An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. On some processors the result saturates - once the maximum value is reached attempts to make it larger simply return the maximum result.
Question 867
A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:
Correct Answer: C
Explanation/Reference: Explanation: A redundancy check detects transmission errors by appending calculated bits onto the end of each segment of data. Incorrect answers: A. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the data. B. A parity check is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission. D. Check digits detect transposition and transcription errors.
Question 868
Which of the following is an example of audit risk?
Correct Answer: A
Question 869
Demonstrated support from which of the following roles in an organization has the MOST influence over information security governance?
Correct Answer: C
Information security governance is the subset of enterprise governance that provides strategic direction, ensures that objectives are achieved, manages risk appropriately, uses organizational resources responsibly, and monitors the success or failure of the enterprise security program. Information security governance is essential for ensuring that an organization's information assets are protected from internal and external threats, and that the organization complies with relevant laws and standards. Demonstrated support from which of the following roles in an organization has the most influence over information security governance? The answer is C, the board of directors. The board of directors is the highest governing body of an organization, responsible for overseeing its strategic direction, performance, and accountability. The board of directors sets the tone at the top for information security governance by: * Establishing a clear vision, mission, and values for information security * Approving and reviewing information security policies and standards * Allocating sufficient resources and budget for information security * Appointing and empowering a chief information security officer (CISO) or equivalent role * Holding management accountable for information security performance and compliance * Communicating and promoting information security awareness and culture The board of directors has the most influence over information security governance because it has the ultimate authority and responsibility for ensuring that information security is aligned with the organization's business objectives, risks, and stakeholder expectations. References: * 10: What is Information Security Governance? - RiskOptics - Reciprocity * 11: Information Security Governance and Risk Management | Moss Adams * 12: ISO/IEC 27014:2020 - Information security, cybersecurity and privacy ...
Question 870
Which of the following would BEST determine whether a post-implementation review (PIR) performed by the project management office (PMO) was effective?
Correct Answer: D
The best indicator of whether a PIR performed by the PMO was effective is whether project outcomes have been realized. Project outcomes are the benefits or value that a project delivers to its stakeholders, such as improved efficiency, quality, customer satisfaction, or revenue. A PIR should evaluate whether project outcomes have been achieved in accordance with project objectives, scope, budget, and schedule. The other options are not as good as project outcomes in determining the effectiveness of a PIR. Lessons learned are valuable inputs for improving future projects, but they do not measure whether project outcomes have been realized. Management approval of the PIR report is a sign of acceptance and support for the PIR findings and recommendations, but it does not reflect whether project outcomes have been achieved. The review performed by an external provider is a way of ensuring objectivity and independence for the PIR, but it does not guarantee whether project outcomes have been realized. References: CISA Review Manual (Digital Version), Chapter 3, Section 3.3
