An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program. Which of the following is MOST useful for this purpose?

• A.Capability maturity level
• B.Balanced scorecard
• C.Control self-assessment (CSA)
• D.Internal audit plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following IS processes provide indirect information?
Each correct answer represents a complete solution. Choose three.

• A.Post-implementation reviews of program changes
• B.Security log monitoring
• C.Problem management
• D.Recovery testing

Comment: *

Name: *

Email: *

Verification: *

You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?

• A.Technical requirement
• B.Project requirement
• C.Functional requirement
• D.Business requirement

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for discovering high-impact risk types?

• A.Qualitative risk analysis
• B.Delphi technique
• C.Failure modes and effects analysis
• D.Quantitative risk analysis

Correct Answer: C

Explanation/Reference:
Explanation:
Failure modes and effects analysis is used in discovering high-impact risk types.
FMEA:
Is one of the tools used within the Six Sigma methodology to design and implement a robust process

to:
- Identify failure modes
- Establish a risk priority so that corrective actions can be put in place to address and reduce the risk
- Helps in identifying and documenting where in the process the source of the failure impacts the (internal or external) customer
- Is used to determine failure modes and assess risk posed by the process and thus, to the enterprise as a whole' Incorrect Answers:
A, D: These two are the methods of analyzing risk, but not specifically for high-impact risk types. Hence is not the best answer.
B: Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a question: and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly.

Comment: *

Name: *

Email: *

Verification: *

Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

• A.Someone sees company's secret formula
• B.Someone makes unauthorized changes to a Web site
• C.An e-mail message is modified in transit
• D.A virus infects a file

Comment: *

Name: *

Email: *

Verification: *