cobit - 188 questions

7/18/2019 COBIT - 188 Questions

http://slidepdf.com/reader/full/cobit-188-questions 1/64

QUESTION NO: 1

Which is likely to suffer the most should the enterprise outsource its IT function?

A Str!te"ic !li"nment

# $!lue deli%ery

& 'isk m!n!"ement

( )erform!nce me!surement

Ans*er: A

E+pl!n!tion,'eference:

Outsourcin" !"reements !re unlikely to fully !nticip!te ch!n"es in -usiness str!te"y !s outsource

o-li"!tions !re fi+ed in contr!ctu!l l!n"u!"e

QUESTION NO: .The most import!nt !spect of !ccount!-ility for IT is?

A &ompens!tion pl!n

# )erform!nce me!surement

& &ontrol processes

( IT -!l!nced scorec!rd

Ans*er: &


http:,,***micropollcom,!kir!,mpresult,/01./2.3/045

QUESTION NO: 6

Wh!t *ould typic!lly -e the "re!test IT "o%ern!nce concern?

A 7!n!"ement of soft*!re licenses

# Effecti%e st!ff recruitment8 retention 9 tr!inin" pro"r!m

& #!nd*idth reser%!tion

( Thorou"h !nd cost effecti%e dis!ster reco%ery pl!nnin"

Ans*er: #


St!ff retention is ! persistent reuirement needed to ensure !%!il!-ility of the resources needed to

e+ecute str!te"y !nd deli%ery %!lue ;!ilure to ret!in st!ff *ill ne"!ti%ely imp!ct perform!nce

http://www.micropoll.com/akira/mpresult/671426-206759





QUESTION NO:

Wh!t is the !ppropri!te course of !ction for IT m!n!"ement to undert!ke?

A Implement the !ddition!l systems !nd processes reuired -y the prospect<s st!nd!rds !nd

!rchitecture

# =!lt the st!nd!rdi>!tion effort until A<s !rchitecture !nd st!nd!rds c!n -e m!de compli!nt *ith

the prospect<s !rchitecture !nd st!nd!rds

(el!yin" implement!tion of str!te"y should ne%er -e ! first !ltern!ti%e

& Ad%ise !"!inst !cceptin" the prospect<s -usiness !s its st!nd!rds !re inconsistent *ith those of

&omp!ny A

( &onsult *ith the #o!rd<s IT str!te"y committee re"!rdin" ! ch!n"e in -usiness str!te"y

Ans*er: (


Where there !re su-st!nti!l -!rriers to implementin" str!te"y8 it is ne%er in!ppropri!te to consult*ith the #o!rd

QUESTION NO: 4

In the !-o%e scen!rio8 &omp!ny A<s Sr $) of S!les e+ecuted ! contr!ct *ith the prospect th!t

includes si"nific!nt pen!lties for nonperform!nce

Wh!t is the !ppropri!te !ction for IT m!n!"ement to undert!ke?

A Implement the !ddition!l systems !nd processes reuired -y the prospect<s st!nd!rds !nd!rchitecture

# =!lt the st!nd!rdi>!tion effort until A<s !rchitecture !nd st!nd!rds c!n -e m!de compli!nt *ith

the prospect<s !rchitecture !nd st!nd!rds

& Seek to outsource ser%icin" the incomp!ti-le !spects of the prospect<s -usiness

( Ad%ise for settlement of contr!ct terms !s soon !s possi-le

Ans*er: &


This is undou-tedly the most cost effecti%e *!y of meetin" customer reuirements *ith

minimum ne"!ti%e imp!ct on the IT Str!te"y of system !nd process st!nd!rdi>!tion

QUESTION NO: /

In the !-o%e scen!rio8 do the Sr $)<s !ctions represent ! f!ilure of IT "o%ern!nce?

A No8 o%ern!nce of IT should not constr!in the !cti%ities of the S!les or"!ni>!tion



# @es8 the IT str!te"y *!s incompletely h!rmoni>ed *ith the -usiness str!te"y

& @es8 IT should first re%ie* !ll IT reuirements -efore the S!les or"!ni>!tion m!kes

commitments

( No8 IT must -e !-le to !d!pt to ch!n"in" -usiness reuirements

Ans*er: (


IT f!iled in the e+ecution of str!te"y -y definin" st!nd!rds too n!rro*ly !nd not !nticip!tin"

such customer reuests

QUESTION NO: 0

Who -e!rs prim!ry responsi-ility should the IT st!nd!rdi>!tion initi!ti%e f!il to deli%er the

e+pected efficiencies in the &omp!ny A<s -usiness processes:

A &EO

# &IO

& #usiness )rocess O*ner

( #usiness E+ecuti%e

Ans*er: #

E+pl!n!tion,'eference

The &IO is the princip!l m!n!"er or IT resources It is the responsi-ility of the &IO to ensure

th!t -usiness reuirements !re !ppropri!tely reco"ni>ed !nd !ddressed

QUESTION NO: B

Should &omp!ny A f!il to h!%e ! fr!me*ork for IT "o%ern!nce8 *h!t is most likely to suffer?

A &ompli!nce *ith re"ul!tion !nd -usiness m!nd!tes

# Success of its <lo* cost ser%ice pro%ider< str!te"y

& Security of customer d!t!

( The oper!tion!l efficiency of the IT or"!ni>!tion

Ans*er: #

QUESTION NO: 5

Which findin" *ould most likely moti%!te the &omp!nyCs !doption of ! distinct IT "o%ern!nce

pro"r!m



A There is si"nific!nt unreco"ni>ed !nd un!ddressed risk in the &omp!ny ph!rm!cy unitCs

h!ndlin" of customer he!lth inform!tion

# The &omp!ny spends more on IT !s ! percent!"e of profit th!n the "rocery industry !s !

*hole

& The &omp!nyCs m!n!"ement e+pense !s ! percent!"e of profit th!n the "rocery industry

!s ! *hole

( The comp!ny h!s e+perienced multiple ye!r to ye!r incre!ses in the percent of re%enue

loss due to spoil!"e or other*ise un2sell!-le in%entory

E The &omp!nyCs lon" time D14 ye!rsF &IO *ill soon retire

Ans*er: (


The comp!ny h!s e+perienced multiple ye!r to ye!r incre!ses in the percent of re%enue loss due

to spoil!"e or other*ise un2sell!-le in%entory

QUESTION NO: 13

Wh!t is the most !ppropri!te me!sure for the #o!rd to use to tr!ck the %!lue of the &omp!ny<s IT

o%ern!nce pro"r!m?

A &omp!ny stock price

# Store employee producti%ity

& Unit s!les !nd in%entory cost

( )rofit m!r"in

Ans*er: &


A "o%ern!nce pro"r!m moti%!ted in p!rt -y in%entory m!n!"ement issues should -e t!kin" those

costs

QUESTION NO: 11

Store oper!tions depend on IT2st!ff m!int!ined soft*!re th!t *!s de%eloped in house t*enty

ye!rs !"o Wh!t is the most compellin" !r"ument re"!rdin" moderni>!tion?

A No ch!n"e is needed8 the current system is Gtried !nd trueC

# Systems need to -e repl!ced due to difficulty in findin" e+perienced ') !nd &O#OH

pro"r!mmers to m!int!in them

& Systems need to -e repl!ced !s the use of the older systems del!ys introducin" ne*

products !nd ser%ices

( Security of the older systems is GsuspectC



Ans*er: &


Such system in!deu!cies *ould h!%e m!or fin!nci!l imp!ct D#usiness 9 !li"nment responseF

QUESTION NO: 1.

The &omp!ny h!s !cuired the !ssets of ! 133 store ch!in liuid!ted thru -!nkruptcy The

!cuired ch!inCs computer systems !re %endor propriet!ry8 le!din" ed"e systems Wh!t should

the &omp!ny do *ith these systems?

A &ontinue to oper!te them !nd contr!ct *ith the %endorCs profession!l ser%ices to inte"r!te

these systems *ith the &omp!nyCs fin!nci!l !nd lo"istic systems

# 'epl!ce these ne* systems *ith the &omp!nyCs st!nd!rd store system

& Implement ! str!te"y *here-y the system in the !cuired stores is the -!sis for ! ne*&omp!ny st!nd!rd store system

( 7!int!in ! sep!r!te IT or"!ni>!tion until the stores !re re2-r!nded !nd )9H reportin" is

inte"r!ted

Ans*er: #


&omp!ny focus on cost control emph!si>es st!nd!rdi>!tion

QUESTION NO: 16(espite the &;OCs certific!tion of compli!nce *ith the -!nkc!rd industryCs security st!nd!rds

D)&I (SSF8 the &omp!ny e+perienced ! si"nific!nt security -re!ch th!t e+posed c!rd inform!tion

of more th!n 17 customers Wh!t ch!n"es should -e m!de in the &omp!ny<s risk m!n!"ement

pro"r!m

A 7!nd!te !n incre!sed le%el of security monitorin"

# )ro%ide !ddition!l security tr!inin" for de%eloper !nd system !dmin st!ff

& Outsource the m!n!"ement of the &omp!ny<s net*ork security

( Add G>ero -re!chC "o!l to the &EOCs m!n!"ement t!r"ets

E Add G>ero -re!chC "o!l to the &IOCs m!n!"ement t!r"ets

Ans*er: (


Account!-ility for inform!tion security is suspect due to certific!tion si"noff -y the &;O Assi"n

!ccount!-ility to &EO8 "i%en the &IOCs suspect p!rticip!tion



QUESTION NO: 1

The IT dep!rtment h!s de%eloped much of the &omp!nyCs intellectu!l property Dtools 9

propriet!ry methodsF Wh!t is the !ppropri!te !ccount!-ility? J;r!me*orkK

A 7!n!"ement of )rofession!l Ser%ices for the utili>!tion of ne* tools 9 methods in client

en"!"ements

# The &IO for tr!inin" of profession!l ser%ices st!ff in the use of ne* tools 9 methods

& The &IO for ! positi%e imp!ct on profits from !ny ne*ly de%eloped tools or methods

( 7!n!"ement of )rofession!l Ser%ices for the selection of ne* tools 9 methods to -e

included in the )ortfolio

Ans*er: &


IT %!lue is determined -y the %!lue to deli%ers to the #usiness IT must !ct to remo%e -!rrier tothe deli%ery of -usiness %!lue If such -!rriers c!nnot -e remo%ed then IT should -e fore"oin"

de%elopment of the su-ect tool

QUESTION NO: 14

Wh!t should IT 7!n!"ement -e doin" in response to ne* #!nk re"ul!tion re"!rdin" inform!tion

security? J;r!me*orkK

A 7onitor8 e%!lu!te !nd identify ne* m!rket opportunities th!t *ill follo* promul"!tion of

the ne* re"ul!tion# (etermine the !deu!cy of the )ortfolio to respond to the reuirements of the ne*

re"ul!tion

& (o nothin" until 7!n!"ement of )rofession!l Ser%ices reports ! &lient reuirement for

ne* security ser%ices

( Ensure st!ff !ttend!nce !t !n industry conference focused on the ne* re"ul!tion

