An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review?
A. Controls are implemented based on cost-benefit analysis.
B. The risk management framework is based on global standards.
C. The approval process for risk response is in place.
D. IT risk is presented in business terms.
- 1 Answers
- 6415 Views
- I also Faced
- E-Mail Answers
The correct answer is D.
A. Controls to mitigate risk must be implemented based on cost-benefit analysis; however, the cost-benefit analysis is effective only if risk is presented in business terms.
B. A risk management framework based on global standards helps in ensuring completeness; however, organizations must adapt it to suit specific business requirements.
C. Approvals for risk response come later in the process.
D. In order for risk management to be effective, it is necessary to align IT risk with business objectives. This can be done by adopting acceptable terminology that is understood by all, and the best way to achieve this is to present IT risk in business terms.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following procedures can a biometric system perform? A. Measure airborne contamination. B. Provide security over physical access. C. Monitor temperature and humidity levels. D. Detect hazardous electromagnetic fields in an area.
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
Good quality software is BEST achieved: A. through thorough testing. B. by finding and quickly correcting programming errors. C. determining the amount of testing by the available time and budget. D. by applying well-defined processes and structured reviews throughout the project.
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
In planning an audit, the MOST critical step is the identification of the:
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
Which of the following network topologies yields the GREATEST redundancy in the event of the failure of one node? A. Mesh B. Star C. Ring D. Bus
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
The MOST likely explanation for the use of applets in an Internet application is that: A. it is sent over the network from the server. B. the server does not run the program and the output is not sent over the network. C. they improve the performance of both the web server and network. D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine.
Cisco Certifications 
