An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

• A.Update the risk management framework
• B.Determine whether the board wants to comply with the regulation
• C.Assess the risk associated with the new regulation
• D.Request an action plan from the risk team

Comment: *

Name: *

Email: *

Verification: *

Which of the following outsourcing defines the performance objectives reached by negotiation between the user and the provider of a service, or between an outsourcer and an organization?

• A.Outsource
• B.Proposal
• C.Contract
• D.Service level Agreement (SLA)

Comment: *

Name: *

Email: *

Verification: *

An analysis of an organization s security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:

• A.the qualifications of developers to write secure code.
• B.compliance with the user testing process.
• C.the change management control framework.
• D.the incident response plan.

Comment: *

Name: *

Email: *

Verification: *

An enterprise's internal audit group has scheduled a control review of a payroll system project but has been told to wait until the system is implemented. Which of the following is the GREATEST risk associated with the delay?

• A.Continued dependency on compliant legacy systems
• B.Increased cost to mitigate deficiencies
• C.Lack of adherence to industry best practices
• D.delay in the development of new key performance indicators (KPIs)

Comment: *

Name: *

Email: *

Verification: *

Which types of project tends to have more well-understood risks?

• A.Operational work projects
• B.Recurrent projects
• C.State-of-art technology projects
• D.First-of-its kind technology projects

Comment: *

Name: *

Email: *

Verification: *