Ans*er: #


IT is -est positioned to underst!nd limits to c!p!-ilities of the portfolio IT h!s o-li"!tion to

Ginform the -usinessC should the )ortfolio -e found *!ntin"

QUESTION NO: 1/

The &omp!ny h!s determined to Gproducti>eC !nd sell some tools currently used -y the

&omp!ny<s profession!l ser%ices st!ff Wh!t must IT do to support this str!te"y? JAli"nmentK



A 'e*rite tools to reduce dependence &omp!ny infr!structure

# )l!n for incre!se in si>e of the =elp (esk support st!ff

& (etermine technic!l procedures reuired to protect products from pir!cy !nd unlicensed

use

( =ire ! consult!nt to determine reuirements of the !nticip!ted 6rd p!rty customers

Ans*er: (


While the de%elopment of product str!te"y is not !n IT function8 IT must pro%ide input re"!rdin"

its c!p!-ility to respond to !nticip!ted reuirements

QUESTION NO: 10

The &omp!ny is considerin" con%ertin" most of its s!l!ried consult!nts to Gindependent

contr!ctorC st!tus Wh!t is the m!or IT ch!llen"e !ssoci!ted *ith such ! mo%e? J'esource7!n!"ement , Ali"nmentK

A A lo*er St!ff commitment to report upon deficiencies in current )ortfolio

# Incre!sed user support reuirements due to St!ff turno%er

& Need for incre!sed tool !utom!tion due to lo*er e+perience !nd sophistic!tion le%el of

st!ff

( )rotection of I) especi!lly monitorin" for un!uthori>ed use of tools

Ans*er: &

E+pl!n!tion,'eference:re!ter st!ff turno%er me!ns th!t *ithout ! reduction in the le!rnin" cur%e of the use of

&omp!ny products8 ser%ice u!lity *ill suffer One method to shorten le!rnin" cur%e is to lessen

the le%el of kno*led"e reuired to use the tools *ith incre!sed le%el of tool !utom!tion

QUESTION NO: 1B

The #o!rd -elie%es th!t the &omp!ny is !n !cuisition t!r"et -y ! l!r"e m!nuf!cturer of

computer systems !nd discretely seeks !n !ttr!cti%e offer Wh!t should IT m!n!"ement

recommend to m!+imi>e %!lue to the potenti!l -uyers? JAli"nmentK

A 'educe )ortfolio<s dependence on &omp!ny infr!structure

# (el!y st!rtin" !ny ne* initi!ti%es

& 'educe IT st!ff he!dcount

( 'e2prioriti>e str!te"ic pl!ns to focus on initi!ti%es th!t c!n -e completed in the ne!r term

Ans*er: A




Incre!ses opportunity for reuse -y the !cuirin" comp!ny *hile minimi>in" risk to current

oper!tions8 7!y other*ise m!ke for more efficient IT oper!tions

QUESTION NO: 15

The IT infr!structure is currently un!-le to support ne* *!ys of communic!tin" *ith clients

such !s S7S or Gt*itterC Wh!t is the -est *!y for IT to !cuire such communic!tions

c!p!-ility?

A Sho* ho* the ne* infr!structure supports ! str!te"ic -usiness "o!l

# &ontr!ct *ith IS) or other ser%ice pro%ide for the c!p!-ility

& Implement risk -!sed controls th!t ensure !ppropri!te use of such protocols

( Assi"n !ppropri!te t!sk responsi-ilities to the &TO

Ans*er: A


Acti%ities in support of str!te"ic "o!ls *ill !l*!ys -e "i%en priority

QUESTION NO: .3

#rokers !re compl!inin" th!t the ni"htly . hour m!inten!nce *indo* diminishes their

opportunity to enter !nd complete tr!ns!ctions for intern!tion!l clients Wh!t is the -est *!y to

impro%e system !%!il!-ility?

A Up"r!de h!rd*!re !nd reduce m!inten!nce !cti%ities

# Se"ment resources ser%in" intern!tion!l clients !nd perform m!inten!nce on ! different

schedule

& Add system !dministr!tion st!ff to shorten m!inten!nce *indo*

( Up"r!de tr!ns!ction processin" systems

Ans*er: (


7odern tr!ns!ction processin" systems should support 0L. processin" !llo*in" for

m!inten!nce !cti%ities such !s -!ckup8 routine soft*!re fi+es , fe!ture !dditions !nd p!tch

inst!ll!tion to occur in re!l time

QUESTION NO: .1



'et!il customers !re compl!inin" th!t the &omp!ny does not support online tr!din" The ret!il

unit does not h!%e e+pertise in2house to de%elop !nd m!int!in ! secure online tr!din" system

Wh!t is the -est *!y for it to !cuire th!t e+pertise?

A Sh!re !pplic!tion components used -y institution!l customers for online tr!din"

# &ontr!ct for ser%ices from !n e+istin" online -roker!"e

& =ire ne* st!ff *ith the reuisite skills

( Tr!inin" e+istin" de%elopment st!ff in reuired protocols !nd tools

Ans*er: #


Where there is no competiti%e or str!te"ic !d%!nt!"es8 it s "ener!lly -etter to -uy %s -uild

#uyin" ser%ices r!ther th!n o*nin" soft*!re is likely to h!%e ! lo*er T&O D!t le!st durin"

tr!nsition periodF

QUESTION NO: ..

(ue to cost pressures -rou"ht !-out -y ne* re"ul!tion8 the &omp!ny seeks to reloc!te !ll d!t!

processin" to ! &omp!ny oper!ted off2shore f!cility Wh!t is the m!or concern *ith this t!ctic?

A Addition!l resource reuirements for compli!nce monitorin" m!y not -e reco"ni>ed

# Security

& (isruption !nd errors introduced durin" mi"r!tion

( E+pected cost s!%in"s m!y not -e re!li>ed

Ans*er: A


Since the re2loc!tion is intended to !%oid cost due re"ul!tion8 it is necess!ry to implement

controls to ensure th!t the &omp!ny is compli!nt *ith those re"ul!tions

QUESTION NO: .6

The &omp!ny is e+periencin" freuent disruptions in system oper!tions

Wh!t is the -est *!y to !ddress this pro-lem?

A Stren"then perimeter security *ith ne+t "ener!tion fire*!lls !nd intrusion detection

# Acceler!te ser%er m!inten!nce !nd repl!cement

& Add more c!p!-ility to monitor the st!te of system !nd net*ork resources

( 'esi>e ser%ers8 routers8 disk !rr!ys !nd other components



Ans*er: &


'esi>e ser%ers8 routers8 disk !rr!ys !nd other components

QUESTION NO: .

To support the moderni>!tion effort8 the &IO !nticip!tes th!t &omp!ny Gmess!"in"C c!p!-ilities

*ill h!%e to -e up"r!ded to include some kind of Gcoll!-or!tion en"ineC such !s Sh!repoint or

Hotus (omino Wh!t is the -est *!y to proceed?

A Immedi!tely include the ne* infr!structure in the IT !rchitecture !nd the fund the

component out of the moderni>!tion -ud"et

# W!it until the need for the ne* component is !pp!rent in ! critic!l *orkflo* !nd then

include !cuisition !nd implement!tion of th!t component !s p!rt of the proect to !utom!te th!t

critic!l *orkflo*& &ollect Gcoll!-or!tionC reuirements from !ll current proect te!ms Implement common

component if it is cost effecti%e solution to the collecti%e coll!-or!tion reuirement

( (e%elop !n infr!structure up"r!de str!te"y to support the moderni>!tion pro"r!m8 the

costs of *hich !re !ssi"ned to ITCs c!pit!l -ud"et

Ans*er: &


Ensures the %!lue of the coll!-or!tion en"ine *ill -e !ppropri!tely !ssessed !nd th!t in%estment

decision m!de on th!t -!sis Infr!structure components deri%e their %!lue for th!t of the

!pplic!tion th!t they support

QUESTION NO: .4

Ne* re"ul!tion m!nd!tes th!t the &omp!ny support d!t! e+ch!n"e procedures for *hich the

&omp!ny !nticip!tes si"nific!nt cost -ut little8 if !ny8 fin!nci!l -enefit in the ne+t fi%e ye!rs

Wh!t is the -est !ppro!ch to m!n!"in" this in%estment?

A Implement the !pplic!tions th!t *ill le%er!"e the ne* procedures so !s to produce

-usiness %!lue

# Initi!te ! proect to implement the e+ch!n"e c!p!-ility -ut !ssi"n it minimum resources

& Include support for the e+ch!n"e c!p!-ility in the portfolio of moderni>!tion proects

( (el!y implement!tion of the c!p!-ility for !s lon" ! possi-le

Ans*er: &




$!lue m!n!"ement M "o%ern!nce response Address the support reuirements in the conte+t of the

portfolio of &omp!ny in%estments

QUESTION NO: ./

'ecently8 ! Gne%er e%entC resultin" in the de!th of ! p!tient occurred !t the hospit!l &urrent

industry st!nd!rds dict!te th!t such !n e%ent should Gne%erC occur !t ! *ell m!n!"ed hospit!l

The hospit!l could implement ! %ery e+pensi%e !pplic!tion control to pre%ent ! re2occurrence8

-ut the cost *ould h!%e to -e p!id out of the moderni>!tion -ud"et Wh!t is the most !ppropri!te

!ction?

A Immedi!tely implement the ne* !pplic!tion control !s p!rt of the moderni>!tion -ud"et

# (el!y implement!tion of the control until !nother cost center for the control is found

& Incre!se the priority of proects th!t *ould !utom!te the suspect processes identified -ythe root c!use !n!lysis of the e%ent

( (o nothin" !nd !ccept the risk of such e%ents "i%en their %ery lo* freuency !nd hi"h

miti"!tion cost

Ans*er: &


)riority is in the conte+t of portfolio m!n!"ement '&A *ill identify process f!ilures th!t c!n -e

!%oided throu"h !utom!tion

QUESTION NO: .0

The comp!ny h!s not yet o-t!ined e+pected -enefits from the moderni>!tion pro"r!m Wh!t is

-est course of !ction?

