GFACT CERTIFICATION FINAL TEST 2026
QUESTIONS WITH CORRECT ANSWERS
GRADED A+
◍ What is the primary objective of IT governance?.
Answer: Align IT strategy with business strategy
◍ What determines the depth and breadth of an audit?.
Answer: Audit scope
◍ CVSS (Common Vulnerability Scoring System).
Answer: The overall score assigned to a vulnerability. You must use the
NVD to find assigned CVSS scores. Assigning a numeric score to a
vulnerability (much like a trouble ticket system). You must use NVD to find
the assigned CVSS scores.
◍ Warmsite.
Answer: An environmentally conditioned workspace that is partially
equipped with information systems and telecommunications equipment to
support relocated operations in the event of a significant disruption.
◍ Demilitarized Zone (DMZ)/ Perimeter network.
Answer: Used to improve the security of an organizations network by
segregating devices, such as computers and server, on the opposite sides of a
firewall. (web server/email servers)
◍ Infrastructure.
Answer: Includes the physical or logical communication structures such as
IP or e-mail addresses, domain names, and others, employed by an
adversary to deliver a capability.
◍ A managed Switch.
, Answer: You can remote into and configure the switch
◍ What is the purpose of risk management in IT governance?.
Answer: Identify, assess, and mitigate IT-related risks
◍ Digital Transformation Process.
Answer: The integration of digital technologies into all areas of a business to
fundamentally change operations and deliver value.
◍ Corrective Controls.
Answer: controls that identify and correct problems as well as correct and
recover from the resulting errors. Ex: disciplinary action, report filing,
software patches or modifications, and new policies.
◍ What is an operational audit?.
Answer: Evaluating efficiency and effectiveness of operations
◍ Business Capacity Management (BCM).
Answer: The process of ensuring IT capacity aligns with current and future
business requirements.
◍ What metrics measure IT performance?.
Answer: ROI and ROTI
◍ What ensures IT operations follow laws and regulations?.
Answer: Compliance management
◍ Important Information.
Answer: Know to turn off ports not used!
◍ Nonrepudiation.
Answer: Ensures individuals cannot deny an action because a system
provides proof of the action.
◍ What score is required to pass the CISA exam?.
Answer: 450 on a scale of 200-800
◍ NVD (the National Vulnerability Database).
Answer: A database, maintained by NIST, that is fully synchronized with
, the CVE list.
◍ Victim.
Answer: A target against whom attacks are initiated, vulnerabilities are
exploited, or capabilities are used. It can be organizations, people, or assets,
such as target email or IP addresses, domains, and so on.wep
◍ How many domains are in the CISA exam?.
Answer: Five
◍ Network-Based Intrusion Prevention System (NIPS).
Answer: NIPS is usually situated between the network and the edge firewall.
◍ What framework is commonly used for IT governance?.
Answer: COBIT
◍ What is ITIL used for?.
Answer: IT service management (ITSM) and best practices
◍ Mobile Content Management (MCM).
Answer: Helps IT admins distribute content to authorized people in an easy
and secure way.
◍ What is continuous auditing?.
Answer: Using automated tools for ongoing control evaluation
◍ Service Capacity Management (SCM).
Answer: The monitoring and management of individual IT service
performance to ensure SLA compliance.
◍ What are CAATs?.
Answer: Computer-Assisted Audit Techniques used to analyze electronic
data
◍ What is an integrated audit?.
Answer: Combines financial, operational, and IT audits
◍ Business Impact Analysis (BIA).
Answer: A process that identifies critical business functions and quantifies
QUESTIONS WITH CORRECT ANSWERS
GRADED A+
◍ What is the primary objective of IT governance?.
Answer: Align IT strategy with business strategy
◍ What determines the depth and breadth of an audit?.
Answer: Audit scope
◍ CVSS (Common Vulnerability Scoring System).
Answer: The overall score assigned to a vulnerability. You must use the
NVD to find assigned CVSS scores. Assigning a numeric score to a
vulnerability (much like a trouble ticket system). You must use NVD to find
the assigned CVSS scores.
◍ Warmsite.
Answer: An environmentally conditioned workspace that is partially
equipped with information systems and telecommunications equipment to
support relocated operations in the event of a significant disruption.
◍ Demilitarized Zone (DMZ)/ Perimeter network.
Answer: Used to improve the security of an organizations network by
segregating devices, such as computers and server, on the opposite sides of a
firewall. (web server/email servers)
◍ Infrastructure.
Answer: Includes the physical or logical communication structures such as
IP or e-mail addresses, domain names, and others, employed by an
adversary to deliver a capability.
◍ A managed Switch.
, Answer: You can remote into and configure the switch
◍ What is the purpose of risk management in IT governance?.
Answer: Identify, assess, and mitigate IT-related risks
◍ Digital Transformation Process.
Answer: The integration of digital technologies into all areas of a business to
fundamentally change operations and deliver value.
◍ Corrective Controls.
Answer: controls that identify and correct problems as well as correct and
recover from the resulting errors. Ex: disciplinary action, report filing,
software patches or modifications, and new policies.
◍ What is an operational audit?.
Answer: Evaluating efficiency and effectiveness of operations
◍ Business Capacity Management (BCM).
Answer: The process of ensuring IT capacity aligns with current and future
business requirements.
◍ What metrics measure IT performance?.
Answer: ROI and ROTI
◍ What ensures IT operations follow laws and regulations?.
Answer: Compliance management
◍ Important Information.
Answer: Know to turn off ports not used!
◍ Nonrepudiation.
Answer: Ensures individuals cannot deny an action because a system
provides proof of the action.
◍ What score is required to pass the CISA exam?.
Answer: 450 on a scale of 200-800
◍ NVD (the National Vulnerability Database).
Answer: A database, maintained by NIST, that is fully synchronized with
, the CVE list.
◍ Victim.
Answer: A target against whom attacks are initiated, vulnerabilities are
exploited, or capabilities are used. It can be organizations, people, or assets,
such as target email or IP addresses, domains, and so on.wep
◍ How many domains are in the CISA exam?.
Answer: Five
◍ Network-Based Intrusion Prevention System (NIPS).
Answer: NIPS is usually situated between the network and the edge firewall.
◍ What framework is commonly used for IT governance?.
Answer: COBIT
◍ What is ITIL used for?.
Answer: IT service management (ITSM) and best practices
◍ Mobile Content Management (MCM).
Answer: Helps IT admins distribute content to authorized people in an easy
and secure way.
◍ What is continuous auditing?.
Answer: Using automated tools for ongoing control evaluation
◍ Service Capacity Management (SCM).
Answer: The monitoring and management of individual IT service
performance to ensure SLA compliance.
◍ What are CAATs?.
Answer: Computer-Assisted Audit Techniques used to analyze electronic
data
◍ What is an integrated audit?.
Answer: Combines financial, operational, and IT audits
◍ Business Impact Analysis (BIA).
Answer: A process that identifies critical business functions and quantifies
