Interested to Buy Any Domain ? << Click Here >> for more details...
A primary function of risk management is the identification
of cost-effective controls. In selecting appropriate
controls, which of the following methods is best to study
the effectiveness of adding various safeguards in reducing
vulnerabilities?
A. "What if" analysis
B. Traditional cost/benefit analysis
C. Screening analysis
D. A "back-of-the-envelope" analysis
- 1 Answers
- 4468 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Choice (A) is the correct answer. With the "what if"
analysis method, the effect of adding various safeguards
(and therefore reducing vulnerabilities) is tested to see
what difference each makes. Trade-offs can then be made
based on the cost of the safeguard and its benefit in terms
of reduced risk. Choice (B) is incorrect. In traditional
cost/benefit analysis, the cost is based on the purchase and
operating costs of safeguards. The benefit is calculated
based on an expected decrease in future losses. Choice (C)
is incorrect. Screening analysis can be used to concentrate
on the highest-risk areas. One method is to examine risks
with very severe consequences, such as a high dollar loss or
loss of life. Choice (D) is incorrect. With "back-of-the
envelope" analysis, a high-medium-low ranking can often
provide all the information needed. However, especially for
the selection of expensive safeguards or the analysis of
systems with unknown consequences, more in-depth analysis
may be warranted.
| Is This Answer Correct ? | 3 Yes | 0 No |
Large-scale systems development efforts: A. are not affected by the use of prototyping tools. B. can be carried out independent of other organizational practices. C. require that business requirements be defined before the project begins. D. require that project phases and deliverables be defined during the duration of the project.
Which of the following fire suppressant systems would an IS auditor expect to find when conducting an audit of an unmanned computer center? A. Carbon dioxide B. Halon C. Dry-pipe sprinkler D. Wet-pipe sprinkler
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.
Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.
A decrease in amplitude as a signal propagates along a transmission medium is known as: A. noise. B. crosstalk. C. attenuation. D. delay distortion.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced? A. Verifying production to customer orders B. Logging all customer orders in the ERP system C. Using hash totals in the order transmitting process D. Approving (production supervisor) orders prior to production
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.
An IS auditor, performing a review of an application?s controls, discovers a weakness in system software, which could materially impact the application. The IS auditor should: A. Disregard these control weaknesses as a system software review is beyond the scope of this review. B. Conduct a detailed system software review and report the control weaknesses. C. Include in the report a statement that the audit was limited to a review of the application?s controls. D. Review the system software controls as relevant and recommend a detailed system software review.
Cisco Certifications 