A Ad%ise p!tience !s tot!l return should incre!se *ith time

# Incre!se the hurdle r!te for the hi"her risk in%estments

& (el!y closin" proects until demonstr!tion of %!lue deli%ery

( Incre!se the moderni>!tion -ud"et

Ans*er: &


H!ck of receipt of %!lue indic!tes ! pro-lem in %!lue pl!nnin" or e+ecution This response

ensures proect m!n!"ement until !ll c!p!-ilities reuired to recei%e -usiness %!lue !re in pl!ce

QUESTION NO: .B



The proect to implement ! hi"hly %isi-le medic!l support !pplic!tion is .4 complete -ut h!s

consumed 43 of its -ud"et Wh!t is the most !ppropri!te course of !ction?

A Incre!se the proect -ud"et !s the !pplic!tion directly rel!tes to &omp!ny mission

# Incre!se the !ssumed le%el of proect risk !nd re2e%!lu!te the in%estment decision

& Shel%e the proect in f!%or of those *ith "re!ter likelihood of implement!tion success

( (e%elop ! pl!n to complete the proect *ith the rem!inin" -ud"et

Ans*er: #


$!lue m!n!"ement response M ensures consider!tion of risk !nd %!lue in conte+t of portfolio of

in%estments

QUESTION NO: .5An A"ency "o!l is to more e!sily inte"r!te inform!tion collected !t different times !nd -y

different source s *ithin the A"ency Which of the follo*in" me!sures *ould -est indic!te ITCs

pro"ress to*!rd this "o!l?

A Num-er of systems compli!nt *ith A"ency met!d!t! st!nd!rds

# Time reuired to complete inform!tion reuest

& Num-er of !n!lyst tools !%!il!-le for use in consolid!tin" d!t!

( Time to complete compl!int , filin"

Ans*er: (E+pl!n!tion,'eference:

This *ould -e ! -usiness conseuence of "o!l s!tisf!ction

QUESTION NO: 63

The A"ency continues to re"ul!rly e+perience incomplete d!t! sh!rin" despite impro%ement in

perform!nce metrics Which of the follo*in" is most likely to -e the re!son for this?

A St!ff !re ine+perienced in the use of ne* systems

# Inform!tion !rchitecture is incomplete

& St!ff !re moti%!ted to keep control o%er inform!tion th!t they collect

( &ollected perform!nce metrics me!sure efficiency r!ther th!n effecti%eness

Ans*er: (




Inconsistency -et*een metrics !nd Gre!lityC implies ! deficiency in the metrics The reported

metric reports time *,o control for Gu!lityC

QUESTION NO: 61

The A"ency is concerned th!t m!ny of its IT systems !re G!ntiu!tedC Which -!l!nced scorec!rd

me!sure indic!tes re!diness for !n IT moderni>!tion pro"r!m?

A of ser%ice contr!cts meetin" SHA *,o dispute

# of !"ency -usiness processes identified in EA

& of IT st!ff W, certified skills !nd system kno*led"e

( of users s!tisfied *ith help desk support

Ans*er: #

E+pl!n!tion,'eference:'eco"nition of A"ency -usiness processes !nd their rel!tionship is essenti!l to moderni>!tion of

IT

QUESTION NO: 6.

The A"ency is ! freuent cy-er2*!rf!re t!r"et Wh!t me!sure -est indic!tes the effecti%eness of

ITCs security risk m!n!"ement?

A compli!nce *ith feder!l inform!tion processin" st!nd!rds D;I)SF

# of reported security incidents& of incidents rel!tin" to un2!nticip!ted thre!ts

( of systems current on !ll %endor p!tches

Ans*er: &


'eflects the thorou"hness of the A"encyCs risk !ssessments8 DHo* num-er is -etterF

QUESTION NO: 66

To ensure A"ency fle+i-ility *hen m!kin" *ork !ssi"nments8 !ll rele%!nt inform!tion !nd IT

must -e !ccessi-le !nd tr!nsfer!-le to !ny employee in !ny office Wh!t me!sures s!tisf!ction of

this "o!l?

A Of incidents *here employee un!-le to reco%er critic!l d!t! *ithin one *ork d!y

# A%er!"e time to pro%ision !n GA"ency st!nd!rdC *orkst!tion

& 7inimum ser%ice le%el of field office WAN connection



( A%er!"e user r!tin" of s!tisf!ction *ith IT ser%ices

Ans*er: A


#usiness outcome most closely rel!ted to the "o!l

QUESTION NO: 6

=o* is the risk of ! -re!ch of electronic!lly m!int!ined client confidenti!l inform!tion -est

m!n!"ed?

A #y the ser%ice pro%ider s independently %!lid!ted compli!nce *ith the ;irmCs security

st!nd!rds

# Ser%ice !"reement reuirin" th!t the Outsource indemnify the ;irm for !ll losses

!ssoci!ted *ith ! -re!ch of security& Encryption of !ll d!t! m!int!ined !t the d!t! center

( Throu"h re"ul!r !udits of d!t! center oper!tions conducted -y the ;irmCs risk officer

Ans*er: (


The only !ltern!ti%e th!t pro%ides fle+i-ility sufficient to respond to ! ch!n"in" risk

en%ironment

QUESTION NO: 64Indi%idu!l &ourts !nd 'e"ul!tors h!%e distinct reuirements *ith respect to the security of

electronic filin"s

Wh!t !ppro!ch should the ;irm t!ke to ensure th!t its Attorneys h!%e the c!p!-ility to su-mit

electronic filin"s *here e%er such !re !llo*ed?

A )ro%ision ! suite of security ser%ices to -e used !s determined -y indi%idu!l Attorneys

# Implement ! "lo-!l security st!nd!rd th!t encomp!sses the security reuirements of !ll

urisdictions

& Allo* offices in different urisdictions to independently implement the !ppropri!te

security procedures !s reuired -y the rele%!nt &ourts !nd A"encies

( Support *ith ! "lo-!l st!nd!rd the most common security reuirements defer electronic

flin"s in urisdictions not supported -y th!t st!nd!rd

Ans*er: A




7ost cost effecti%e !ltern!ti%e Allo*s the ;irm to ensure the technic!l competence of the

security implement!tion8 *hile meetin" urisdiction!l reuirements

QUESTION NO: 6/

One of the ;irmCs offices h!s e+perienced ! successful intrusion into its net*ork -y h!ckers8 -ut

due to poor incident response is un!-le to determine *h!t inform!tion m!y h!%e -een !ccessed

or modified Wh!t !ction should immedi!tely -e t!ken?

A Notify &lients of th!t office th!t there m!y h!%e -een ! -re!ch of )ri%ile"ed

communic!tion

# Isol!te the office net*ork from the &orpor!te WAN

& Notify ;irm AttorneyCs th!t there h!s -een ! h!ck !nd therefore re%ie* !ny recently

prep!red documents or une+pected ch!n"es

( =!%e e+tern!l !uditors conduct ! forensic !n!lysis to determine the method !nd scope ofthe intrusion

Ans*er: #


&ont!inment of si"nific!nt -ut poorly understood risk is !ppropri!te

QUESTION NO: 60

;irm Attorneys re"ul!rly include client confidenti!l inform!tion in unencrypted Internet em!il

&!nnons of !ttorney ethics do not reuire Attorneys to encrypt em!il or notify clients th!t they!re usin" insecure em!il Wh!t is the ;irmCs -est course of !ction?

A Adopt !n enterprise em!il encryption solution th!t is only p!rti!lly effecti%e -ut e!sy to

implement

# Inform clients of the pr!ctice -ut !"ree to !ny client reuest not to use such insecure

communic!tion ch!nnels

& &onfirm th!t ;irm m!lpr!ctice polices include losses due to unintended -re!ches of

pri%ile"ed communic!tion

( Inform clients of the pr!ctice !nd !"ree not to use such insecure communic!tion ch!nnels

unless the &lient !ccepts the risk of ! confidenti!lity -re!ch

Ans*er: A


)re%ention of rel!ti%ely lo* risk e%ent s is undou-tedly more cost effecti%e th!n other risk

tre!tment D!%oid!nce or tr!nsferF



QUESTION NO: 6B

The ;irm is considerin" deployin" ! &lient port!l throu"h *hich clients c!n su-mit reuired

documents8 pre%ie* filin"s reuirin" si"n!ture8 re%ie* -illin" records8 !nd securely

communic!te *ith Attorneys !nd other st!ff Wh!t inform!tion is the most import!nt to collect

*hen e%!lu!tin" the risk !ssoci!ted *ith the port!l?

A Hikelihood of intrusion !ttempts

# He%el of client use

& Imp!ct on Attorney producti%ity

( &ost of !ppropri!te security

Ans*er: A

QUESTION NO: 65

&O#IT presents the o%ern!nce &u-e The three m!in !re!s of this cu-e !re IT )rocesses8 IT

'esources !nd?

A &riteri!

# Audit!-le

& )eople

( ;in!nci!l

E Qu!lity

Ans*er:

QUESTION NO: 3

&O#IT processes !re "rouped into dom!ins of of *hich is 7onitorin" !nd?

A Audit

# )rudence

& &orrection

( Support

Ans*er:

QUESTION NO: 1

In &O#IT8 IT 'esources !re )eople8 Applic!tion Systems8 (!t!8 Technic!l Infr!structure !nd?



A #ud"ets

# ;!cilities

& Efficiency

( Security

Ans*er:

QUESTION NO: .

Inform!tion &riteri! is Effecti%eness8 Efficiency8 &onfidenti!lity8 Inte"rity8 A%!il!-ility8

&ompli!nce !nd?

A 'eli!-ility

# 'euse& Accur!cy

( Accessi-ility

Ans*er:

QUESTION NO: 6

&O#IT st!nds for &ontrol O-ecti%es for Inform!tion !nd 'el!ted?

A Tools# Terminolo"y

& Terms

( Technolo"y

Ans*er:

QUESTION NO:

&O#IT m!kes use of the (emin" &ycle This is m!ke up of )l!n8 (o8 &heck?

A Think

# 'e%ie*

& Act

( Assess

Ans*er:



QUESTION NO: 4

An IT &ontrol O-ecti%e is defined !s control procedures in ! p!rticul!r IT?

A Acti%ity

# Te!m

& Or"!ni>!tion

( 'e%ie*

Ans*er:

QUESTION NO: /

&O#IT Security 'euirements !re defined !s &onfidenti!lity8 Inte"rity !nd?

A Appropri!teness

# A%!il!-ility

& 'o-ustness

( Secrecy

Ans*er:

QUESTION NO: 0In *hich of the &O#IT m!n!"ement dom!ins does 7!n!"e third2p!rty suppliers f!ll?

A (eli%ery

# 7onitorin"

& )l!nnin"

( Acuisition

Ans*er:

QUESTION NO: B

ITIH directly m!ps,inte"r!tes *ith &O#IT

A True

# ;!lse

& Sometimes



( (epends

Ans*er:

QUESTION NO: 5

When IT is !li"ned *ith the enterprise<s st!ted o-ecti%es8 it pro%ides se%er!l -enefits Which one

of the follo*in" IS NOT one of them?

