CISA Domain 2 Complete Practice Question, Exams of Business Administration

CISA Domain 2 Complete Practice Question

Typology: Exams

2024/2025

Available from 05/21/2025

locaz-turus-1
locaz-turus-1 🇺🇸

5

(1)

13K documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISA Domain 2 Complete
What does EGIT stand for? What is it's meaning? correct answer Enterprise Governance of
Information and Technology. It a system composed of stakeholders, board of directors,
department managers, and internal customers who provide input into the IT decision making
process.
What are the three broad processes in the EGIT framework are: correct answer 1. IT Resource
Management - Focuses on maintainng an updated inventory of all IT resources and addresses
the risk mgmt. process.
2. Performance Measurement - Ensure IT Processes bring value to the company.
3. Compliance Management
According to COBIT's perspective what is the difference between Governance and
Management? correct answer Governance - Ensures stakeholders needs, conditions and
options are evaluated to determine enterprise objectives. Performance is monitored based on
enterprise objectives.
Management - Plans activities according to the governance body. (Basically a step down, more
hands on approach).
T/F EGIT is apart of Governance? correct answer True
What does CSF stand for? correct answer Critical Success Factor
What are the terms of reference when auditing EGIT? correct answer 1. Scope of work to be
done.
2. IS Auditors right of information within the organization and TPSP.
3. Who to report EGIT issues to.
What is an Information Security Program? correct answer
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download CISA Domain 2 Complete Practice Question and more Exams Business Administration in PDF only on Docsity!

CISA Domain 2 Complete What does EGIT stand for? What is it's meaning? correct answer Enterprise Governance of Information and Technology. It a system composed of stakeholders, board of directors, department managers, and internal customers who provide input into the IT decision making process. What are the three broad processes in the EGIT framework are: correct answer 1. IT Resource Management - Focuses on maintainng an updated inventory of all IT resources and addresses the risk mgmt. process.

  1. Performance Measurement - Ensure IT Processes bring value to the company.
  2. Compliance Management According to COBIT's perspective what is the difference between Governance and Management? correct answer Governance - Ensures stakeholders needs, conditions and options are evaluated to determine enterprise objectives. Performance is monitored based on enterprise objectives. Management - Plans activities according to the governance body. (Basically a step down, more hands on approach). T/F EGIT is apart of Governance? correct answer True What does CSF stand for? correct answer Critical Success Factor What are the terms of reference when auditing EGIT? correct answer 1. Scope of work to be done.
  3. IS Auditors right of information within the organization and TPSP.
  4. Who to report EGIT issues to. What is an Information Security Program? correct answer

What is Strategic Planning from an IS standpoint? correct answer Defining long term direction of IT an enterprise wants to take to improve business processes. T/F: Strategic IS Planning involves considering, cost, benefit, and risk of implementing new technology. correct answer True What are some common uses of Business Intelligence? correct answer A) Legal Requirements, for businesses to understand what's occurring in there own business. B) Competitive advantage for Supply chain and other areas C) The increasing size and complexity of organizations. What are the two components which allow BI to operate effectively? correct answer A) The enterprise data flow architecture B) A logical data architecture What are the layers/components of EDFA? correct answer Enterprise Data Flow Architecture is composed of the following layers:

  1. Presentation/desktop access layer -
  2. Data source layer -
  3. Core data warehouse
  4. Data mart layer
  5. Data staging and quality layer
  6. Data access layer
  7. Data preparation layer
  8. Metadata repository layer
  9. Warehouse management layer
  10. Application messaging layer
  11. Internet/intranet layer

What is the internet/intranet layer? correct answer Basic Data Communications like browser based user interfaces and TCP/IP protocol networking What is a context diagram? correct answer A chart which outlines processes of an organization and external parties with which the organization interacts with. What is an activity or swim-lane diagram? correct answer Give concise overview of business processes. What is an entity relationship diagram? correct answer Diagram which depicts data entities and how they relate. What is the purpose of implementing a business/IT advisory team in the area of BI funding governance? correct answer To best ensure ROI and that areas are prioritized by need. Give some examples of EGIT frameworks. correct answer 1. COBIT

  1. International Organization of Standardization(ISO)/IEC
  2. Information Technology Infrastructure Library (ITIL)
  3. Open Information Security Management Maturity Model (O-ISM3)
  4. ISO/IEC Information Technology - Governance of IT for the Organization
  5. ISO/IEC 20000
  6. ISO 3100:2018 Risk management- Guidelines What is a data classification policy? correct answer Describes classifications, levels of controls at each classification and authorization rules for data. What is an end-user computing policy? correct answer Describes the usage of desktop, mobile computing and other tools by users.

