Which of the following events refer to loss of integrity? Each correct answer represents a complete solution. Choose three.
Correct Answer: B,C,D
Explanation/Reference: Explanation: Loss of integrity refers to the following types of losses: An e-mail message is modified in transit A virus infects a file Someone makes unauthorized changes to a Web site Incorrect Answers: A: Someone sees company's secret formula or password comes under loss of confidentiality.
Question 22
Which of the following would BEST mitigate an identified risk scenario?
Correct Answer: B
Question 23
What are the functions of the auditor while analyzing risk? Each correct answer represents a complete solution. Choose three.
Correct Answer: A,C,D
Section: Volume D Explanation: A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of: * Threats to various processes of organization. * Threats to physical and information assets. * Likelihood and frequency of occurrence from threat. * Impact on assets from threat and vulnerability. * Risk analysis allows the auditor to do the following tasks : * Threats to various processes of organization. * Threats to physical and information assets. * Likelihood and frequency of occurrence from threat. * Impact on assets from threat and vulnerability. * Risk analysis allows the auditor to do the following tasks : * Identify threats and vulnerabilities to the enterprise and its information system. * Provide information for evaluation of controls in audit planning. * Aids in determining audit objectives. * Supporting decision based on risks. Incorrect Answers: B: Auditors identify threats and vulnerability not only in the IT but the whole enterprise as well.
Question 24
The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:
Correct Answer: B
Question 25
You are the project manager of HFD project. You have identified several project risks. You have adopted alternatives to deal with these risks which do not attempt to reduce the probability of a risk event or its impacts. Which of the following response have you implemented?
Correct Answer: D
Section: Volume D Explanation: Contingent response strategy, also known as contingency planning, involves adopting alternatives to deal with the risks in case of their occurrence. Unlike the mitigation planning in which mitigation looks to reduce the probability of the risk and its impact, contingency planning doesn't necessarily attempt to reduce the probability of a risk event or its impacts. Contingency comes into action when the risk event actually occurs. Incorrect Answers: A: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active. * Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to accept the consequences of the risk. * Active acceptance is the second strategy and might include developing contingency plans and reserves to deal with risks. B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. The main control types are: * Managerial(e.g.,policies) * Technical (e.g., tools such as firewalls and intrusion detection systems) * Operational (e.g., procedures, separation of duties) * Preparedness activities C: Risk avoidance means to evade risk altogether, eliminate the cause of the risk event, or change the project plan to protect the project objectives from the risk event.
