training mcq Flashcards
(50 cards)
1
Q
- Which COBIT domain focuses on the execution of IT applications and support processes? a) Plan and Organize b) Acquire and Implement c) Deliver and Support d) Monitor and Evaluate
A
c) Deliver and Support
2
Q
- COBIT 5 is primarily categorized under which framework type? a) Architectures b) IT Service Management c) Governance d) HR Management
A
c) Governance
3
Q
- What does the COBIT principle “Meeting Stakeholder Needs” emphasize? a) Defines relationship between Governance and Management b) Translates stakeholder requirements into strategy c) Provides a simple architecture d) Aligns with latest governance views
A
b) Translates stakeholder requirements into strategy
4
Q
- Which COBIT resource category includes skill sets, certifications, and morale? a) Products b) People c) Partners d) Processes
A
b) People
5
Q
- What is the main focus of IT governance? a) IT executive compensation b) IT policy c) Security policy d) IT strategy
A
d) IT strategy
6
Q
- Which COBIT domain addresses the development of a maintenance plan for IT systems? a) Acquire and Implement b) Deliver and Support c) Monitor and Evaluate d) Plan and Organize
A
a) acquire and implement
7
Q
- Which of the following is NOT a general IT control? a) IT governance b) Business continuity and backup procedures c) Application-specific input controls d) Change management
A
c) application specific input controls
8
Q
- What is the primary purpose of substantive testing in IT audits? a) To assess control design only b) To substantiate audit assertions through detailed testing c) To perform walkthroughs d) To conduct interviews only
A
b) To substantiate audit assertions through detailed testing
9
Q
- Which COBIT principle is based on a holistic approach to enterprise IT governance? a) Stakeholder Value-driven b) Governance and Management c) Enabler Based d) All of the above
A
d) All of the above
10
Q
- What is the key difference between policies and principles according to COBIT 5? a) Principles provide detailed controls b) Policies express core values and provide detailed guidance c) Policies are designed to achieve stated purpose d) Principles provide regulatory requirements
A
c) Policies are designed to achieve stated purpose
11
Q
- COSO framework primarily focuses on: a) IT governance b) Enterprise risk management and internal control c) Disaster recovery d) IT service management
A
b) Enterprise risk management and internal control
12
Q
- Which COBIT domain includes monitoring IT performance and compliance? a) Plan and Organize b) Acquire and Implement c) Deliver and Support d) Monitor and Evaluate
A
d) Monitor and Evaluate
13
Q
- Which COSO component is critical for risk assessment? a) Control environment b) Risk assessment c) Control activities d) Information and communication
A
b) Risk assessment
14
Q
- COBIT’s “Plan and Organize” domain primarily deals with: a) IT strategy and tactics b) IT operations c) IT service delivery d) IT performance monitoring
A
. a) IT strategy and tactics
15
Q
- Which of the following is a key enabler in COBIT? a) Processes b) Organizational structures c) Culture, ethics, and behavior d) All of the above
A
d) All of the above
16
Q
- What is the primary objective of a Business Continuity Plan (BCP)? a) To eliminate all cyber threats b) To ensure uninterrupted availability of key business resources c) To promote unrestricted data sharing d) To recover data only
A
b) To ensure uninterrupted availability of key business resources
17
Q
- What is a Business Impact Analysis (BIA)? a) A process to eliminate vulnerabilities b) A process to identify events that could affect business continuity and their impact c) A method to test disaster recovery sites d) A financial audit process
A
b) A process to identify events that could affect business continuity and their impact
18
Q
- The critical recovery time period in BCP is: a) The time to complete the recovery b) The window within which processing must resume to avoid significant loss c) The time to notify stakeholders d) The time to backup data
A
. b) The window within which processing must resume to avoid significant loss
19
Q
- Which of the following costs are associated with IT outages? a) Lost transaction revenue b) Marketing costs c) Brand damage d) All of the above
A
d) All of the above
20
Q
- What is the first step in developing a Business Continuity Plan? a) Testing the plan b) Identifying business requirements c) Implementing recovery strategies d) Conducting risk assessment
A
. b) Identifying business requirements
21
Q
- Which is NOT a traditional phase in preparing a BCP? a) Business Impact Analysis b) Quantitative Risk Analysis c) Project Management and Initiation d) Disaster Recovery Testing
A
. b) Quantitative Risk Analysis
22
Q
- What is the focus of a Disaster Recovery Plan (DRP)? a) Recovery of damaged facilities and IT components to normal operations b) Crisis communication c) Employee evacuation d) Financial reporting
A
a) Recovery of damaged facilities and IT components to normal operations
23
Q
- What is the most critical factor in developing a DRP? a) Annual testing b) Management support c) Business impact analysis d) Participation from every department
A
c) Business impact analysis
24
Q
- Which type of test involves representatives from each department walking through the disaster recovery plan collectively? a) Structured walk-through test b) Simulation test c) Parallel test d) Full interruption test
A
a) Structured walk-through test
25
25. What does a typical risk ranking system include? a) Critical, Vital, Non-critical b) High, Medium, Low c) Urgent, Important, Optional d) None of the above
b) High, Medium, Low
26
26. What factors influence the selection of a recovery strategy? a) Criticality of business process b) Cost and security c) Time required to recover d) All of the above
d) All of the above
27
27. What is the purpose of testing and maintaining a BCP? a) To ensure the plan remains effective and up to date b) To eliminate all risks c) To avoid audits d) To reduce insurance premiums
a) To ensure the plan remains effective and up to date
28
28. Which of the following is NOT a component of a BCP? a) Business Impact Analysis b) Risk assessment c) Marketing plan d) Recovery strategies
c) Marketing plan
29
29. Which regulatory act requires organizations to have disaster recovery and business continuity plans? a) Sarbanes-Oxley Act b) HIPAA c) PCI DSS d) All of the above
d) All of the above
30
30. What is the typical planned performance duration for a continuity of operations plan (COOP)? a) 30 days b) 60 days c) 90 days d) Depends on disaster severity
d) Depends on disaster severity
31
31. What is the main purpose of monitoring in IT governance? a) To implement IT policies b) To ensure compliance and performance measurement c) To develop IT strategy d) To manage IT budgets
b) To ensure compliance and performance measurement
32
32. Which of the following is a key factor in IT acquisition? a) Vendor selection and contract management b) Employee training only c) Marketing strategy d) None of the above
a) Vendor selection and contract management
33
33. What is the role of security in IS planning? a) To protect information assets from threats b) To increase IT costs c) To reduce employee productivity d) To delay project execution
a) To protect information assets from threats
34
34. What type of control is concerned with physical and environmental safeguards? a) Application controls b) General IT controls c) Logical access controls d) Network controls
b) General IT controls
35
35. In IT audit, what technique involves following a transaction through the system to verify controls? a) Data analysis b) Walkthrough c) Sampling d) Interviewing
b) Walkthrough
36
36. What is a key benefit of COBIT framework adoption? a) Improved IT governance and alignment with business goals b) Increased IT complexity c) Reduced stakeholder involvement d) None of the above
a) Improved IT governance and alignment with business goals
37
37. Which of the following is NOT a COBIT domain? a) Plan and Organize b) Acquire and Implement c) Deliver and Support d) Risk and Compliance Management
d) Risk and Compliance Management
38
38. What is the purpose of IT acquisition controls? a) To ensure that IT solutions meet business needs and comply with policies b) To delay project delivery c) To increase costs d) To reduce IT staff involvement
. a) To ensure that IT solutions meet business needs and comply with policies
39
39. What is the primary goal of IT monitoring? a) To track IT performance and compliance with policies b) To reduce IT staff c) To increase IT spending d) To delay decision making
a) To track IT performance and compliance with policies
40
40. Which of the following is a key element of security management in IS planning? a) Risk assessment b) Marketing plans c) Financial audits d) Vendor contracts
. a) Risk assessment
41
41. What is the difference between BCP and DRP? a) BCP focuses on maintaining business functions; DRP focuses on IT recovery b) BCP is for IT only; DRP is for business only c) Both are the same d) DRP is broader than BCP
a) BCP focuses on maintaining business functions; DRP focuses on IT recovery
42
42. What is the role of internal auditors in BCP/DRP compliance? a) To test and ensure plans meet compliance requirements b) To develop the BCP c) To manage IT operations d) To write marketing materials
a) To test and ensure plans meet compliance requirements
43
43. Which of the following is a key step in BCP maintenance? a) Regular testing and updates b) Ignoring changes in business environment c) Avoiding training d) Reducing documentation
. a) Regular testing and updates
44
44. What is a recovery time objective (RTO)? a) The maximum tolerable downtime for a business process b) The time to notify management c) The time to backup data d) The time to hire new staff
a) The maximum tolerable downtime for a business process
45
45. What is a recovery point objective (RPO)? a) The maximum tolerable data loss measured in time b) The time to recover hardware c) The time to restore power d) The time to complete testing
a) The maximum tolerable data loss measured in time
46
46. Which of the following is NOT a type of disaster recovery test? a) Structured walk-through b) Simulation test c) Parallel test d) Marketing test
d) Marketing test
47
47. What is the key advantage of having geographically diverse disaster recovery sites? a) Increased resilience and business expansion options Ramesh Pudi, CISA&CIA Senior Administrative Officer/CDMA b) Increased costs only c) Reduced security d) None of the above
a) Increased resilience and business expansion options
48
48. What is the main focus of COSO’s internal control framework? a) Achieving effective and efficient operations, reliable financial reporting, and compliance with laws b) IT service management c) Marketing strategy d) Human resources management
a) Achieving effective and efficient operations, reliable financial reporting, and compliance with laws
49
49. What is the primary purpose of control activities in COSO? a) To ensure management directives are carried out b) To develop IT strategy c) To reduce costs d) To increase sales
. a) To ensure management directives are carried out
50
49. What is the primary purpose of control activities in COSO? a) To ensure management directives are carried out b) To develop IT strategy c) To reduce costs d) To increase sales
a) Access control mechanism
