1. Following the principles and enablers of COBIT will enable organizations to better:

A. apply the systems development life cycle. B. address all elements of the C-I-A triad. C. focus on technical controls, since they are generally more important than physical and administrative controls. D. ensure that they address all categories of Brown's risk taxonomy.

2. Well-known enterprise resource planning systems include: (i) Oracle's PeopleSoft, (ii) SAP, (iii) Microsoft Excel.

A. I and II only B. I and III only C. II and III only D. I, II and III

8. According to COBIT 5, an organization's information technology governance and management should meet stakeholder needs. Which of the following best pairs a stakeholder with an information need?

A. vice president of finance, interest rates on newly acquired debt B. human resources manager, cost of conducting a new employee search C. Both vice president of finance, interest rates on newly acquired debt and human resources manager, cost of conducting a new employee search D. Neither vice president of finance, interest rates on newly acquired debt nor human resources manager, cost of conducting a new employee search

10. XBRL provides ___ for a company's financial information.

A. Context B. GAAP C. Both context and GAAP D. Neither context nor GAAP

11. A firewall is an example of which type of control?

A. Physical security B. Technical security C. Administrative security D. Enterprise security

12. STC Corporation's enterprise resource planning system contains a cash payments table, a cash receipts table and a cash table. The cash payments table is most likely to be part of which ERP module?

A. CRM B. HRM C. SCM D. Financial management

18. Consider the following examples of computer crime as you answer the question: i. Social Security numbers are stolen from a company's database. ii. A fraudster uses a computer to identify people over the age of 80 with annual incomes of $250,000 or more. iii. An employee receives threats from a co-worker via e-mail. iv. An unhappy customer launches a denial-of-service attack. Carter's taxonomy of computer crime comprises four categories. Which of the following statements is most true?

A. The list includes examples of all four categories. B. The list includes examples of all categories except associated. C. The list includes examples of all categories except target. D. The list includes examples of all categories except incidental.

19. STC Corporation's enterprise resource planning system contains a cash payments table, a cash receipts table and a cash table. Foreign keys in the cash payments table would include: (i) vendor ID, (ii) account number, (iii) cash payment date.

A. I and II only B. I and III only C. II and III only D. I, II and III