After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?

• A.Project management and progress reporting is combined in a project management office which is driven by external consultants.
• B.The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach.
• C.The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems.
• D.The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs.

Comment: *

Name: *

Email: *

Verification: *

An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?

• A.Design mitigating controls for the exceptions.
• B.Prioritize the risk and implement treatment options.
• C.Inform respective risk owners of the impact of exceptions.
• D.Report the noncompliance to the board of directors.

Comment: *

Name: *

Email: *

Verification: *

.Which of the following is the most fundamental step in preventing virus attacks?

• A.Adopting and communicating a comprehensive antivirus policy
• B.Implementing antivirus protection software on users' desktop computers
• C.Implementing antivirus content checking at all network-to-Internet gateways
• D.Inoculating systems with antivirus code

Comment: *

Name: *

Email: *

Verification: *

Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?

• A.Yes, because an IS auditor will evaluate the adequacy of the service bureau's plan and assist their company in implementing a complementary plan.
• B.Yes, because based on the plan, an IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract.
• C.No, because the backup to be provided should be specified adequately in the contract.
• D.No, because the service bureau's business continuity plan is proprietary information.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY objective of parallel testing an application is to confirm that:

• A.the results of calculations in the new system are as accurate as the old system.
• B.system response times in the new system are better than the old system.
• C.the costs of running the new system are the same as running the old system.
• D.new system processing times are similar to those of the old system.

Comment: *

Name: *

Email: *

Verification: *