Question 1

Which of the following is a poor network operations center (NOC) power practice?

Accepted Answer

A)  An uninterruptable power supply is used to protect systems from outage and surges. 
B)  An uninterruptable power supply is used to protect systems from varied power voltage. 
C)  Power and network cables are run along the back of machines along the floor to keep them out of the way. 
D)  Power and network cables are bundled up to racks suspended from the ceiling to keep them clean and visible. 
A)  An uninterruptable power supply is used to protect systems from outage and surges. 
B)  An uninterruptable power supply is used to protect systems from varied power voltage. 
C)  Power and network cables are run along the back of machines along the floor to keep them out of the way. 
D)  Power and network cables are bundled up to racks suspended from the ceiling to keep them clean and visible.

Question 2

Which of these access roles would you assign a graphic designer working on updating the internal corporate data dashboard to include key financial data?

Accepted Answer

A)  Administrator 
B)  Read-only 
C)  User 
D)  Creator 
A)  Administrator 
B)  Read-only 
C)  User 
D)  Creator

Question 3

IT governance frameworks define the criteria that a company uses for which aspects of IT governance? Select all that apply.

Accepted Answer

A)  Management 
B)  Monitoring 
C)  Objections 
D)  Implementation 
A)  Management 
B)  Monitoring 
C)  Objections 
D)  Implementation

Question 4

Which of the following plans are included in business continuity planning?

Accepted Answer

A)  Crisis reaction plans indicating who leads the organization's response 
B)  Plans for essential equipment to be protected or to have alternative equipment 
C)  Return to normal procedures that prescribe how to return to normal operations 
D)  All answer choices are correct 
A)  Crisis reaction plans indicating who leads the organization's response 
B)  Plans for essential equipment to be protected or to have alternative equipment 
C)  Return to normal procedures that prescribe how to return to normal operations 
D)  All answer choices are correct

Question 5

Google and Amazon have invested in off-site data centers, but other companies, like Apple and Netflix, do not. What is another way for these companies to reduce risk?

Accepted Answer

They can reduce risk

Question 6

When a company creates a disaster recovery (DR) plan, systems and data are categorized based on importance. Explain how and why a clothing store that conducts business at a storefront and online would categorize their customer facing website, retail point-of-sale, employee database, and accounting/payroll online software system.

Accepted Answer

The company would categorize its custome

Question 7

A user access review is an important yet tedious and time-consuming process. What kind of newer technology can be implemented to automate or semi-automate the process?

Accepted Answer

A)  Analytical automation 
B)  Machine learning algorithm 
C)  User access software 
D)  Dormancy software tools 
A)  Analytical automation 
B)  Machine learning algorithm 
C)  User access software 
D)  Dormancy software tools

Question 8

Which of the following are risks to physical IT equipment and systems?

Accepted Answer

A)  A natural disaster causing damage to systems and equipment may result in a disruption of business activities and financial losses. 
B)  An unauthorized user gaining access to physical equipment may result in theft, malicious attacks, fraud, or data breaches. 
C)  Failure to maintain facilities in accordance with laws and regulations may result in fines and reputational losses. 
D)  All answer choices are correct. 
A)  A natural disaster causing damage to systems and equipment may result in a disruption of business activities and financial losses. 
B)  An unauthorized user gaining access to physical equipment may result in theft, malicious attacks, fraud, or data breaches. 
C)  Failure to maintain facilities in accordance with laws and regulations may result in fines and reputational losses. 
D)  All answer choices are correct.

Question 9

Which type of backup copies only new or updated data every time?

Accepted Answer

A)  Hot backup 
B)  Full backup 
C)  Differential backup 
D)  Incremental backup 
A)  Hot backup 
B)  Full backup 
C)  Differential backup 
D)  Incremental backup

Question 10

How does a standardized change management process decrease risk?

Accepted Answer

A)  By controlling the identification of changes to a system 
B)  By controlling the implementation of changes to a system 
C)  By ensuring that changes are reviewed appropriately before being finalized 
D)  All answer choices are correct. 
A)  By controlling the identification of changes to a system 
B)  By controlling the implementation of changes to a system 
C)  By ensuring that changes are reviewed appropriately before being finalized 
D)  All answer choices are correct.

