Exam (elaborations)
CISA Domain 2 - Governance and Management of IT
- Course
- Institution
CISA Domain 2 - Governance and Management of IT
[Show more]
Seller
Follow
gladyswaithira
Content preview
CISA Domain 2 - Governance andManagement of IT Question And Answers
A comprehensive and effective email policy should address the issues of
email structure, policy enforcement, monitoring and:
a. recovery
b. retention
c. rebuilding
d. reuse - -B - besides a good practice, laws and regulations may require
an organization to keep information that has an impact on the financial
statements. The prevalence of lawsuits in which email communication is
held in the same regard as the official form of classic paper makes the
retention policy of corporate email a necessity.
- A Critical Business function...
a. a function that relies on one or more other functions
b. a function that has the lowest ale
c. a function that costs the most money
d. a function that many other functions rely on which the BCP ensures
timely resumption of - -D.
- A policy references a supporting document that identifies the steps
required to approve access to data. This supporting document is...
a. report
b. procedure
c. guideline
d. brochure - -b. procedures are for how something will be approved
- A service level agreement defines the relationship between what two
parties
a. consultant and vendor
b. employee and consultant
c. employer and employee
d. organization and vendor - -d. a SLA defines the relationship between
the organization and vendor
- a systems administrator suggests to their manager that they use a
subscription hot site in case of a disaster. Their manager informed them
that they cannot afford the expense of a subscription hot site. what should
they choose?
,a. cold site
b. boiling site
c. off site
d. backup site - -a. cold site
- A team conducting a risk analysis is having difficulty projecting the
financial losses that could result from a risk. To evaluate the potential
impact, the team should:
Select an answer:
A.
compute the amortization of the related assets.
B.
calculate a return on investment (ROI).
C.
apply a qualitative approach.
D.
spend the time needed to define the loss amount exactly. - -C - the
common practice when it is difficult to calculate the financial losses is to
take a qualitative approach, in which the manager affect by the risk
defines the impact in terms of a weighted factor (e.g. one is very low
impact to the business and 5 is a very high impact)
- After a control is put in place to mitigate a risk the resulting risk is
called ____
a. control gap
b. exposure factor
c. residual risk
d. mitigated risk - -c. residual risk - what's residual
- ALE (annual loss expectancy) 15k, ARO (annualized rate of occurrence
5, what's the single loss expectancy (SLO)
a. 3k
b. 75k
c. 5k
d. 20k - -a. 3k
- An auditor has established the risk and cost of an organizational loss.
After reviewing the report, management decides to respond by purchasing
insurance. this is an example of?
a. avoidance
b. mitigation
, c. transference
d. acceptance - -C.
- An auditor wants to see how an organization's risk management
program changes over time. What is the best approach to achieve this?
a. establish baselines
b. define and collect carefully chosen metrics
c. use risk management tools such as ArcSight
d. Follow an established risk management framework - -B. metrics can be
tracked on a dashboard
- An internal auditor is assisting the IT team in prioritizing their projects
for the next year. The auditor interviews users, administrators, and
managers in the IT department and records their recommendations based
upon their perceptions of risk. This is an example of what kind of approach
to risk analysis
a. qualitative
b. value based
c. accumulative
d. quantitative - -a. qualitative is more touchy feeling "on a scale of 1-10
which is more risky". Key word - perception of risk!
- An IT steering committee should:
a. include a mix of members from different departments and staff levels
b. ensure that IS security policies and procedures have been executed
properly
c. maintain minutes of its meetings and keep the board of directors
informed
d. be briefed about new trends and products at each meeting by a vendor
- -C - it is important to keep detailed IT steering committee minutes to
document the decisions and activities of the IT steering committee. The
board of directors should be informed about those decisions on a timely
basis
- An organization decides to discontinue the use of a software product
that has known security vulnerabilities. This is an example of...
a. risk mitigation
b. risk avoidance
c. risk assessment
d. threat reduction - -b. this is risk avoidance
- An organization determines that they are running a vulnerable web
server. Instead of patching the server they decide to put the service
behind an application firewall.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller gladyswaithira. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79035 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now