Interested to Buy Any Domain ? << Click Here >> for more details...
With reference to the risk management process, which of the
following statements is correct?
A. Vulnerabilities can be exploited by a threat.
B. Vulnerabilities are events with the potential to cause
harm to IS resources.
C. Vulnerability exists because of threats associated with
use of information resources.
D. Lack of user knowledge is an example of a threat.
- 1 Answers
- 5431 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Vulnerabilities are characteristics of IS resources that can
be exploited with some harm resulting. Threats not
vulnerabilities are events with the potential to cause harm.
A threat occurs because of a vulnerability associated with
the use of information resources. Lack of user knowledge is
an example of a vulnerability.
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following is the basic objective of a control self-assessment program?
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
An organization is moving its application maintenance in-house from an outside source. Which of the following should be the main concern of an IS auditor? A. Regression testing B. Job scheduling C. User manuals D. Change control procedures
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
Cisco Certifications 
