The PRIMARY purpose of IT control status reporting is to:

• A.facilitate the comparison of the current and desired states.
• B.assist internal audit in evaluating and initiating remediation efforts.
• C.benchmark IT controls with Industry standards.
• D.ensure compliance with IT governance strategy.

Comment: *

Name: *

Email: *

Verification: *

An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:

• A.transfer
• B.acceptance
• C.mitigation
• D.avoidance

Comment: *

Name: *

Email: *

Verification: *

An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan.
Which of the following is the risk practitioner's BEST course of action?

• A.Update the risk register with the implemented risk mitigation actions.
• B.Revert the implemented mitigation measures until approval is obtained
• C.Validate the adequacy of the implemented risk mitigation measures.
• D.Report the observation to the chief risk officer (CRO).

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST concern associated with redundant data in an organization's inventory system?

• A.Data inconsistency
• B.Unnecessary data storage usage
• C.Poor access control
• D.Unnecessary costs of program changes

Comment: *

Name: *

Email: *

Verification: *

Which of the following test is BEST to map for confirming the effectiveness of the system access management process?

• A.user accounts to human resources (HR) records.
• B.user accounts to access requests.
• C.the vendor database to user accounts.
• D.access requests to user accounts.

Comment: *

Name: *

Email: *

Verification: *