Which of the following should be the PRIMARY focus of an IT risk awareness program?

• A.Cultivate long-term behavioral change
• B.Demonstrate regulatory compliance
• C.Ensure compliance with the organization's internal policies
• D.Communicate IT risk policy to the participants

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to manage the risk associated with malicious activities performed by database administrators (DBAs)?

• A.Activity logging and monitoring
• B.Periodic access review
• C.Awareness training and background checks
• D.Two-factor authentication

Comment: *

Name: *

Email: *

Verification: *

An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?

• A.A cost-benefit analysis
• B.The risk management framework
• C.A roadmap of IT strategic planning
• D.The balanced scorecard

Comment: *

Name: *

Email: *

Verification: *

To which level the risk should be reduced to accomplish the objective of risk management?

• A.To a level where ALE is lower than SLE
• B.To a level where ARO equals SLE
• C.To a level that an organization can accept
• D.To a level that an organization can mitigate

Comment: *

Name: *

Email: *

Verification: *

The annualized loss expectancy (ALE) method of risk analysis:

• A.uses qualitative risk rankings such as low. medium and high.
• B.helps in calculating the expected cost of controls
• C.can be used m a cost-benefit analysts
• D.can be used to determine the indirect business impact.

Comment: *

Name: *

Email: *

Verification: *