Question 11

Which of the following COBIT 2019 management IT objectives includes topics that would help an organization define project requirements, change management guidelines, and project execution plans?

Accepted Answer

A)  Align, Plan and Organize (APO) 
B)  Build, Acquire and Implement (BAI) 
C)  Deliver, Service and Support (DSS) 
D)  Monitor, Evaluate and Assess (ME
A)  
A)  Align, Plan and Organize (APO) 
B)  Build, Acquire and Implement (BAI) 
C)  Deliver, Service and Support (DSS) 
D)  Monitor, Evaluate and Assess (ME
A)

Question 12

Wade is tasked with evaluating and recommending improvements to the project management framework for his accounting firm. Which COBIT domain should he reference?

Accepted Answer

A)  Align, Plan and Organize (APO) 
B)  Build, Acquire and Implement (BAI) 
C)  Deliver, Service and Support (DSS) 
D)  Monitor, Evaluate, and Assess (ME
A)  
A)  Align, Plan and Organize (APO) 
B)  Build, Acquire and Implement (BAI) 
C)  Deliver, Service and Support (DSS) 
D)  Monitor, Evaluate, and Assess (ME
A)

Question 13

Enoch developed code in response to a request ticket submitted by Cody. Enoch tested his code in the sandbox and is ready for Cody to test the code to see if it meets his requirements. In what environment will Cody test the new code?

Accepted Answer

A)  Test environment 
B)  Model environment 
C)  Production environment 
D)  Live environment 
A)  Test environment 
B)  Model environment 
C)  Production environment 
D)  Live environment

Question 14

Which control activity related to physical security is managed by the data center manager?

Accepted Answer

A)  Eating and drinking is prohibited where IT equipment is stored. 
B)  Policies and procedures for maintaining physical equipment are documented. 
C)  Access to buildings is justified, authorized, logged, and monitored. 
D)  Inappropriate access to IT equipment is immediately revoked. 
A)  Eating and drinking is prohibited where IT equipment is stored. 
B)  Policies and procedures for maintaining physical equipment are documented. 
C)  Access to buildings is justified, authorized, logged, and monitored. 
D)  Inappropriate access to IT equipment is immediately revoked.

Question 15

Which statement about Information Technology (IT) is FALSE?

Accepted Answer

A)  IT includes the technology and processes involved with technology. 
B)  IT is concerned with both hardware and software. 
C)  IT includes controls for facility power and utilities. 
D)  IT includes systems for the processing and distribution of data. 
A)  IT includes the technology and processes involved with technology. 
B)  IT is concerned with both hardware and software. 
C)  IT includes controls for facility power and utilities. 
D)  IT includes systems for the processing and distribution of data.

Question 16

New users to a system are granted access through what formal process?

Accepted Answer

A)  User access provisioning 
B)  User authentication 
C)  User role assignment 
D)  User validation 
A)  User access provisioning 
B)  User authentication 
C)  User role assignment 
D)  User validation

Question 17

Which statement about user access provisioning request tickets is TRUE?

Accepted Answer

A)  Request tickets require the employee to explain why they need access to the system. 
B)  Request tickets require the user's direct supervisor's information. 
C)  Managers and system owners must review the request tickets. 
D)  All of these statements are true. 
A)  Request tickets require the employee to explain why they need access to the system. 
B)  Request tickets require the user's direct supervisor's information. 
C)  Managers and system owners must review the request tickets. 
D)  All of these statements are true.

Question 18

Disaster recovery planning involves categorizing systems and data based on importance to the business. Which of the following types of systems going down could have a detrimental impact on a business and should have a restoration plan that minimizes downtime to a few hours or less?

Accepted Answer

A)  Retail point of sale system 
B)  Employee benefits system 
C)  Customer service management system 
D)  Payroll system 
A)  Retail point of sale system 
B)  Employee benefits system 
C)  Customer service management system 
D)  Payroll system

Question 19

Which type of backup strategy copies all data created since the most recent full backup in its entirety every time?