A &ompli!nce *ith re"ul!tory reuirements

# En!-lin" of cost2effecti%e !dministr!tion !nd m!n!"ement

& $!lue !ddition to -usiness products !nd ser%ices

( Optim!l use of resources

Ans*er:

QUESTION NO: 43

Select the correct st!tement

A P)Is !re le!d indic!tors

# P)Is !re l!" indic!tors

& P)Is !nd PIs !re synonymous

( PIs !re le!d indic!tors

Ans*er:

QUESTION NO: 41

E!sy &redit &!rds Inc in the US pl!ns to set up ! tr!ns!ction center in the )hilippines Which

one of the follo*in" *ould -e the -est !ppro!ch for resource optimi>!tion?

A Employin" che!per resources

# 'educin" cost *hile deli%erin" -etter ser%ice

& )ro%idin" f!ster !nd more reli!-le ser%ice

( )l!nnin" for dis!ster reco%ery in the e%ent of ! dis!ster

Ans*er:

QUESTION NO: 4.



#!l!ncin" %!lue !nd cost:

A All !ns*ers !pply

# Achie%in" re"ul!tory compli!nce

& 7!n!"in" comple+ity

Ans*er:

QUESTION NO: 46

Which of the follo*in" st!tements is true?

1 An or"!ni>!tion c!n -e certified !"!inst -oth &O#IT !nd ISO,IE& .3333

.&O#IT !nd ITIH complement e!ch other

A #oth 1 !nd .# . only

& Neither 1 or .

( 1 only

Ans*er:

QUESTION NO: 4

Which of the follo*in" st!tements is true?

1 IT )rocesses !re controlled -y &ontrol O-ecti%es. IT )rocesses !re me!sured -y &ontrol )r!ctices

A Neither 1 or .

# #oth 1 !nd .

& . only

( 1 only

Ans*er:

QUESTION NO: 44

SpinIT is ! sm!ll -ut f!st2"ro*in" record comp!ny th!t *!nts to mo%e to*!rd more intern!l

control !nd "o%ern!nce of IT Wh!t is the -est thin" to do first?

A St!rt *ith !n !udit8 !s defined -y the Assur!nce uide

# St!rt implementin" the 13 processes of the dom!in: )l!n 9 Or"!ni>e



& St!rt implementin" the four processes of the dom!in: 7onitor 9 E%!lu!te

( St!rt usin" &O#IT Quickst!rt

Ans*er:

QUESTION NO: 4/

(escri-e ho* &O#IT defines resources in !n IT en%ironment

A Technolo"y8 Applic!tions8 Soft*!re8 Net*orks

# Applic!tions8 Inform!tion8 Infr!structure8 )eople

& Technolo"y8 Inform!tion8 Infr!structure8 Net*orks

( Applic!tions8 Infr!structure8 Net*orks8 )eople

Ans*er:

QUESTION NO: 40

Which of the follo*in" is not ! process defined -y &O#IT?

A 7onitor 9 E%!lu!te

# Acuire 9 Inte"r!te

& (eli%ers 9 Support

( )l!n 9 Or"!ni>e

Ans*er:

QUESTION NO: 4B

&O#IT is !n !cronym th!t st!nds for:

A &ontrol O-ecti%es for Inform!tion !nd rel!ted Technolo"y

# &le!r O-ecti%es #efore Inte"r!tin" Technolo"y

& &ross Or"!ni>!tion!l #usiness Inform!tion Technolo"y

( &ontrol !nd O-ser%e Inform!tion Technolo"y

Ans*er:

QUESTION NO: 45

Security is:



A Not mentioned -y &O#IT

# An IT ch!llen"e

& An IT resource

( An inform!tion criteri!

Ans*er:

QUESTION NO: /3

Or"!ni>!tions find it con%enient to use &O#IT -ec!use:

A &O#IT is positioned centr!lly !t the det!iled le%el

# It rel!tes to other fr!me*orks D&OSO8 &778 !nd so onF

& Implementin" &O#IT m!kes ITIH o-solete( All options !re correct

Ans*er:

QUESTION NO: /1

Which one of the follo*in" should not -e included in the &O#IT &u-e?

A IT )rocesses

# IT &!p!-ilities& IT 'esources

( Inform!tion &riteri!

Ans*er:

QUESTION NO: /.

Which one of the follo*in" ISA&A pu-lic!tions is focused on )OS8 7!n!"e the IT

In%estment?

A $AH IT

# &O#IT Implement!tion uide

& &O#IT Quickst!rt

( 'isk IT

Ans*er:



QUESTION NO: /6

=o* lon" is the offici!l &O#IT e2le!rnin" ;ound!tion course?

A hours

# B hours

& 1 hours

( . hours

Ans*er:

QUESTION NO: /

Which of the follo*in" is not !n IT resource8 !s defined -y &O#IT?

A )eople

# Infr!structure

& Technolo"y

( Inform!tion

Ans*er:

QUESTION NO: /4In *hich &O#IT dom!in *ould you e+pect to find inform!tion on Ensurin" re"ul!tory

compli!nce?

A )l!n !nd Or"!ni>e

# Acuire !nd Implement

& (eli%er !nd Support

( 7onitor !nd E%!lu!te

Ans*er:

QUESTION NO: //

IOU &omp!ny h!s cross2function!l te!ms th!t deli%er proects l!te (e%elopers !re un!-le to

underst!nd the terms used -y the -usiness m!n!"ers !nd %ice %ers!

=o* does &O#IT help in this situ!tion?



A &O#IT m!n!"es comple+ity -y introducin" the )O processes

# &O#IT defines ! model for efficient cross2function!l coordin!tion

& &O#IT helps -etter communic!te usin" ! common l!n"u!"e

( &O#IT introduces intern!l controls 9 processes to pro%ide !ssur!nce

Ans*er:

QUESTION NO: /0

All potenti!l users c!n -enefit from &O#IT content !s !n o%er!ll !ppro!ch to m!n!"in" !nd

"o%ernin" IT8 to"ether *ith more det!iled st!nd!rds8 such !s:

A &77 for solution deli%ery

# ISO,IE& .033. for inform!tion security& ITIH for ser%ice deli%ery

( All !ns*ers !re correct

Ans*er:

QUESTION NO: /B

)redefined me!sures th!t determine ho* *ell !n IT process en!-les the !chie%ement of "o!ls !re

c!lled:

A &ritic!l Success ;!ctors D&S;sF

# Pey o!l Indic!tors DPIF, Outcome 7e!sures

& Pey )erform!nce Indic!tors DP)IsF

( )erform!nce Indic!tors

E 7ission O-ecti%e 7e!surement D7O7F

Ans*er:

QUESTION NO: /5

Wh!t is dri%in" the need for IT o%ern!nce?

A All !ns*ers !pply

# #!l!ncin" %!lue !nd cost

& 7!n!"in" comple+ity

( Achie%in" re"ul!tory compli!nce



Ans*er:

QUESTION NO: 03

Which of these st!tements is true?

1 An offici!l &O#IT E+!m e+ists to test the underst!ndin" of &O#IT !t the ;ound!tion le%el

. Offici!l &O#IT ;ound!tion courses !re reco"ni>ed for &)E credits

A 1 only

# Neither 1 or .

& #oth 1 !nd .

( . only

Ans*er:

QUESTION NO: 01

Inst!llin" controls Dsuch !s fire*!ll securityF th!t pro%ide protection !"!inst risks is c!lled:

A 'isk 7iti"!tion

# (efense2in2(epth

& Security 'esource 7!n!"ement

( 'isk A%oid!nce

Ans*er:

QUESTION NO: 0.

7!tch the follo*in" scen!rio *ith the correct -enefit of IT o%ern!nce: Inform!tion is !%!il!-le

to the !ppropri!te decision m!kers to monitor IT !cti%ities -y usin" !ccur!te perform!nce

me!sures

A &onfidence of the top m!n!"ement

# E!sier Auditin"

& 7ore reli!-le ser%ices

( 7ore tr!nsp!rency

Ans*er:



QUESTION NO: 06

Ensurin" th!t inform!tion !-out !ppropri!te IT functions8 ser%ices8 !nd %!lue deli%ered is

!%!il!-le !t !ll le%els needin" th!t inform!tion is c!lled:

A Inform!tion Sh!rin"

# )ro"r!m Inform!tion 7!n!"ement

& lo-!l &ommunic!tion

( Tr!nsp!rency

Ans*er:

QUESTION NO: 0

A 7!turity 7odel is useful -ec!use it:

A (efines the c!p!-ility t!r"ets to -e !chie%ed

# Tr!ins st!ff to impro%e perform!nce

& O-t!ins certific!tion from !n e+tern!l p!rty

( Identifies critic!l oper!tion!l issues th!t need to -e !ddressed

Ans*er:

QUESTION NO: 04

IOU &omp!ny h!s st!rted to implement &O#IT8 -ut they !re not sure *hether people is !n ITresource:

A No8 &O#IT does not include people !s !n IT resource

# @es8 &O#IT includes people !s !n IT resource

& It depends on *hether the num-er of IT st!ff e+ceeds the comp!ny threshold

( It depends on *hether people !re intern!l8 outsourced8 or contr!cted

Ans*er:

QUESTION NO: 0/

&O#IT is pu-lished -y:

A Intern!tion!l Or"!ni>!tion for St!nd!rdi>!tions DISOF

# IT o%ern!nce Institute DITIF

& )!ul S!r-!nes 9 7ich!el O+ley DSOLF



( United Pin"dom<s Office of o%ernment &ommerce DO&F

Ans*er:

QUESTION NO: 00

=o* m!ny IT processes !re defined -y &O#IT?

A 1

# 6

& 4/

( 5

Ans*er:

QUESTION NO: 0B

Which of the follo*in" is not ! 'A&I term?

A 'esponsi-le

# Account!-le

& Instructed

( &onsulted

Ans*er:

QUESTION NO: 05

Which of the follo*in" should not -e included?

A Account!-le

# Informed

& Notified

( 'esponsi-le

Ans*er:

QUESTION NO: B3

'e!d the follo*in" st!tement !nd select the ri"ht m!turity le%el th!t corresponds to the

st!tement8 )rocesses !re documented !nd communic!ted



A &e!sed

# (efined

& Optimi>ed

( (irected

Ans*er:

QUESTION NO: B1

Which of the follo*in" is not included in the &O#IT &U#E?

A (ri%ers

# 'esources

& )rocesses( Inform!tion &riteri!

Ans*er:

QUESTION NO: B.

In *hich &O#IT dom!in *ould you e+pect to find inform!tion on 7!n!"e third2p!rty

ser%ices?

