One of an organization's key IT systems cannot be patched because the patches interfere with critical business application functionalities. Which of the following would be the risk practitioner's BEST recommendation?

• A.The associated IT risk should be accepted by management.
• B.The system should not be used until the application is changed
• C.The organization's IT risk appetite should be adjusted.
• D.Additional mitigating controls should be identified.

Comment: *

Name: *

Email: *

Verification: *

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

• A.Control self-assessment (CSA)
• B.Vulnerability and threat analysis
• C.User acceptance testing (UAT)
• D.Control remediation planning

Comment: *

Name: *

Email: *

Verification: *

An organization is concerned that its employees may be unintentionally disclosing data through the use of social media sites. Which of the following will MOST effectively mitigate tins risk?

• A.Establishing a data classification policy
• B.Requiring the use of virtual private networks (VPNs)
• C.Conducting user awareness training
• D.Requiring employee agreement of the acceptable use policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be PRIMARILY considered while designing information systems controls?

• A.The IT strategic plan
• B.The existing IT environment
• C.The organizational strategic plan
• D.The present IT budget
• E.Explanation:
  Review of the enterprise's strategic plan is the first step in designing effective IS controls that
  would fit the enterprise's long-term plans.
• F.is incorrect. Review of the existing IT environment is also useful and necessary but is
  not the first step that needs to be undertaken.
• G.is incorrect. The present IT budget is just one of the components of the strategic plan.

Comment: *

Name: *

Email: *

Verification: *

When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

• A.Risk management strategy planning
• B.Risk monitoring and control
• C.Risk response planning
• D.Risk identification

Comment: *

Name: *

Email: *

Verification: *