Accepted Answer

A)  Hot backup 
B)  Full backup 
C)  Differential backup 
D)  Incremental backup 
A)  Hot backup 
B)  Full backup 
C)  Differential backup 
D)  Incremental backup

Question 20

How does a test environment reduce risk by ensuring that a developer does not make rogue changes to the production system?

Accepted Answer

The test environment where developers wr

Which of the following is a poor network operations center (NOC) power practice?

Which of these access roles would you assign a graphic designer working on updating the internal corporate data dashboard to include key financial data?

IT governance frameworks define the criteria that a company uses for which aspects of IT governance? Select all that apply.

Which of the following plans are included in business continuity planning?

Google and Amazon have invested in off-site data centers, but other companies, like Apple and Netflix, do not. What is another way for these companies to reduce risk?

A user access review is an important yet tedious and time-consuming process. What kind of newer technology can be implemented to automate or semi-automate the process?

Which of the following are risks to physical IT equipment and systems?

Which type of backup copies only new or updated data every time?

How does a standardized change management process decrease risk?

Which of the following COBIT 2019 management IT objectives includes topics that would help an organization define project requirements, change management guidelines, and project execution plans?

Wade is tasked with evaluating and recommending improvements to the project management framework for his accounting firm. Which COBIT domain should he reference?

Enoch developed code in response to a request ticket submitted by Cody. Enoch tested his code in the sandbox and is ready for Cody to test the code to see if it meets his requirements. In what environment will Cody test the new code?

Which control activity related to physical security is managed by the data center manager?

Which statement about Information Technology (IT) is FALSE?

New users to a system are granted access through what formal process?

Which statement about user access provisioning request tickets is TRUE?

Disaster recovery planning involves categorizing systems and data based on importance to the business. Which of the following types of systems going down could have a detrimental impact on a business and should have a restoration plan that minimizes downtime to a few hours or less?

Which type of backup strategy copies all data created since the most recent full backup in its entirety every time?

How does a test environment reduce risk by ensuring that a developer does not make rogue changes to the production system?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Fraud

Cybersecurity

Data Analytics

Data Visualization

Audit Assurance

Filters

Exam 14: Information Systems and Controls

Which of the following is a poor network operations center (NOC) power practice?

Which of these access roles would you assign a graphic designer working on updating the internal corporate data dashboard to include key financial data?

IT governance frameworks define the criteria that a company uses for which aspects of IT governance? Select all that apply.

Which of the following plans are included in business continuity planning?

Google and Amazon have invested in off-site data centers, but other companies, like Apple and Netflix, do not. What is another way for these companies to reduce risk?

A user access review is an important yet tedious and time-consuming process. What kind of newer technology can be implemented to automate or semi-automate the process?

Which of the following are risks to physical IT equipment and systems?

Which type of backup copies only new or updated data every time?

How does a standardized change management process decrease risk?

Which of the following COBIT 2019 management IT objectives includes topics that would help an organization define project requirements, change management guidelines, and project execution plans?

Wade is tasked with evaluating and recommending improvements to the project management framework for his accounting firm. Which COBIT domain should he reference?

Enoch developed code in response to a request ticket submitted by Cody. Enoch tested his code in the sandbox and is ready for Cody to test the code to see if it meets his requirements. In what environment will Cody test the new code?

Which control activity related to physical security is managed by the data center manager?

Which statement about Information Technology (IT) is FALSE?

New users to a system are granted access through what formal process?

Which statement about user access provisioning request tickets is TRUE?

Disaster recovery planning involves categorizing systems and data based on importance to the business. Which of the following types of systems going down could have a detrimental impact on a business and should have a restoration plan that minimizes downtime to a few hours or less?

Which type of backup strategy copies all data created since the most recent full backup in its entirety every time?

How does a test environment reduce risk by ensuring that a developer does not make rogue changes to the production system?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Fraud

Cybersecurity

Data Analytics

Data Visualization

Audit Assurance

Filters