A )l!n !nd Or"!ni>e# 7onitor !nd E%!lu!te

& Acuire !nd Implement

( (eli%er !nd Support

Ans*er:

QUESTION NO: B6

A method th!t helps !n or"!ni>!tion m!ke ! system!tic !ttempt to impro%e -y me!surin"

proficiency in ! focus !re! is:

A 7!turity 7odels

# #enefit 'e!li>!tion &!pture D#'&F

& 7ission O-ecti%e 7e!surement D7O7F

( Pey )erform!nce Indic!tors DP)IsF



Ans*er:

QUESTION NO: B

Inte"rity is !n inform!tion criterion8 !s defined -y &O#IT8 !nd is concerned *ith:

A )ro%ision of !ppropri!te inform!tion

# )rotection of sensiti%e inform!tion

& S!fe"u!rdin" of necess!ry resources

( Accur!cy !nd completeness of inform!tion

Ans*er:

QUESTION NO: B4Accordin" to &O#IT8 *ho is responsi-le for IT o%ern!nce?

A The &EO

# IT Employees

& The #o!rd of (irectors

( The &IO

Ans*er:

QUESTION NO: B/

Which tool pro%ides the -est indic!tor of str!te"ic !li"nment?

A #!l!nced scorec!rd

# &77 -enchm!rk

& (!sh-o!rds

Ans*er: A


#!l!nced scorec!rds e+plicitly connect -usiness "o!ls *ith IT perform!nce me!sures &77

r!tes the m!turity of process independent of !ny st!tement of -usiness "o!ls IT metrics reflect

the perform!nce of systems *,o !ny st!tement of -usiness "o!ls (!sh-o!rds !re merely !

me!ns to displ!y metrics

QUESTION NO: B0



The &O#IT IT Assur!nce uide *ould -e of prim!ry interest to:

A 7!n!"ement

# Auditors

& Security profession!ls

( ;unction!l m!n!"ers

Ans*er: #


ISA&A of its %!rious pu-lic!tions c!ndid!tes should -e f!mili!r *ith *h!t ISA&A offers to

*hom While m!n!"ers !nd security pros m!y -e interested this doc8 it s prim!ry t!r"et is

persons conductin" !udits

QUESTION NO: BBThe !%er!"e le%el of pro"r!mmin" effort per function point is !:

A P)I

# )rocess PI

& IT PI

Ans*er: A


;unctions points !re me!sure of !pplic!tion comple+ity This me!sure reflects perform!nce !t !n

!cti%ity D!pplic!tion pro"r!mmin"F le%el

QUESTION NO: B5

Schedulin" ch!n"e is !:

A IT o!l

# )rocess o!l

& Acti%ity o!l

Ans*er: #


&h!n"e schedulin" is !n !cti%ity th!t is p!rt of the m!n!"e ch!n"e process Authori>!tion of

!ppropri!tely e%!lu!ted ch!n"es is the )rocess o!l !nd the rel!ted IT o!ls include timely

response to ch!n"in" -usiness



QUESTION NO: 53

Which of the follo*in" le!st descri-es &O#IT?

A Technolo"ic!lly neutr!l

# #usiness oriented

& 7ulti2st!keholder

( )rescripti%e

E All or none

Ans*er: (

E+pl!n!tion,'eference

&O#IT c!n -e implemented piece me!l !nd !ll &O#IT o-ecti%es do not h!%e to -e !chie%ed -y

! sin"le proect #@ definition &O#IT pro%ides ! -usiness orient!tion &O#IT is not dependent

upon or limited to ! specific inform!tion technolo"y &O#IT !ssi"ns roles !nd responsi-ilities !t

multiple le%els in the or"!ni>!tion &O#IT identifies "o%ern!nce t!sks th!t need to -e performed D!s opposed to descri-in" t!sk th!t h!%e -een performedF

QUESTION NO: 51

;rom *h!t perspecti%e should the enterprise %ie* Rre"ul!tory compli!nce

A ;in!nci!l

# &ustomer

& Intern!l

( He!rnin" 9 "ro*th

Ans*er: &


'e"ul!tory compli!nce is property of comp!ny oper!tions oper!tion!l !spects is de!lt *ith in

-!l!nced scorec!rds !s !n <intern!l perspecti%e< &ompli!nce m!y h!%e fin!nci!l !nd customer

!spects -ut those !re not prim!ry

QUESTION NO: 5.

Inform!tion Greli!-ilityC is import!nt for *hich -usiness "o!l?

A Incre!sed m!rket sh!re

# Ser%ice !%!il!-ility

& Tr!nsp!rency

( Ho*erin" process costs



Ans*er: #


'eli!-ility rel!tes to the pro%isionin" of inform!tion to m!n!"ement so th!t it c!n e+ercise

"o%ern!nce !nd fiduci!ry responsi-ility Tr!nsp!rency is essenti!l to these functions

QUESTION NO: 56

The IT enterprise !rchitecture is determined -y:

A #usiness o!ls

# Infr!structure

& 'e"ul!tory reuirements

( IT o!ls

E Technic!l c!p!-ility

Ans*er: A


#usiness "o!ls dri%e the IT "o!ls *hich in turn cre!tes reuirements for the IT enterprise

!rchitecture Infr!structure is ! component of the IT !rchitecture !nd technic!l c!p!-ility !n

!ttri-ute of the people component of the !rchitecture

QUESTION NO: 5

IT enterprise !rchitectures descri-e the rel!tionship -et*een !ll of the follo*in" e+cept

A 'oles

# Inform!tion

& )rocesses

( &ustomers

E Applic!tions

Ans*er: A


"Roles" identify groups of people as participants in the enterprise architecture. If IT

processes delivered value directly to customers, customer would be a part of the IT

architecture. However, it is not true in general that customers interact with

company applications and information, so 'customers' is the appropriate answer.

QUESTION NO: 54



Ali"nment is !ddressed prim!rily durin" *h!t ph!se of the oper!tion!l lifecycle?

A )l!n !nd or"!ni>e

# Acuire !nd implement

& (eli%er !nd support

( 7onitor !nd e%!lu!te

Ans*er: A


)O1 defines !n IT str!te"ic pl!n8 !n essenti!l property of *hich is !li"nment *ith the -usiness

str!te"ic pl!n !nd "o!ls All the other ph!ses follo* the determin!tion of str!te"ic pl!ns in the

"o%ern!nce lifecycle

QUESTION NO: 5/)ro-lem m!n!"ement is !ddressed prim!rily durin" *h!t ph!se of the oper!tion!l lifecycle?

A )l!n !nd or"!ni>e

# Acuire !nd implement

& (eli%er !nd support

( 7onitor !nd e%!lu!te

Ans*er: &


(S13 M 7!n!"e )ro-lems While the 7onitor 9 E%!lu!te ph!se m!y detect pro-lems !ndf!ilures to resol%e them8 pro-lem resolution is ! "ener!l form of incident m!n!"ement

QUESTION NO: 50

Wh!t -est descri-es ! Rcontrol in &O#IT?

A A process th!t ensures specific outcomes

# )olicies !nd procedures th!t pro%ide !ssur!nce of -usiness o-ecti%es

& An !utom!ted process th!t pre%ents or detects undesir!-le e%ents

Ans*er: #


&O#IT does not define control =o*e%er "loss!ry entries for <control pr!ctices< !nd <control

o-ecti%es< !nd <intern!l control< m!kes it cle!r th!t for &O#IT <control< is rel!ted to the "ener!l

!ccomplishment of -usiness o-ecti%es The first !nd third references !re too n!rro*



QUESTION NO: 5B

An IT control o-ecti%e is !ssoci!ted *ith:

A #usiness "o!l

# Inform!tion criteri!

& IT process

( )erform!nce

Ans*er: #


The IT control o-ecti%e is the result !chie%ed -y the control procedure in ! "i%en !cti%ity This

is determined -y the IT process th!t or"!ni>es the !cti%ity #usiness "o!ls !nd inform!tion

criteri! !re too "ener!l to identify such o-ecti%es )erform!nce is ! retrospecti%e !ttri-ute

*here!s controls !re for*!rd lookin"

QUESTION NO: 55

Which is le!st likely to -e pro%ided -y !n !pplic!tion control?

A Accur!cy

# &ompleteness

& 'eli!-ility

( Inte"rity

E Authori>!tion

Ans*er: &


'eli!-ility is ! "ener!l property of the inform!tion system t!ken !s ! *hole *here!s !pplic!tion

de!l *ith specific processin" of su-sets of d!t! to support specific -usiness functions

QUESTION NO: 133

&O#IT IT processes co%er:

A Applic!tion &ontrols

# ener!l &ontrols

& #oth !pplic!tion !nd "ener!l controls

Ans*er: #




The -usiness is responsi-le for definin" function!l !nd control reuirements for !pplic!tions8 use

of !pplic!tions8 !nd m!nu!l controls &O#IT IT processes include the implement!tion of those

control reuirements th!t !re sh!red !cross !pplic!tions

QUESTION NO: 131

)rocesses recei%e reuired inputs from:

A Other processes e+clusi%ely

# As ! result of process !cti%ity

& Sr 7!n!"ement

( None of the !-o%e

Ans*er: #

E+pl!n!tion,'eference:The !cti%ities or"!ni>ed -y !n IT processes o-t!in inform!tion from -usiness users8 -usiness

tr!ns!ctions8 systems8 !nd customers in !ddition to inter2process communic!tion Where!s Sr

7!n!"ers m!y pro%ide input to !n IT process8 !ll process *ould not so depend upon them

QUESTION NO: 13.

)rocess m!turity is ! str!te"ic "o!l:

A True

# ;!lse

Ans*er: #


Str!te"ic "o!ls rel!te to -usiness o-ecti%es )rocess m!turity8 in !nd of itself8 does not cre!te

%!lue for the customer !nd thus is only indirectly rel!ted to -usiness "o!ls

QUESTION NO: 136

'oles th!t !re <consulted< in 'A&I ch!rts8 must <si"n off< on process !cti%ities:

A True

# ;!lse

Ans*er: #


In 'A&I ch!rts <!uthori>!tion< is limited to the <!ccount!-le< role



QUESTION NO: 13

When respondin" to compl!ints !-out reportin" errors in customer reports8 m!n!"ement should

focus on *h!t inform!tion criteri!?

A Efficiency

# Inte"rity

& &ompli!nce

( Effecti%eness

E 'eli!-ility

Ans*er: (


<Effecti%eness< refers to the timely deli%ery of correct8 consistent !nd us!-le inform!tion to the -usinesses process When IT o!ls !re linked to IT processes D!ppendi+ IF8 it is cle!r th!t

effecti%es reflects customer %!lues *here !s reli!-ility is more !n intern!l m!n!"ement

perspecti%e Inte"rity is ! concept some*h!t limited to the stor!"e !nd tr!nsmission of

inform!tion th!t does not include cre!tion Efficiency !nd compli!nce !re distr!cters

QUESTION NO: 134

Which !ction is ! success f!ctors should help resol%e the in!-ility to "!in support from the loc!l

officeCs -usiness m!n!"ement8 !ccordin" to the &O#IT 4 Implement!tion uide?

