What is generally not tracked in change management database

Assignment Help Computer Engineering
Reference no: EM131271985

Question 1
Of the following frameworks available from ISACA, which one governs IT investments?
Val IT
Risk IT
IT Assurance Framework

Question 2
Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs. Which one of the following is a tradeoff?
Operational impact
Security impact
User impact
Policy impact

Question 3
Applying controls to a system helps eliminate or reduce the risks. In many cases, the goal is not to eliminate the risk but to reduce the risk to an acceptable level. Why? Applying controls is a direct result of the risk assessment process combined with an analysis of ___________.
the benefits
the tradeoffs

Question 4
The governing process for managing risks and opportunities is the definition of:
NIST Internal Reports (NISTIR)
Consensus Audit Guidelines (CAG)
Generally Accepted Privacy Principles (GAPP)
Enterprise risk management (ERM)

Question 5
Analyzing potential threats requires the identification of all possible threats first. This is called __________.
threat identification
policy identification
risk identification
risk analysis

Question 6
During an IT audit, which of the following administrative safeguards needs to be tested and validated?
Assignment of responsibilities
Maintenance procedures
Rotation of duties
All of the above

Question 7
When performing a security assessment, using a framework such as NIST 800-15, which is generally the first step?
Target identification
Document review
Target analysis
Exploit and validate vulnerabilities

Question 8
What is generally not tracked in a change management database?
Operating system type
Cost of software
Hardware configuration
Access permissions

Question 9
What is an example of multifactor authentication?
A fingerprint reader
A smart card with a PIN
A password
An acceptable use policy

Question 10
Of the four elements of an audit finding, which one identifies the expected or desired state, which provides context for evaluating the evidence collected by the auditor and the subsequent procedures the auditor performs?

Question 11
For security controls, gap analysis involves comparing the present state of controls with a desired state of controls. At a minimum, common baseline security controls should be in place. Any gaps to various types of controls should be clearly documented, for example - "Business continuity management", which:
Defines the program to provide initial and ongoing security education across the organization.
Defines how staff will execute upon the policies, assign responsibilities, and promote accountability.
Prevents errors and unauthorized misuse of applications.
Provides methods to continue critical operations in spite of business interruptions.

Question 12
Which element does not constitute an audit finding?

Question 13
During an IT audit of a social networking site, the auditor finds that users do not have the option to opt out of a new program to share portions of users' profiles automatically. Which privacy principle is most affected?
Choice and consent
Monitoring and enforcement

Reference no: EM131271985

Constructing truth table of converter circuit

Construct the truth table of the converter circuit using character a , b, c and d (d represents Least Significant Bit) in order to denote the literals input of BCD. Use w, x

Lan based attacks

Discuss or describe one or more LAN based attacks (also known as layer 2 attacks or lower layer attacks) or share any additional thoughts you may have on the LAN based attac

How creative process is carried by information technologist

One of Sayers' analogies was illustrating the creative process in the context of a writer. Update the analogy and show how the creative process is carried out by an informat

What will be the values of h1 and h2

Consider two cache organizations both of them are using 32KB cache,32 bit physical address and 32B blocks. The 1st one is 2-way set associative cache, 2nd one is direct mapp

Explain a solution to this synchronization problem

There is a one-way bridge that could hold up to three cars. Cars arrive at one end of the bridge and exit the bridge at the other end. Traffic is allowed only in the one, av

State diagram to the design process

Whodunit would like your company to design a system to help them categorize, sort, store, and otherwise manipulate the thousands of artifacts they collect using your well-kn

Who has held the one-year position for the past four years

Although everything was fine five minutes ago, a secretary cannot get her computer to send a document to the printer. The document must be printed for the meeting her boss h

Make use of string class methods to solve the problem

create and develop a program that validates the value a user enters into a TextBox control to ensure that the entry is a valid telephone number. The application should accep


Write a Review

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd