CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:
A) enterprise data model.
B) IT balanced scorecard (BSC).
C) IT organizational structure.
D) historical financial statements.
2. Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
A) Senior management is aware of critical information assets and demonstrates an adequate concern for their protection.
B) Job descriptions contain clear statements of accountability for information security.
C) In accordance with the degree of risk and business impact, there is adequate funding for security efforts.
D) No actual incidents have occurred that have caused a loss or a public embarrassment.
3. Which of the following is a risk of cross-training?
A) Increases the dependence on one employee
B) Does not assist in succession planning
C) One employee may know all parts of a system
D) Does not help in achieving a continuity of operations
4. Which of the following is normally a responsibility of the chief security officer (CSO)?
A) Periodically reviewing and evaluating the security policy
B) Executing user application and software testing and evaluation
C) Granting and revoking user access to IT resources
D) Approving access to data and applications
5. To support an organization's goals, an IS department should have:
A) a low-cost philosophy.
B) long- and short-range plans.
C) leading-edge technology.
D) plans to acquire new hardware and software.
A) enterprise data model.
B) IT balanced scorecard (BSC).
C) IT organizational structure.
D) historical financial statements.
2. Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
A) Senior management is aware of critical information assets and demonstrates an adequate concern for their protection.
B) Job descriptions contain clear statements of accountability for information security.
C) In accordance with the degree of risk and business impact, there is adequate funding for security efforts.
D) No actual incidents have occurred that have caused a loss or a public embarrassment.
3. Which of the following is a risk of cross-training?
A) Increases the dependence on one employee
B) Does not assist in succession planning
C) One employee may know all parts of a system
D) Does not help in achieving a continuity of operations
4. Which of the following is normally a responsibility of the chief security officer (CSO)?
A) Periodically reviewing and evaluating the security policy
B) Executing user application and software testing and evaluation
C) Granting and revoking user access to IT resources
D) Approving access to data and applications
5. To support an organization's goals, an IS department should have:
A) a low-cost philosophy.
B) long- and short-range plans.
C) leading-edge technology.
D) plans to acquire new hardware and software.
1. Right Answer: B
Explanation: The IT balanced scorecard (BSC) is a tool that provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate. An enterprise data model is a document defining the data structure of an organization and how data interrelate. It is useful, but it does not provide information on investments. The IT organizational structure provides an overview of the functional and reporting relationships in an IT entity. Historical financial statements do not provide information about planning and lack sufficient detail to enable one to fully understand management's activities regarding IT assets. Past costs do not necessarily reflect value, and assets such as data are not represented on the books of accounts.
2. Right Answer: B
Explanation: Inclusion in job descriptions of security responsibilities is a form of security training and helps ensure that staff and management are aware of their roles with respect to information security. The other three choices are not criterion for evaluating security awareness training. Awareness is a criterion for evaluating the importance that senior management attaches to information assets and their protection. Funding is a criterion that aids in evaluating whether security vulnerabilities are being addressed, while the number of incidents that have occurred is a criterion for evaluating the adequacy of the risk management program.
3. Right Answer: C
Explanation: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations.
4. Right Answer: A
Explanation: The role of a chief security officer (CSO) is to ensure that the corporate security policy and controls are adequate to prevent unauthorized access to the company assets, including data, programs and equipment. User application and other software testing and evaluation normally are the responsibility of the staff assigned to development and maintenance. Granting and revoking access to IT resources is usually a function of network or database administrators. Approval of access to data and applications is the duty of the data owner.
5. Right Answer: B
Explanation: To ensure its contribution to the realization of an organization's overall goals, the IS department should have long- and short-range plans that are consistent with the organization's broader plans for attaining its goals. Choices A and C are objectives, and plans would be needed to delineate how each of the objectives would be achieved. Choice D could be a part of the overall plan but would be required only if hardware or software is needed to achieve the organizational goals.
Explanation: The IT balanced scorecard (BSC) is a tool that provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate. An enterprise data model is a document defining the data structure of an organization and how data interrelate. It is useful, but it does not provide information on investments. The IT organizational structure provides an overview of the functional and reporting relationships in an IT entity. Historical financial statements do not provide information about planning and lack sufficient detail to enable one to fully understand management's activities regarding IT assets. Past costs do not necessarily reflect value, and assets such as data are not represented on the books of accounts.
2. Right Answer: B
Explanation: Inclusion in job descriptions of security responsibilities is a form of security training and helps ensure that staff and management are aware of their roles with respect to information security. The other three choices are not criterion for evaluating security awareness training. Awareness is a criterion for evaluating the importance that senior management attaches to information assets and their protection. Funding is a criterion that aids in evaluating whether security vulnerabilities are being addressed, while the number of incidents that have occurred is a criterion for evaluating the adequacy of the risk management program.
3. Right Answer: C
Explanation: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations.
4. Right Answer: A
Explanation: The role of a chief security officer (CSO) is to ensure that the corporate security policy and controls are adequate to prevent unauthorized access to the company assets, including data, programs and equipment. User application and other software testing and evaluation normally are the responsibility of the staff assigned to development and maintenance. Granting and revoking access to IT resources is usually a function of network or database administrators. Approval of access to data and applications is the duty of the data owner.
5. Right Answer: B
Explanation: To ensure its contribution to the realization of an organization's overall goals, the IS department should have long- and short-range plans that are consistent with the organization's broader plans for attaining its goals. Choices A and C are objectives, and plans would be needed to delineate how each of the objectives would be achieved. Choice D could be a part of the overall plan but would be required only if hardware or software is needed to achieve the organizational goals.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
