Interested to Buy Any Domain ? << Click Here >> for more details...
The MAJOR advantage of the risk assessment approach over the
baseline approach to information security management is that
it ensures:
A. information assets are over protected.
B. a basic level of protection is applied regardless of
asset value.
C. appropriate levels of protection are applied to
information assets.
D. an equal proportion of resources are devoted to
protecting all information assets.
- 1 Answers
- 7658 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Full risk assessment determines the level of protection most
appropriate to a given level of risk, while the baseline
approach merely applies a standard set of protection
regardless of risk. There is a cost advantage in not over
protecting information. However, an even bigger advantage is
making sure that no information assets are over or under
protected. The risk assessment approach will ensure an
appropriate level of protection is applied commensurate with
the level of risk and asset value, and therefore, considers
asset value. The baseline approach allows more resources to
be directed towards the assets at greater risk rather than
equally directing resources to all assets.
| Is This Answer Correct ? | 5 Yes | 0 No |
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
After a full operational contingency test, the IS auditor performs a review of the recovery steps and concludes that the elapsed time until the technological environment and systems were actually functioning, exceeded the required critical recovery time. Which of the following should the auditor recommend? A. Perform an integral review of the recovery tasks. B. Broaden the processing capacity to gain recovery time. C. Make improvements in the facility's circulation structure. D. Increase the amount of human resources involved in the recovery.
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
Which of the following is the MOST reliable sender authentication method? A. Digital signatures B. Asymmetric cryptography C. Digital certificates D. Message authentication code
In a LAN environment, which of the following minimizes the risk of data corruption during transmission? A. Using end-to-end encryption for data communication B. Using separate conduits for electrical and data cables C. Using check sums for checking the corruption of data D. Connecting the terminals using a star topology
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in.TCP services.
An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.
The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.
An IS auditor, performing a review of an application?s controls, discovers a weakness in system software, which could materially impact the application. The IS auditor should: A. Disregard these control weaknesses as a system software review is beyond the scope of this review. B. Conduct a detailed system software review and report the control weaknesses. C. Include in the report a statement that the audit was limited to a review of the application?s controls. D. Review the system software controls as relevant and recommend a detailed system software review.
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Cisco Certifications 