T/F: A record of managements review for ISP's should be maintained. correct answer True Which group is more involved in implementation of IT Systems, the IT Steering Committee or IT Strategy Committee? correct answer IT Steering Committee What kind of personnel make up the IT Strategy Committee? correct answer Board members and specialists What personnel are apart of the IT Steering Committee? correct answer Executives and key advisors in IT, audit, legal, finance, etc. Who is primarily responsible for ensuring the Information Security Program is enforced? correct answer CISO How should IT Policies, Procedures, Programs, etc be driven? correct answer From the top- down. What does the ISSC stand for? correct answer Information Security Standards Commitee Which personnel make up the ISSC? correct answer C-level executive management and senior managers from IT, HR, Audit and Legal. Why are audit senior managers required to be apart of the ISSC? correct answer To ensure that that systems are auditable by ensuring logging and audit trails are in place. T/F: The IT Steering committee is involved in implementation of the Information Security Management Program. correct answer True

What are some methods to compensate for lack of SoD? correct answer 1. Audit Trails

  1. Reconciliation
  2. Exception reporting
  3. Transaction Logs
  4. Supervisory reviews
  5. Independent reviews What is EA and it's purpose? correct answer Enterprise Architecture allows companies to invest in technology most suitable according to goals and compliance. How to calculate risk? correct answer Probability of Occurence X Impact What are the steps of the Risk Management Process? correct answer Step 1: Asset Identification Step 2: Evaluation of Threats and Vulnerabilities to Assets Step 3: Evaluation of the Impact Step 4: Calculation of Risk Step 5: Evaluation of an Response to Risk What are the different types of controls? correct answer Preventive Detective Corrective Manual or Automated Formal or Ad Hoc What levels does IT Risk Management need to work on? correct answer Operational Level - Risk which affects the operation of IT Systems

Project Level - Focuses on project objective completion. Strategic Level - How well IT capability is aligned with the business strategy. What is a CMM? correct answer Capability Maturity Model. What would a 0 and a 5 be like according to the Capability Maturity Model? correct answer A 0 would have no capabilities would lack governance. A 5 is a process which achieved it's purpose, is well defined, and measured to improve performance. What does ERM stand for? correct answer Enterprise Risk Management What is IT Portfolio Management? correct answer Managing of IT Resources by analyzing cost and benefit, risk of IT processes, roles and organizaitonal structure of IT Processes. What is employee bonding? correct answer Document which states employee must work for a business for a certain amount of time. What should salary increases and promotions be based upon? correct answer Performance What is a chargeback scheme? correct answer Where the end user pays for services, allowing effectiveness and monitoring to be measured like in a marketplace. Who should be responsible for managing the Chargeback scheme? correct answer CFO, user management, and IS management. What is an offsite IT function? correct answer Function performed offsite but still in the same geographic region, also called nearshore. T/F: Performing an analysis of an organizations Outsourcing policy a potential part of an IS Auditor's role. correct answer True

What is cyclical checking? correct answer Cycles of data integrity checking of data held in a system. What is the difference between Relational integrity tests and Referential Integrity tests? correct answer Relational integrity tests check data values in a table ensuring accuracy. Referential integrity tests evaluate if the relationship between two objects in different databases is correct. What is Atomicity in Data Integrity checking? correct answer A transaction is either completed in entirety or not at all. What is Consistency in Data Integrity Checking? correct answer Integrity conditions in the database are maintained with each transaction. Data integrity checking throughout the table change process. What is Isolation in Data Integrity Checking? correct answer Each transaction is Isolated from other transactions. What is Durability in Data Integrity Checking? correct answer If a transaction has been reported back to a user as complete, hardware or software changes to the database will not effect the previous change. Why is generalized audit software for determining which application tests to use? correct answer They can be more accurate and thorough then a human. What does checking out do? correct answer Prevents or manages simultaneous code edits. What does checking in do? correct answer Allows for new data to be moved into controlled environment. The configuration manager will check out the item. This helps prevent simultaneous code edits since changes need to be approved by system architect.

What is configuration management correct answer Process of implementing a new system/product. While checking a short term plan what is most important for an IS Auditor to confirm? correct answer That IT and business personnel are working together to accomplish short term goals. What is governance all about? correct answer High level personnel Who is most responsible for IT governance? correct answer Directors What is first point of reference for an IS Auditor? correct answer Approved policies To ensure policies are complying with legal requirements what should an organization do? correct answer Have a periodic review of policy by a subject matter expert. Who has ownership over a project? correct answer User management Which group is most likely to accept/reject a RFP of a new system? correct answer Project Steering Committee