The PRIMARY purpose of IT control status reporting is to:

• A.facilitate the comparison of the current and desired states.
• B.ensure compliance with IT governance strategy.
• C.benchmark IT controls with Industry standards.
• D.assist internal audit in evaluating and initiating remediation efforts.

Comment: *

Name: *

Email: *

Verification: *

Which of the following characteristics of risk controls answers the aspect about the control given below: "Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"

• A.Reliability
• B.Sustainability
• C.Consistency
• D.Distinct
• E.Explanation:
  Sustainability ensures that the control continues to function as expressed over the time and adopts as changes or new elements are introduced to the environment.

Comment: *

Name: *

Email: *

Verification: *

An organization moved its payroll system to a Software as a Service (SaaS) application. A new data privacy regulation stipulates that data can only be processed within the country where it is collected. Which of the following should be done FIRST when addressing this situation?

• A.Analyze data protection methods.
• B.Understand data flows.
• C.Include a right-to-audit clause.
• D.Implement strong access controls.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to quantify the likelihood of risk materialization?

• A.Compliance assessments
• B.Balanced scorecard
• C.Business impact analysis (BIA)
• D.Threat and vulnerability assessment

Comment: *

Name: *

Email: *

Verification: *

You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?

• A.Monitoring and recording unsuccessful logon attempts
• B.Forcing periodic password changes
• C.Using a challenge response system
• D.Providing access on a need-to-know basis
• E.Explanation:
  Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.

Comment: *

Name: *

Email: *

Verification: *