Which is not a purpose of risk analysis?

• A.Support risk-based audit decisions.
• B.Assist the auditor in determining audit objectives.
• C.Assist the auditor in identifying risks and threats.
• D.Ensure absolute safety during the audit.

Comment: *

Name: *

Email: *

Verification: *

Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at rest?

• A.Use of asymmetric encryption
• B.Random key generation
• C.Short key length
• D.Use of symmetric encrypt

Comment: *

Name: *

Email: *

Verification: *

Which of the following ensures confidentiality of information sent over the internet?

• A.Digital signature
• B.Digital certificate
• C.Online Certificate Status Protocol
• D.Private key cryptosystem

Comment: *

Name: *

Email: *

Verification: *

Following an IS audit, which of the following types of risk would be MOST critical to communicate to key stakeholders?

• A.Inherent
• B.Audit
• C.Residual
• D.Control

Comment: *

Name: *

Email: *

Verification: *

In determining the acceptable time period for the resumption of critical business processes:

• A.only downtime costs need to be considered.
• B.recovery operations should be analyzed.
• C.both downtime costs and recovery costs need to be evaluated.
• D.indirect downtime costs should be ignored.

Comment: *

Name: *

Email: *

Verification: *