A recent audit identified high-risk issues in a business unit though a previous control self-assessment (CSA) had good results. Which of the following is the MOST likely reason for the difference?

• A.The CSA was compliance-based, while the audit was risk-based.
• B.The CSA was not sample-based.
• C.The CSA did not test control effectiveness.
• D.The audit had a broader scope than the CSA.

Comment: *

Name: *

Email: *

Verification: *

In which of the following conditions business units tend to point the finger at IT when projects are not delivered on time?

• A.Threat identification in project
• B.System failure
• C.Misalignment between real risk appetite and translation into policies
• D.Existence of a blame culture

Comment: *

Name: *

Email: *

Verification: *

The FIRST step for a startup company when developing a disaster recovery plan should be to identify:

• A.current vulnerabilities
• B.a suitable alternate site
• C.recovery time objectives
• D.critical business processes

Comment: *

Name: *

Email: *

Verification: *

Which of the following roles is BEST suited to help a risk practitioner understand the impact of IT-related events on business objectives?

• A.Internal audit
• B.Senior management
• C.IT management
• D.Process owners

Comment: *

Name: *

Email: *

Verification: *

Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

• A.Someone sees company's secret formula
• B.Someone makes unauthorized changes to a Web site
• C.An e-mail message is modified in transit
• D.A virus infects a file

Correct Answer: B,C,D

Explanation/Reference:
Explanation:
Loss of integrity refers to the following types of losses:
An e-mail message is modified in transit A virus infects a file

Someone makes unauthorized changes to a Web site

Incorrect Answers:
A: Someone sees company's secret formula or password comes under loss of confidentiality.

Comment: *

Name: *

Email: *

Verification: *