CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:
A) has all the personnel and equipment it needs.
B) plans are consistent with management strategy.
C) uses its equipment and personnel efficiently and effectively.
D) has sufficient excess capacity to respond to changing directions.
2. In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?
A) Optimized
B) Managed
C) Defined
D) Repeatable
3. To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
A) control self-assessments.
B) a business impact analysis.
C) an IT balanced scorecard.
D) business process reengineering.
4. When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
A) incorporates state of the art technology.
B) addresses the required operational controls.
C) articulates the IT mission and vision.
D) specifies project management practices.
5. When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
A) establishment of a review board.
B) creation of a security unit.
C) effective support of an executive sponsor.
D) selection of a security process owner.
A) has all the personnel and equipment it needs.
B) plans are consistent with management strategy.
C) uses its equipment and personnel efficiently and effectively.
D) has sufficient excess capacity to respond to changing directions.
2. In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?
A) Optimized
B) Managed
C) Defined
D) Repeatable
3. To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
A) control self-assessments.
B) a business impact analysis.
C) an IT balanced scorecard.
D) business process reengineering.
4. When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
A) incorporates state of the art technology.
B) addresses the required operational controls.
C) articulates the IT mission and vision.
D) specifies project management practices.
5. When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
A) establishment of a review board.
B) creation of a security unit.
C) effective support of an executive sponsor.
D) selection of a security process owner.
1. Right Answer: B
Explanation: Determining if the IS plan is consistent with management strategy relates IS/IT planning to business plans. Choices A, C and D are effective methods for determining the alignment of IS plans with business objectives and the organization's strategies.
2. Right Answer: B
Explanation: Boards of directors and executive management can use the information security governance maturity model to establish rankings for security in their organizations. The ranks are nonexistent, initial, repeatable, defined, managed and optimized. When the responsibilities for IT security in an organization are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed, it is said to be 'managed and measurable.'
3. Right Answer: C
Explanation: An IT balanced scorecard (BSC) provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate. Control self- assessment (CSA), business impact analysis (BIA) and business process reengineering (BPR) are insufficient to align IT with organizational objectives.
4. Right Answer: C
Explanation: The IT strategic plan must include a clear articulation of the IT mission and vision. The plan need not address the technology, operational controls or project management practices.
5. Right Answer: C
Explanation: The executive sponsor would be in charge of supporting the organization's strategic security program, and would aid in directing the organization's overall security management activities. Therefore, support by the executive level of management is the most critical success factor (CSF). None of the other choices are effective without visible sponsorship of top management.
Explanation: Determining if the IS plan is consistent with management strategy relates IS/IT planning to business plans. Choices A, C and D are effective methods for determining the alignment of IS plans with business objectives and the organization's strategies.
2. Right Answer: B
Explanation: Boards of directors and executive management can use the information security governance maturity model to establish rankings for security in their organizations. The ranks are nonexistent, initial, repeatable, defined, managed and optimized. When the responsibilities for IT security in an organization are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed, it is said to be 'managed and measurable.'
3. Right Answer: C
Explanation: An IT balanced scorecard (BSC) provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate. Control self- assessment (CSA), business impact analysis (BIA) and business process reengineering (BPR) are insufficient to align IT with organizational objectives.
4. Right Answer: C
Explanation: The IT strategic plan must include a clear articulation of the IT mission and vision. The plan need not address the technology, operational controls or project management practices.
5. Right Answer: C
Explanation: The executive sponsor would be in charge of supporting the organization's strategic security program, and would aid in directing the organization's overall security management activities. Therefore, support by the executive level of management is the most critical success factor (CSF). None of the other choices are effective without visible sponsorship of top management.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
