Home > CISA (Certified Information Systems Auditor) > Quizzes > CISA Domain 2: Governance and Management of IT
CISA Domain 2: Governance and Management of IT
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 23% Most missed: “Management’s control of information technology processes is best described as:”
CISA Domain 2: Governance and Management of IT
Time left 00:00
25 Questions

1. The Big Data Company is adjusting several position titles in its IT department to reflect industry standards. Included in the consideration are two individuals: The first is responsible for the overall relationships and data flows among the company’s internal and external information systems. The second is responsible for the overall health and management of systems containing information. Which two job titles are most appropriate for these two roles?
2. The best person or group to make risk treatment decisions is:
3. In a U.S. public company, a CIO will generally report the state of the organization’s IT function to:
4. An organization needs to hire an executive who will build a management program that considers threats and vulnerabilities. The best job title for this position is:
5. The ultimate responsibility for an organization’s cybersecurity program lies with:
6. What is the best approach to developing security controls in a new organization?
7. Two similar-sized organizations are merging. Paul will be the CIO of the new, combined organization. What is the greatest risk that may occur as a result of the merger?
8. Carole is a CISO in a new organization with a fledgling security program. Carole needs to identify and develop mechanisms to ensure desired outcomes in selected business processes. What is a common term used to define these mechanisms?
9. Key metrics showing the effectiveness of a risk management program would not include:
10. Which of the following statements is the best description for the purpose of performing risk management?
11. The scope of requirements of PCI-DSS is:
12. Which is the best party to make decisions about the configuration and function of business applications?
13. Which of the following would constitute an appropriate use of the Zachman enterprise framework?
14. The PCI-DSS is an example of:
15. The metric “percentage of systems with completed installation of advanced anti-malware” is best described as:
16. Which of the following is the best description of the COBIT framework?
17. The statement “Complete migration of flagship system to latest version of vendor-supplied software” is an example of:
18. In a typical risk management process, the best person(s) to make a risk treatment decision is:
19. One distinct disadvantage of the ISO 27001 standard is:
20. What are three factors that a risk manager might consider when developing an information security strategy?
21. What is the primary distinction between a network engineer and a telecom engineer?
22. The purpose of value delivery metrics is:
23. Jacqueline, an experienced CISO, is reading the findings in a recent risk assessment that describes deficiencies in the organization’s vulnerability management process. How would Jacqueline use the Business Model for Information Security (BMIS) to analyze the deficiency?
24. What is the best method for ensuring that an organization’s IT department achieves adequate business alignment?
25. Which of the following statements is true about controls in the Payment Card Industry Data Security Standard?