A Set up ! re"ul!r &ompli!nce forum *hich includes mem-ers of -oth loc!l !nd O%erse!s

#usiness 7!n!"ement !nd loc!l IT 7!n!"ement

# Only implement impro%ements th!t !dd %!lue to the loc!l office

& )roduce ! 'A m!tri+ for o%ern!nce rel!ted roles for the loc!l office

( Ensure !ll resources !<e full time !nd dedic!ted to the o%ern!nce Initi!ti%e

Ans*er: A

QUESTION NO: 13/

Which document is Inputs to )h!se 1?

A Seed one of the follo*in" Outline #usiness &!se for the o%ern!nce Initi!ti%e

# A list of st!keholders !t the loc!l office !nd O%erse!s =e!d Office

& A report from =' on st!ff turno%er

( (ocumented !ppro%!l from the &EO to proceed



Ans*er: &

QUESTION NO: 130

Which re!son is ! root c!use for the l!ck of current enterprise policy !nd direction *ithin !n

or"!ni>!tion !ccordin" to the &O#IT 4 Implement!tion uide?

A We!k enterprise risk m!n!"ement

# IT -ud"et committed to infr!structure

& O%erly optimistic "o!ls

( #est pr!ctices !re copied !nd !re NOT !dopted

Ans*er: A

QUESTION NO: 13B

In ! EIT initi!ti%e it is uncle!r ho* the -usiness is "oin" to -e kept informed in respect of the

pro"ress Which &E t!sk is e+ecuted to keep the !ll units informed of pro"ress durin" )h!se .?

A )u-lish the key ch!llen"es !nd concerns in respect of the current st!te on the intr!net

# Identify key "o%ern!nce issues rel!ted to this Initi!ti%e !nd issue to !ll IT st!ff

& Identify the -enefits of the o%ern!nce Initi!ti%e !nd issue ! ne*sletter to the loc!loffice

( &re!te steerin" committees for rele%!nt p!rts of the Initi!ti%e

Ans*er: &

QUESTION NO: 135

The follo*in" o-ecti%e !nd !ction *ere defined for the EIT initi!ti%e: O-ecti%e:

RIdentific!tion of !ny outst!ndin" issues th!t *ill -rin" this )h!se to !n end Action: RTo try !nd

-rin" the em-eddin" of ! compli!nce culture in the loc!l office to ! close8 the IT 7!n!"er h!s

coll!ted the outst!ndin" *ork th!t h!s -een del!yed due to pockets of resist!nce to ch!n"e The

report is to -e p!ssed throu"h to the )roect re%ie* "roup for !ction Is this !ction !n

!ppropri!te )h!se / &E t!sk to !ddress O-ecti%e ?

A No8 -ec!use coll!tin" *ork unfinished due to resist!nce to ch!n"e is ! )h!se &E t!sk



# @es8 -ec!use !s this *ill pro%e the f!ilure of the mentorin" performed in ! pre%ious

)h!se

& No8 -ec!use coll!tin" *ork unfinished due to resist!nce to ch!n"e is ! )h!se 4 &E t!sk

( @es8 -ec!use ch!n"es c!n -e enforced -y loc!l Senior 7!n!"ement *hen necess!ry

Ans*er: (

QUESTION NO: 113

The follo*in" o-ecti%e !nd !ction *ere defined for the EIT initi!ti%e: O-ecti%e: REnsure the

impro%ements !re em-edded in the culture of the ;in!nci!l Ser%ices Or"!ni>!tion Action: RThe

IT 7!n!"er h!s decided to run !*!reness sessions !-out the &h!n"e 7!n!"ement process !nd

its !ssoci!ted -enefits for the ;in!nci!l Ser%ices Or"!ni>!tion Is this !ction !n !ppropri!te

)h!se / &E t!sk to !ddress O-ecti%e 1?

A @es8 -ec!use the !*!reness sessions *ill ensure !ll ch!n"e reuirements h!%e -een

!ddressed

# No8 -ec!use the runnin" of !*!reness sessions is ! )h!se &E t!sk

& @es8 -ec!use the !*!reness sessions *ill help to em-ed ne* *orkin" pr!ctices in the

;in!nci!l Ser%ices Or"!ni>!tion

( No8 -ec!use if the &h!n"e 7!n!"ement process is form!lly implemented then !*!reness

sessions !re unnecess!ry

Ans*er: &

QUESTION NO: 111

Which re!son is ! root c!use of resist!nce to ch!n"e?

A 'esist!nt to !ckno*led"e *e!knesses

# )riorities NOT !lloc!ted !ppropri!tely

& IT -ud"et !lre!dy committed to infr!structure

( &ontinu!l impro%ement NOT p!rt of the *orkin" culture

Ans*er: A

QUESTION NO: 11.

The follo*in" o-ecti%e !nd !ction *ere defined for the EIT initi!ti%e: O-ecti%e: RThe need to

keep the =e!d Office informed of issues Action: RThe IT 7!n!"er h!s decided to produce !n



esc!l!tion process th!t *ill ensure !ll issues !re r!ised directly *ith the =e!d Office Is this

!ction !n !ppropri!te )h!se / &E t!sk to !ddress O-ecti%e 6?

A No8 -ec!use issues should -e p!ssed to Intern!l Audit for resolution

# @es8 -ec!use !ll process ch!n"es should -e enforced -y =e!d Office Senior 7!n!"ement

to -rin" the current o%ern!nce Initi!ti%e to ! close

& @es8 -ec!use this !ppro!ch *ill ensure uick resolution of issues

( No8 -ec!use issues th!t c!n NOT -e resol%ed *ithin the loc!l office should -e sent to the

O%erse!s =e!d Office

Ans*er: &

QUESTION NO: 116

Which is ! success f!ctor th!t should help to resol%e the concern r!ised o%er the o%er!ll %!lue ofthe o%ern!nce Initi!ti%e?

A Seek to second ! compli!nce resource from the O%erse!s =e!d Office

# )roduce ! 'A m!tri+ for o%ern!nce rel!ted roles for the loc!l office

& Arr!n"e ! tr!inin" course for users of the ch!n"e process

( Issue ! compli!nce !rticle on the Intr!net site in -usiness terms

Ans*er: A

QUESTION NO: 11

Which re!son is ! root c!use for ! l!ck of Senior 7!n!"ement -uy2in to !n impro%ement

initi!ti%e !ccordin" to the &O#IT 4 Implement!tion uide?

A &ontinu!l impro%ement is NOT p!rt of the culture

# #est pr!ctices !re copied !nd !re NOT !dopted

& )oor perception of the credi-ility of the IT function

( H!ck of dedic!ted resources

Ans*er: &

QUESTION NO: 114

The follo*in" o-ecti%e !nd !ction *ere defined for the EIT initi!ti%e: O-ecti%e: RAdopt

*orkin" -eh!%iors to ensure the implement!tion is successful Action: RThe IT '& 7!n!"er

h!s held ! session *ith =' !nd !sked them to !dd st!nd!rd compli!nce responsi-ilities to !ll o-



descriptions !t the ;in!nci!l Ser%ices Or"!ni>!tion Is this !ction !n !ppropri!te )h!se / &E

t!sk to !ddress O-ecti%e .?

A No8 -ec!use once the o%ern!nce Initi!ti%e is complete then there is NO further

compli!nce reuirement

# @es8 -ec!use upd!ted o- descriptions *ill ensure the loc!l office *ill -e compli!nt *ith

!ll future reuirements from the O%erse!s =e!d Office

& @es8 -ec!use this *ill help to re*!rd those in%ol%ed in compli!nce initi!ti%es in the

;in!nci!l Ser%ices Or"!ni>!tion

( No8 -ec!use only !ffected o- descriptions should -e !mended to include compli!nce

responsi-ilities

Ans*er: (

QUESTION NO: 11/

Which !ction is ! success f!ctor th!t should help to resol%e the de2moti%!tion of the IT st!ff

*orkin" on the o%ern!nce Initi!ti%e?

A Or"!ni>e ! ro!d sho* *ith the #usiness 7!n!"ement2 'e%isitin" st!keholders

# )roduce ! 'A m!tri+ for o%ern!nce rel!ted roles for the loc!l office

& Arr!n"e ! tr!inin" course for users of the ch!n"e process

( Ensure !ll resources !<e full time !nd dedic!ted to the o%ern!nce Initi!ti%e

Ans*er: A

QUESTION NO: 110

Which !ction is ! success f!ctor th!t should help to resol%e the l!ck of t!ke up of the ch!n"e

m!n!"ement process?

A Ensure !ll resources !re full time !nd dedic!ted to the o%ern!nce Initi!ti%e

# Arr!n"e ! tr!inin" course for users of the ch!n"e process

& O-t!in compli!nce input from the O%erse!s =e!d Office !uditors

( )roduce ! 'A m!tri+ for o%ern!nce rel!ted roles for the loc!l office

Ans*er: #

QUESTION NO: 11B



Which re!son is ! root c!use of the difficulty in underst!ndin" &O#IT 4 !nd !ssoci!ted

fr!me*orks8 procedures !nd pr!ctices?

A H!ck of -usiness underst!ndin" of IT issues

# H!ck of kno*led"e

& Insufficient dedic!ted resources

( NOT enou"h consider!tion of ho* they do thin"s !t the or"!ni>!tion

Ans*er: #

QUESTION NO: 115

Which !ction is ! success f!ctor should help resol%e the in!-ility to "!in support from the loc!l

office<s -usiness m!n!"ement8 !ccordin" to the &O#IT 4 Implement!tion uide?

A Set up ! re"ul!r &ompli!nce forum *hich includes mem-ers of -oth loc!l !nd O%erse!s

#usiness 7!n!"ement !nd loc!l IT 7!n!"ement

# Only implement impro%ements th!t !dd %!lue to the loc!l office

& )roduce ! 'A m!tri+ for o%ern!nce rel!ted roles for the loc!l office

( Ensure !ll resources !re full time !nd dedic!ted to the o%ern!nce Initi!ti%e

Ans*er: A

QUESTION NO: 1.3Which !ction is ! success f!ctor *hich should help resol%e the current l!ck of trust -et*een the

loc!l office IT function !nd #usiness 7!n!"ement8 !ccordin" to the &O#IT 4 Implement!tion

uide?

