An organization is planning to outsource its payroll function to an external service provider Which of the following should be the MOST important consideration when selecting the provider?

• A.Transparency of key performance indicators (KPIs)
• B.Disaster recovery plan (DRP) of the system
• C.Internal controls to ensure data privacy
• D.Right to audit the provider

Comment: *

Name: *

Email: *

Verification: *

John works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

• A.Activity duration estimates
• B.Activity cost estimates
• C.Risk management plan
• D.Schedule management plan
• E.Explanation:
  The activity duration estimates review is valuable in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

• A.Detective
• B.Corrective
• C.Preventative
• D.Recovery
• E.Explanation:
  An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPS for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. As IDS detects and gives warning when the violation of security policies of the enterprise occurs, it is a detective control.
• F.is incorrect. As IDS only detects the problem when it occurs and not prior of its occurrence, it is not preventive control. Answer: B is incorrect. These controls make effort to reduce the impact of a threat from problems discovered by detective controls.
  As IDS only detects but nt reduce the impact, hence it is not a corrective control.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST useful for measuring the existing risk management process against a desired state?

• A.Balanced scorecard
• B.Capability maturity model
• C.Risk management framework
• D.Risk scenario analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?

• A.Entitlement reviews
• B.Security log monitoring
• C.Role-based access controls
• D.User provisioning

Comment: *

Name: *

Email: *

Verification: *