediation efforts.
13. One example of an SDLC-related risk is the introduction of trapdoors in new or modified code from a lack of code review.
Farahmand Article14. The American Institute of Certified Public Accountants defines cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources.”
15. Use of the cloud is contingent on accessing the Internet and the cloud servers.
16. Individuals are less likely to perceive information collection procedures as privacy-invasive if information is collected in the context of an existing relationship and they believe the information will be used to draw reliable and valid inferences about them.
17. Merrill Lynch estimates that within the next five years, the annual global market for cloud computing will surge to US $9 million.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|