CS Quiz, Due in 1 hour.....Need A+ grade

profileEs-d

Question 13

Of the following frameworks available from ISACA, which one governs IT investments?

[removed]

 

COBIT

[removed]

 

Val IT

[removed]

 

Risk IT

[removed]

 

IT Assurance Framework

 

Question 14

Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs. Which one of the following is a tradeoff?

[removed]

 

Operational impact

[removed]

 

Security impact

[removed]

 

User impact

[removed]

 

Policy impact

 

 

Question 15

Applying controls to a system helps eliminate or reduce the risks. In many cases, the goal is not to eliminate the risk but to reduce the risk to an acceptable level.  Why? Applying controls is a direct result of the risk assessment process combined with an analysis of ___________.

[removed]

 

the benefits

[removed]

 

management

[removed]

 

the tradeoffs

[removed]

 

resources

 

Question 16

The governing process for managing risks and opportunities is the definition of:

[removed]

 

NIST Internal Reports (NISTIR)

[removed]

 

Consensus Audit Guidelines (CAG)

[removed]

 

Generally Accepted Privacy Principles (GAPP)

[removed]

 

Enterprise risk management (ERM)

 

Question 17

Analyzing potential threats requires the identification of all possible threats first. This is called 
__________.

[removed]

 

threat identification

[removed]

 

policy identification

[removed]

 

risk identification

[removed]

 

risk analysis

 

Question 18

During an IT audit, which of the following administrative safeguards needs to be tested and validated?

[removed]

 

Assignment of responsibilities

[removed]

 

Maintenance procedures

[removed]

 

Rotation of duties

[removed]

 

All of the above

 

Question 19

When performing a security assessment, using a framework such as NIST 800-15, which is generally the first step?

[removed]

 

Target identification

[removed]

 

Document review

[removed]

 

Target analysis

[removed]

 

Exploit and validate vulnerabilities

 

Question 20

What is generally not tracked in a change management database?

[removed]

 

Operating system type

[removed]

 

Cost of software

[removed]

 

Hardware configuration

[removed]

 

Access permissions

 

Question 21

What is an example of multifactor authentication?

[removed]

 

A fingerprint reader

[removed]

 

A smart card with a PIN

[removed]

 

A password

[removed]

 

An acceptable use policy

 

 

Question 22

Of the four elements of an audit finding, which one identifies the expected or desired state, which provides context for evaluating the evidence collected by the auditor and the subsequent procedures the auditor performs?

[removed]

 

Criteria

[removed]

 

Circumstance

[removed]

 

Cause

[removed]

 

Impact

 

Question 23

For security controls, gap analysis involves comparing the present state of controls with a desired state of controls.  At a minimum, common baseline security controls should be in place. Any gaps to various types of controls should be clearly documented, for example - "Business continuity management", which:

[removed]

 

Defines the program to provide initial and ongoing security education across the organization.

[removed]

 

Defines how staff will execute upon the policies, assign responsibilities, and promote accountability.

[removed]

 

Prevents errors and unauthorized misuse of applications.

[removed]

 

Provides methods to continue critical operations in spite of business interruptions.

 

Question 24

Which element does not constitute an audit finding?

[removed]

 

Criteria

[removed]

 

Circumstance

[removed]

 

Summary

[removed]

 

Impact

 

Question 25

During an IT audit of a social networking site, the auditor finds that users do not have the option to opt out of a new program to share portions of users’ profiles automatically. Which privacy principle is most affected?

[removed]

 

Choice and consent

[removed]

 

Notice

[removed]

 

Monitoring and enforcement

[removed]

 

Quality

 

 

    • 10 years ago
    • 12
    Answer(1)

    Purchase the answer to view it

    blurred-text
    NOT RATED
    • attachment
      part_1.docx
    • attachment
      entire.docx