A )roduce ! pl!n of e+pected ch!n"es for the ye!r !he!d *hich t!ke !ccount of the

compli!nce reuirements

# Ensure !ll resources !re full time !nd dedic!ted to the o%ern!nce Initi!ti%e

& Only implement impro%ements th!t !dd %!lue to the loc!l office

( Educ!te the -usiness -y runnin" ! &O#IT 4 tr!inin" course

Ans*er: A

QUESTION NO: 1.1

Which re!son is ! root c!use of *hy the cost of the IT o%ern!nce Initi!ti%e !ppe!rs to e+ceed

!ny -enefit8 !ccordin" to the &O#IT 4 Implement!tion uide?



A There is poor communic!tion !-out the e+pected successes of the Initi!ti%e

# #ud"et funds h!%e !lre!dy -een spent on !nother initi!ti%e De"8 ! t!keo%erF !nd this is

seen !s ! further dr!in on resources

& There is ! perception th!t there is ! l!ck of reuired compli!nce skills

( A recent t!keo%er h!s left uncert!inty !nd the thre!t of further ch!n"es

Ans*er: #

QUESTION NO: 1..

Which !cti%ity is ! &ontinu!l Impro%ement t!sks performed durin" )h!se 1?

A '!ise loc!l 7!n!"ement<s !*!reness of the import!nce of the Initi!ti%e

# '!ise !*!reness of compli!nce issues *ith the loc!l office& Underst!nd full imp!ct of the o%ern!nce Initi!ti%e

( Identify other proect dependencies such !s the Security !nd =' proects

Ans*er: &

QUESTION NO: 1.6

Which re!son is ! root c!use for ! l!ck of Senior 7!n!"ement -uy2in to !n impro%ement

initi!ti%e !ccordin" to the &O#IT 4 Implement!tion uide?

A &ontinu!l impro%ement is NOT p!rt of the culture

# H!ck of dedic!ted resources

& )oor perception of the credi-ility of the IT function

( #est pr!ctices !<e copied !nd !re NOT !dopted

Ans*er: &

QUESTION NO: 1.

Identify the missin" *ordDsF in the follo*in" sentence: )rocess J ? K is ! process !ttri-ute for !

)redict!-le process

A !ssessment

# me!surement

& inno%!tion

( perform!nce m!n!"ement



Ans*er: #

QUESTION NO: 1.4

Wh!t is the purpose of the )rocess 'eference 7odel?

A To -e the -!sis for the process dimension *hich outlines the structure of the 60 &O#IT

processes

# To -e the -!sis for the process dimension *hich "i%es the specific process references on

e!ch le%el

& To cont!in the "eneric !ttri-utes for the le%els t*o8 three8 four !nd fi%e

( To -e the -!sis for the c!p!-ility dimension *hich defines the r!tin" method to conform

to ISO1443

Ans*er: A

QUESTION NO: 1./

Wh!t c!p!-ility le%el is !n est!-lished process?

A He%el 6

# He%el 1

& He%el /

( He%el .

Ans*er: A

QUESTION NO: 1.0

Wh!t r!tin" le%el must ! process !tt!in in order to p!ss !n !ssessment?

A ;2;ully

# ) 2 )!rti!lly !nd or H 2 H!r"ely

& H 2 H!r"ely !nd or ;2 ;ully

( )2 )!rti!lly

Ans*er: &

QUESTION NO: 1.B



=o* !re eneric )r!ctices used in the )rocess Assessment 7odel D)A7F?

A To !ssess processes only !t le%el /

# To !ssess processes from le%els . to 4

& To !ssess process !t !ll le%els of the &!p!-ility 7odel

( To !ssess processes only !t le%el 1

Ans*er: #

QUESTION NO: 1.5

The )rocess 'eference 7odel cont!ins:

A 60 processes

# 10 IT o!ls !nd rel!ted 7etrics& .11 &ontrol O-ecti%es

( ;our dom!ins

Ans*er: A

QUESTION NO: 163

Which process cont!ins pr!ctices rel!ted to !ccess control mech!nisms De"8 "r!ntin" !ccess to

systemsF?

A A)316

# (SS34

& (SS3/

( (SS3.

Ans*er: &

QUESTION NO: 161

=o* *ould you r!te the follo*in" !chie%ement of !n !ttri-ute in ! "i%en process: RSome

e%idence of !n !ppro!ch c!n -e identified E%en thou"h not !ll !spects of the !chie%ement is

e%ident8 the m!ority D04F is !chie%ed

A ;ully

# None

& )!rtly



( H!r"ely

Ans*er: (

QUESTION NO: 16.

In ! process the !ttri-ute )rocess (efinition is l!r"ely !chie%ed !ll other !ttri-utes !re ;ully

!chie%ed Wh!t is the !deu!te r!tin" of the process?

A He%el 6

# He%el

& He%el 4

( He%el .

Ans*er: A

QUESTION NO: 166

In *hich step of the !ssessment process D!s defined in the Self Assessment uideF *ill the o!ls

&!sc!de -e used?

A 6 Step 'ecord !nd Summ!ries the &!p!-ility He%els

# Step 1 (ecide on process to !ssessscopin"

& Step 6 (etermine Whether &!p!-ility He%els . to 4 for the Selected )rocesses Are #ein"

Achie%ed( Step . (etermine Whether the Selected )rocess Is ! He%el 1 &!p!-

Ans*er: #

QUESTION NO: 16

As discussed in RSt!rtin" Off on the 'i"ht ;oot8 *hich !re! should risk !ssessments conducted

for fr!ud in%esti"!tions include:

A 7onet!ry risk

# 'e"ul!tory risk

& 'eput!tion!l risk

( All of the !-o%e

Ans*er: (



QUESTION NO: 164

Accordin" to Assur!nce th!t 7!tters -y Norm!n 7!rks8 *h!t percent!"e of &AEs !nd !udit

committee mem-ers see their prim!ry o- !s pro%idin" !ssur!nce in ! compli!nce en%ironment?

DThis !ns*er *ill -e found in the print or di"it!l edition of the m!"!>ine8 not the online %ersionF

A 46 percent

# 4 percent

& 65 percent

( 6/ percent

Ans*er: (

QUESTION NO: 16/In RUnr!%elin" the 'e"ul!tory Pnot8 !udit committee mem-er ;red Tellin" s!ys intern!l

!uditors need ! .3,B3 -!l!nce in focus on compli!nce8 *ith B3 percent focused on the history8

-!ck"round8 !nd culture th!t sp!*ned the underlyin" l!* !nd its implementin" re"ul!tions

A True

# ;!lse

Ans*er: #

QUESTION NO: 160

Accordin" to Unr!%elin" the 'e"ul!tory Pnot8 the Europe!n Union<s Sol%ency II (irecti%e

reuires comp!nies oper!tin" in the EU to VVVVVVVVVVV in order to reduce the risk of

insol%ency

A =!%e sufficient insur!nce

# =!%e !deu!te c!pit!l holdin"s

& &omply *ith !ll rele%!nt re"ul!tions

( ;ollo* intern!tion!l risk m!n!"ement st!nd!rds

Ans*er: #

QUESTION NO: 16B

Accordin" to RThe Wisdom of the &ro*d8 cro*d sourcin" is *idespre!d in intern!l !udit



A True

# ;!lse

Ans*er: #

QUESTION NO: 165

Accordin" to Ali"nin" the #usiness8 -y on!th!n N"!h8 procedures !re ! "uide to !chie%e

or"!ni>!tion!l o-ecti%es8 !nd should !li"n *ith o%er!ll str!"ety

A True

# ;!lse

Ans*er: A

QUESTION NO: 13

Accordin" to Ali"nin" the #usiness8 -y on!th!n N"!h8 red fl!"s rel!ted to fr!ud8 fin!nci!l

reportin" misst!tements8 !nd %!rious compli!nce errors often !ppe!r in or"!ni>!tions l!ckin"

cle!rly defined policies !nd procedures

A True

# ;!lse

Ans*er: A

QUESTION NO: 11

Accordin" to RUnr!%elin" the 'e"ul!tory Pnot8 -y 'ussell !ckson8 The IIACs Intern!tion!l

St!nd!rds for the )rofession!l )r!ctice of Intern!l Auditin" DSt!nd!rdsF reuire intern!l !uditors

to e%!lu!te risk e+posures rel!ted to Rcompli!nce *ith l!*s8 re"ul!tions8 policies8 procedures8

!nd contr!cts

A True

# ;!lse

Ans*er: A

QUESTION NO: 1.

Accordin" to RTools for IT o%ern!nce Assur!nce8 -y I!n S!nderson8 ho* does ISA&ACs



Inform!tion Systems Audit !nd Assur!nce St!nd!rds tre!t the topic of m!teri!lity?

A As principles2-!sed

# As risk2-!sed

& As control2-!sed

( As process2-!sed

Ans*er: &

QUESTION NO: 16

In RThe Wisdom of the &ro*d8 *h!t does !uthor &r!i" uillot cite !s one of the -i""est risks

!ssoci!ted *ith cro*d sourcin"?

A &onfidenti!lity -re!ches# 'eput!tion!l h!rm

& ;r!ud

( 7isinform!tion

Ans*er: A

QUESTION NO: 1

Accordin" to the .31.,.316 lo-!l ;r!ud 'eport8 !s cited in RSt!rtin" Off on the 'i"ht ;oot8

*h!t percent!"e of fr!ud is committed -y insiders8 *hen the perpetr!tor is kno*n?

A 06 percent

# /0 percent

& 6. percent

( .. percent

Ans*er: #

QUESTION NO: 14

In RTools for IT o%ern!nce Assur!nce8 *h!t is one of the -enefits of usin" &O#IT !s !

"o%ern!nce fr!me*ork?

A It is !li"ned *ith -est pr!ctices in the inform!tion systems field8 such !s the IT Infr!structure

Hi-r!ry !nd ISO,IE& .0333 st!nd!rds series D@our Ans*erF



# It is the -!sis for the IT controls m!nd!ted -y the re%ised &OSO Intern!l &ontrol2Inte"r!ted

;r!me*ork

& It is reuired for compli!nce *ith The IIACs st!nd!rd on IT "o%ern!nce DSt!nd!rd .113A.F

( It supersedes IT "o%ern!nce !nd !ssur!nce st!nd!rds8 includin" the IT Infr!structure Hi-r!ry

!nd ISO,IE& .0333 st!nd!rds series

Ans*er: A

QUESTION NO: 1/

Which of the follo*in" is identified in RThe Wisdom of the &ro*d !s one of the most popul!r

types of cro*d sourcin" !cti%ities?

