ISACA: Serving IT Governance Professionals

English
Chinese (Simplified)
Chinese (Traditional)
Deutsch
Espanol
Francais
Hebrew
Italiano
Japanese
Korean
Nederlands
Polski
Portuguese

Advanced Search

ABOUT
Membership
CERTIFICATION
Education
COBIT
Knowledge Center
Journal
Bookstore

What We Offer & Who We Serve

@ISACA Newsletter

Licensing and Promotion

Volunteering

IT Governance
Institute

	Professional Membership
	Student Membership
	Academic Membership

	Local Chapter Information
	Join Today
	Professional Growth Global Community Advance Your Career


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

Why Certify

How to Earn CPE

Maintain Your Certification

Write an Exam Question

US DoD Information

Exam Registration

Online Learning

Upcoming Events

Conferences

COBIT Education

On-Site Training

Exam Review Courses

Sponsor & Exhibit Opportunities

Call for Papers


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

Browse Knowledge Center topics

Where networking and knowledge intersect.

	BMIS (Information Security)
	COBIT 5 \| COBIT 4.1
	ITAF (IT Assurance\Audit)
	Research (Deliverables\Projects)
	Risk IT (IT Risk Management)
	Standards (Assurance\Audit\Control)
	Val IT (Value Delivery)

Featured Resources

Career Centre

Legislative Reporting

Current Issue

Past Issues

Author Blog

CPE Quizzes

Submit an Article

COBIT 5

COBIT 5: Enabling Processes

COBIT 5: Enabling Processes

Top Sellers

Accounting Information Systems, 9th Edition

CISA Review Manual 2012

CRISC Review Manual 2012

CISM Practice Question Database v12

Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition

Implementing Service Quality Based on ISO/IEC 20000

ISACA
My ISACA

Join ISACA
Feedback
Shopping Cart

Sign In

ISACA > Journal > Past Issues > 2011 > Volume 1 > Quiz 134

Quiz 134

Journal
- Current Issue
- JOnline
- Past Issues
  - 2012
  - 2011
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Based on Volume 5, 2010

Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.

Singleton Article
Schperberg Article
Mehta Article
Ramanathan Article
Jegousse Article
Kapur Article

CPE Quiz #134

Based on ISACA Journal Volume 5, 2010

A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT/CRISC Continuing Professional Education (CPE) Credit

Your results will appear in a new window.

Enter your name below so it displays on the quiz results page:

Name:

Singleton Article

1. Statistics from the Computer Emergency Readiness Team (CERT) and industry security analysts show that about 75 percent of all malicious activities come from external sources.
TrueFalse2. On average, more than 75 percent of corporate IT security budgets are directed toward protecting against outsiders.
TrueFalse

Schperberg Article

3. In the economic downsizing that organizations are faced with today, insider threat ranks highest and is of the highest concern for the corporate IT and corporate investigation divisions.
TrueFalse4. Phishing is the targeting of executives by convincing them to click on a link that will download malware or Trojans on their computers. Spear phishing is the impersonation of the organization through e-mail or other electronic means in an attempt to obtain confidential information.
TrueFalse

Mehta Article

5. For a risk assessment exercise to be successful, it is extremely important to identify whether the focus of risk assessment is confidentiality, integrity and/or availability, and then to define the risk criteria/parameters.
TrueFalse6. Critical parameters that could impact the integrity of a financial application include the number of users accessing the application, the number of administrators, direct access to the underlying database and integrated/independent authentication.
TrueFalse7. Once an organization has identified the high-risk and low-risk applications and the controls are established and tested for appropriateness, there is no need for the internal audit department to analyze the trend for failures and effective controls to evaluate whether more controls should be implemented for certain applications or whether some controls can be eliminated for others.
TrueFalse

Ramanathan Article

8. An incident-based approach assumes that if there is a problem in the system, it would be visible in some of its effects.
TrueFalse9. In an asset-based approach, risk is looked upon as a threat to an asset, and the remedial measures are incorporated in the business processes of the organization.
TrueFalse10. A process-based approach puts fewer responsibilities on governance, risk and compliance (GRC) auditors.
TrueFalse11. The four-step, process-based approach to GRC starts with identifying the products/services delivered by an organization and ends with mapping the controls to each risk identified.
TrueFalse

Jegousse Article

12. The author proposed a risk-based approach to IT systems based on classes of risk (referred to as risk factors). The value of the risk factors relates to a situation that has a combined probability and impact value, which can be expressed as a monetary value or in a qualitative manner.
TrueFalse13. When designing a risk-based approach, it is important not to underestimate the effort required in performing an accurate inventory of automated systems’ functions or situations that are linked to high-risk factors. This inventory is the backbone of the risk-based procedure, and its accuracy and simplicity will enable an effective process.
TrueFalse

Kapur Article

14. When mapping a corporate balanced scorecard (BSC) to an IT BSC, vision and strategy are aligned with the future orientation of IT, while the financial perspective is mapped to business alignment.
TrueFalse15. In carrying out a risk assessment, take into account the probability of occurrence, business impact (of the occurrence of vulnerability) and prioritization—with a single focus on information security and compliance issues.
TrueFalse16. The critical success factors (CSFs) for technology risk management through the use of BSC include, among others, the identification of the drivers of the change and their respective responsibilities and establishing a road map for change along with milestones.TrueFalse

Your results will appear in a new window.

Please note: This quiz requires a JavaScript-enabled browser. If the quiz is not displayed above, you either do not have a browser which supports JavaScript or JavaScript support has been disabled.

© 2012 ISACA. All Rights Reserved

Site Map
Contact Us
Press Room
Terms of Use
ISACA PRIVACY POLICY – YOUR PRIVACY RIGHTS
IP Guidelines