






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CISA Domain 2 Complete Practice Question
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!







CISA Domain 2 Complete What does EGIT stand for? What is it's meaning? correct answer Enterprise Governance of Information and Technology. It a system composed of stakeholders, board of directors, department managers, and internal customers who provide input into the IT decision making process. What are the three broad processes in the EGIT framework are: correct answer 1. IT Resource Management - Focuses on maintainng an updated inventory of all IT resources and addresses the risk mgmt. process.
What is Strategic Planning from an IS standpoint? correct answer Defining long term direction of IT an enterprise wants to take to improve business processes. T/F: Strategic IS Planning involves considering, cost, benefit, and risk of implementing new technology. correct answer True What are some common uses of Business Intelligence? correct answer A) Legal Requirements, for businesses to understand what's occurring in there own business. B) Competitive advantage for Supply chain and other areas C) The increasing size and complexity of organizations. What are the two components which allow BI to operate effectively? correct answer A) The enterprise data flow architecture B) A logical data architecture What are the layers/components of EDFA? correct answer Enterprise Data Flow Architecture is composed of the following layers:
What is the internet/intranet layer? correct answer Basic Data Communications like browser based user interfaces and TCP/IP protocol networking What is a context diagram? correct answer A chart which outlines processes of an organization and external parties with which the organization interacts with. What is an activity or swim-lane diagram? correct answer Give concise overview of business processes. What is an entity relationship diagram? correct answer Diagram which depicts data entities and how they relate. What is the purpose of implementing a business/IT advisory team in the area of BI funding governance? correct answer To best ensure ROI and that areas are prioritized by need. Give some examples of EGIT frameworks. correct answer 1. COBIT
T/F: A record of managements review for ISP's should be maintained. correct answer True Which group is more involved in implementation of IT Systems, the IT Steering Committee or IT Strategy Committee? correct answer IT Steering Committee What kind of personnel make up the IT Strategy Committee? correct answer Board members and specialists What personnel are apart of the IT Steering Committee? correct answer Executives and key advisors in IT, audit, legal, finance, etc. Who is primarily responsible for ensuring the Information Security Program is enforced? correct answer CISO How should IT Policies, Procedures, Programs, etc be driven? correct answer From the top- down. What does the ISSC stand for? correct answer Information Security Standards Commitee Which personnel make up the ISSC? correct answer C-level executive management and senior managers from IT, HR, Audit and Legal. Why are audit senior managers required to be apart of the ISSC? correct answer To ensure that that systems are auditable by ensuring logging and audit trails are in place. T/F: The IT Steering committee is involved in implementation of the Information Security Management Program. correct answer True
What are some methods to compensate for lack of SoD? correct answer 1. Audit Trails
Project Level - Focuses on project objective completion. Strategic Level - How well IT capability is aligned with the business strategy. What is a CMM? correct answer Capability Maturity Model. What would a 0 and a 5 be like according to the Capability Maturity Model? correct answer A 0 would have no capabilities would lack governance. A 5 is a process which achieved it's purpose, is well defined, and measured to improve performance. What does ERM stand for? correct answer Enterprise Risk Management What is IT Portfolio Management? correct answer Managing of IT Resources by analyzing cost and benefit, risk of IT processes, roles and organizaitonal structure of IT Processes. What is employee bonding? correct answer Document which states employee must work for a business for a certain amount of time. What should salary increases and promotions be based upon? correct answer Performance What is a chargeback scheme? correct answer Where the end user pays for services, allowing effectiveness and monitoring to be measured like in a marketplace. Who should be responsible for managing the Chargeback scheme? correct answer CFO, user management, and IS management. What is an offsite IT function? correct answer Function performed offsite but still in the same geographic region, also called nearshore. T/F: Performing an analysis of an organizations Outsourcing policy a potential part of an IS Auditor's role. correct answer True
What is cyclical checking? correct answer Cycles of data integrity checking of data held in a system. What is the difference between Relational integrity tests and Referential Integrity tests? correct answer Relational integrity tests check data values in a table ensuring accuracy. Referential integrity tests evaluate if the relationship between two objects in different databases is correct. What is Atomicity in Data Integrity checking? correct answer A transaction is either completed in entirety or not at all. What is Consistency in Data Integrity Checking? correct answer Integrity conditions in the database are maintained with each transaction. Data integrity checking throughout the table change process. What is Isolation in Data Integrity Checking? correct answer Each transaction is Isolated from other transactions. What is Durability in Data Integrity Checking? correct answer If a transaction has been reported back to a user as complete, hardware or software changes to the database will not effect the previous change. Why is generalized audit software for determining which application tests to use? correct answer They can be more accurate and thorough then a human. What does checking out do? correct answer Prevents or manages simultaneous code edits. What does checking in do? correct answer Allows for new data to be moved into controlled environment. The configuration manager will check out the item. This helps prevent simultaneous code edits since changes need to be approved by system architect.
What is configuration management correct answer Process of implementing a new system/product. While checking a short term plan what is most important for an IS Auditor to confirm? correct answer That IT and business personnel are working together to accomplish short term goals. What is governance all about? correct answer High level personnel Who is most responsible for IT governance? correct answer Directors What is first point of reference for an IS Auditor? correct answer Approved policies To ensure policies are complying with legal requirements what should an organization do? correct answer Have a periodic review of policy by a subject matter expert. Who has ownership over a project? correct answer User management Which group is most likely to accept/reject a RFP of a new system? correct answer Project Steering Committee