A Assessin" enterprise risk

# ;r!ud in%esti"!tions& &ro*d fundin"

( All of the !-o%e

Ans*er: (

QUESTION NO: 10

In RTools for IT o%ern!nce Assur!nce8 *hich of the follo*in" is not ! *!y th!t the &O#IT 4

for Assur!nce "uid!nce c!n -e useful for intern!l !uditors:

A It !llo*s !uditors to "!in insi"ht into current -est pr!ctices on !ssur!nce

# It demonstr!tes ho* to use &O#IT 4 components !nd concepts for pl!nnin"8 performin"8 !nd

reportin" on IT !udit en"!"ements

& It %ie*s the role of !udit from ! %!lue2!dded perspecti%e th!t looks !t *hether the

or"!ni>!tion is deli%erin" the reuired -enefits defined -y st!keholders

( It pro%ides ! checklist of risks th!t !uditors must pro%ide co%er!"e for in their !udit pl!ns

Ans*er: (

QUESTION NO: 1B

In RSt!rtin" Off on the 'i"ht ;oot8 *h!t does !uthor Tr!%is W!ite !d%ise intern!l !uditors to

determine first *hen !ssessin" *hether !n !lle"!tion of *ron"doin" h!s merit?

A The compl!in!ntCs credi-ility !nd moti%es

# The ch!nnel throu"h *hich the compl!int *!s m!de



& The or"!ni>!tionCs policy *ith re"!rd to the !lle"ed m!lfe!s!nce

( The compl!in!ntCs le%el of !uthority in the or"!ni>!tion

Answer A

QUESTION NO: 15

!hich of the following is the most signicant concern in the management of IT#

a$ %a&ing technology wor& correctlyb$ eeping IT running

c$ eeping up to date with the latest solutionsd$ (upporting developers with tool&its

Answer )

QUESTION NO: 143

!hat is an essential attribute of successful performance management#

a$ *re+uently achieved targetsb$ (etting achievable golsc$ Threatening sanctions if targets are not metd$ %etrics dened and aproved by the sta&eholders

Answer



QUESTION NO: 141

!hich of the following is a common reason why IT pro-ects eceed budget

epectations or deadlines#

a$ /ost of IT specialistsb$ 0navailability of the lastest technologyc$ 0nderestimation of the e1ort re+uiredd$ 2ac& of automation of development tools

Answer /

QUESTION NO: 14.

!hich one of the following is a common problem encountered while trying to align

IT and the business#

a$ 0se of an eternal IT consultant for pro-ect managementb$ /ommunication gaps between the business and ITc$ Inade+uacy of problem management practicesd$ Rushing to develop too +uic&ly

Answer

QUESTION NO: 146

!hich of the following is a principle of IT 3overnance#



a$ Accountabilityb$ Reliabilityc$ Availabilityd$ 4robability

Answer

QUESTION NO: 14

!hich of one of these is a strategic ob-ective#

a$ elivering on time and budgetb$ 5ero faultsc$ eveloping systems in housed$ evising strategies to achieve stated goals

Answer

QUESTION NO: 144

!hich of the following is a potential benet of strategic alignment#

a$ /ost6e1ective administration and managementb$ 0se of the latest technologyc$ )eing rst to mar&etd$ elivery on time and within budget



Answer

QUESTION NO: 14/

!hich of the following is an important component of ris& management#

a$ Ta&ing no ris&sb$ /anceling any initiative that is ris&yc$ 0nderstanding the appetite for ris&sd$ 0sing old tried and testes systems

Answer

QUESTION NO: 140

!hich of the following represents an organi7ational perspective of a balanced

scorecard#

a$ A dashboardb$ A metricc$ A bonus schemed$ A costumer

Answer

QUESTION NO: 14B

!hich of the following is a characteristic of a control framewor&#



a$ (trict rulesb$ 4enalty for noncompliancec$ 4rocess orientationd$ %easurement system

Answer

QUESTION NO: 145

!hich of the following is a &ey benet of IT 3overnance#

a$ 2ower IT costsb$ Responsiveness of ITc$ 3reater use of technologyd$ Increased budget for IT pro-ects

Answer

QUESTION NO: 1/3

!hich of the following is the best way to use /8)IT#

a$ To improve all IT processb$ As a mandatory standardc$ As a guide for the business to maimi7e the benets of ITd$ To help prioriti7e which IT process to focus on

Answer



QUESTION NO: 1/1

How does the /8)IT *ramewor& help an organi7ation implement IT 3overnance#

a$ It contains ready6made wor& programs

b$ It provides policies and standards that can be mandatedc$ It provides good practice and guidanced$ It has controls that can be implemented as they are

Answer

QUESTION NO: 1/.

!hich of the following is a component of the /8)IT *ramewor&#

a$ 4oliciesb$ Audit 4rogramsc$ Implementation 3uidanced$ IT Resources

Answer

QUESTION NO: 1/6

!hat is a /ontrol 8b-ective#

a$ A metric to be achieved by implementing control procedures in a particularactivity

b$ A level of maturity to be achieved by implementing control procedures in aparticular activity

c$ A statement of the desired result on purpose to be achieved by implementingcontrol procedures in a particular activity

d$ A critical success factor to be achieved by implementing control proceduresin a particular activity



Answer

QUESTION NO: 1/

!hat tool within /8)IT helps the business and IT understand the business

re+uirements for information#

a$ Information /riteriab$ /ritical (uccess *actor

c$ /ontrol 8b-ectived$ %aturity %odel

Answer

QUESTION NO: 1/4 !hich of the following is a duciary re+uirement within the /8)IT Information

/riteria#

a$ (ecurityb$ Integrityc$ Availabilityd$ 8perational e1ectiveness

Answer

QUESTION NO: 1//



!hich of the following is a /8)IT security re+uirement#

a$ /omplianceb$ Availability

c$ Reliabilityd$ 9:ciency

Answer

QUESTION NO: 1/0!hich of the following is a /8)IT Information /riteria#

a$ *iduciaryb$ ;ualityc$ 91ectivenessd$ (ecurity

Answer

QUESTION NO: 1/B

!hat do ey 3oal Indicators <3Is$ measure#

a$ %aturity levelsb$ 4rocess performancec$ egree of controld$ The achievement of an ob-ective

Answer

QUESTION NO: 1/5

!hich of the following is a /8)IT IT Resource#



a$ atabaseb$ Infrastructurec$ 8perating (ystemd$ /ontractor

Answer

QUESTION NO: 103

!hich /8)IT IT Resource can be dened as the automated user systems and

manual procedures that process information#

a$ Applicationsb$ 4rocess

c$ (ystemsd$ Technology

Answer

QUESTION NO: 101

!hich of the following is a &ey feature of resource optimi7ation#

a$ Hiring low cost manpowerb$ Retaining hardware to minimi7e replacement costsc$ )uying only proven productsd$ 8ptimi7ing costs

Answer

QUESTION NO: 10.

%aturity %odels help organi7ations to

a$ %eet goals and ob-ectivesb$ 9valuate controlsc$ etermine the capability of the current processd$ ene performance measures



Answer

QUESTION NO: 106 How can /8)IT be used along with other international best practices and

standards, such as ITI2 and I(8 =>>??#

a$ To integrate the deployment of the re+uired standardsb$ As an implementation methodc$ To validate the appropriateness of the other standardd$ As another view of the same area to support an approach

Answer

QUESTION NO: 10

!hich framewor& is increasingly accepted as the standard response for generally

assessing IT controls#

a$ ITI2b$ /8)ITc$ I(8 =>>??d$ /%%

Answer

QUESTION NO: 104

!hich IT process within /8)IT should ensure timely denition of operational

re+uirements and service levels#

a$ AI=6Identify Automated (olutionsb$ 48=6ene a (trategic 4lanc$ (@6%anage third6party servicesd$ AI6evelop and maintain procedures



Answer

QUESTION NO: 10/

!hich part of the /8)IT toolset will help the business and IT understand how to

measure results#

a$ %anagement 3uidelinesb$ *ramewor&c$ /ontrol 8b-ectivesd$ IT 3overnance Implementation 3uide

Answer

QUESTION NO: 100

ey 4erformance Indicators are factors that

a$ Indentify &ey controlsb$ Identify &ey processc$ 4ositively inBuence the process outcomed$ *ocus on control practices

Answer

QUESTION NO: 10B

!hich level of maturity in the /8)IT processes is usually associated with a process

being "standardi7ed, documented and communicated"

a$ 2evel C 6 denedb$ 2evel @ 6 repeatablec$ 2evel 6 managedd$ 2evel = 6 initial

Answer



QUESTION NO: 105

!hich of the following is a stage in the /8)IT Audit 3uidelines structure#

a$ 4lanning and organi7ation

b$ %aturity modelingc$ (etting metricsd$ 9valuation

Answer

QUESTION NO: 1B3

/8)IT's denition of duciary re+uirements di1er from that of /8(8 in that /8)IT

epands the scope to include

a$ (ecurityb$ All informationc$ 8perationsd$ (ystems development

Answer

QUESTION NO: 1B1

/8)IT is a framewor& that focuses on

a$ How to do it rather than what needs to be achievedb$ !hat needs to be achieved rather than to do itc$ !hat needs to be organi7ed rather than what needs to achievedd$ !hat needs to be implemented rather than how measure it

Answer

QUESTION NO: 1B.

The /8)IT *ramewor& treats information as the result of the combined application

of IT Resources that are managed by



a$ Information /riteriab$ /ontrol 8b-ectivesc$ IT 4rocessd$ %etrics

Answer

QUESTION NO: 1B6

The /8(8 *ramewor& is a framewor& to help organi7ations establish and

determine

a$ Accounting standardsb$ Auditing standardsc$ Investment decisionsd$ The e1ectiveness of the internal controls

Answer

QUESTION NO: 1B

!hich of the following /8)IT IT 4rocesses addresses the need for "program and

pro-ect ris& assessment"#

a$ 48= 6 ene a strategic IT 4lanb$ 48D 6 %anage +ualityc$ 48? 6 Assess and manage IT ris&sd$ 48=E 6 %anage pro-ects

Answer

QUESTION NO: 1B4

!hich /8)IT resource provides benchmar&ing capabilities#

a$ /8)IT ;uic&start



b$ /8)IT (ecurity )aselinec$ IT 3overnance Implementation 3uided$ /8)IT 8nline

Answer

QUESTION NO: 1B/

The percentage of pro-ects completed on time and on budget is a /8)IT 3I#

a$ Trueb$ *alse

Answer

QUESTION NO: 1B0

!hich of the following aspects of /8)IT can be benchmar&ed in /8)IT 8nline#

a$ 0se of IT Resourcesb$ 0se of Information /riteriac$ 0se of 3Is and 4Is

d$ 0se of omains

Answer

QUESTION NO: 1BB

/8)IT ;uic&(tart is most useful for

a$ (enior managementb$ (mall and medium si7ed enterprises <(%9s$c$ Auditorsd$ /ontrol (pecialists

Answer

cobit - 188 questions

Documents