With reference to the risk management process, which of the
following statements is correct?
A. Vulnerabilities can be exploited by a threat.
B. Vulnerabilities are events with the potential to cause
harm to IS resources.
C. Vulnerability exists because of threats associated with
use of information resources.
D. Lack of user knowledge is an example of a threat.
- 1 Answers
- 4721 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Vulnerabilities are characteristics of IS resources that can
be exploited with some harm resulting. Threats not
vulnerabilities are events with the potential to cause harm.
A threat occurs because of a vulnerability associated with
the use of information resources. Lack of user knowledge is
an example of a vulnerability.
| Is This Answer Correct ? | 2 Yes | 0 No |
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
IT governance ensures that an organization aligns its IT strategy with: A. Enterprise objectives. B. IT objectives. C. Audit objectives. D. Finance objectives.
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
Which of the following should be included in an organization's IS security policy? A. A list of key IT resources to be secured B. The basis for access authorization C. Identity of sensitive security features D. Relevant software security features
Functionality is a characteristic associated with evaluating the quality of software products throughout their lifecycle, and is BEST described as the set of attributes that bear on the: A. existence of a set of functions and their specified properties. B. ability of the software to be transferred from one environment to another. C. capability of software to maintain its level of performance under stated conditions. D. relationship between the performance of the software and the amount of resources used.
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
An IS auditor, performing a review of an application?s controls, discovers a weakness in system software, which could materially impact the application. The IS auditor should: A. Disregard these control weaknesses as a system software review is beyond the scope of this review. B. Conduct a detailed system software review and report the control weaknesses. C. Include in the report a statement that the audit was limited to a review of the application?s controls. D. Review the system software controls as relevant and recommend a detailed system software review.
During a review of a customer master file an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication the IS auditor would use: A. test data to validate data input. B. test data to determine system sort capabilities. C. generalized audit software to search for address field duplications. D. generalized audit software to search for account field duplications.
52. Which of the following tests confirm that the new system can operate in its target environment?
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A. Built-in alternative routing B. Full system backup taken daily C. A repair contract with a service provider D. A duplicate machine alongside each server
If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack? A. Router configuration and rules B. Design of the internal network C. Updates to the router system software D. Audit testing and review techniques
Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer
Cisco Certifications 
