An organization is running servers with critical business applications that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization’s management to monitor the ongoing adequacy of the uninterrupted power supply (UPS)?

A. Duration and interval of the power outages
B. Business impact of server downtime
C. Number of servers supported by the UPS
D. Mean time to recover servers after failure

Which of the following is the MOST important consideration when deploying closed-circuit television (CCTV) systems that use wireless communication links to transmit images between cameras and a receiver?

A. Encryption of transmissions
B. Monitoring by security guards
C. Retention period of recordings
D. Strategic placement of cameras

Which of the following is the BEST detective control for a job scheduling process involving data transmission?

A. Metrics denoting the volume of monthly job failures are reported and reviewed by senior management.
B. Job failure alerts are automatically generated and routed to support personnel.
C. Jobs are scheduled and a log of this activity is retained for subsequent review.
D. Jobs are scheduled to be completed daily and data is transmitted using a secure File Transfer Protocol (FTP).

Which of the following should be performed FIRST when preparing to deploy a major upgrade to a critical online application?

A. Update the disaster recovery process.
B. Update the business impact analysis (BIA).
C. Test the rollback process.
D. Review data backup procedures.

Which of the following metrics would BEST measure the agility of an organization’s IT function?

A. Average time to turn strategic IT objectives into an agreed upon and approved initiative
B. Average number of learning and training hours per IT staff member
C. Frequency of security assessments against the most recent standards and guidelines
D. Percentage of staff with sufficient IT-related skills for the competency required of their roles.

An organization globally distributes a free phone application that includes a module to gather and report user information. The application includes a privacy notice alerting users to the data gathering. Which of the following presents the GREATEST risk?

A. The data gathering notice is available in only one language.
B. There is no framework to delete personal data.
C. There may be a backlash among users when the data gathering is revealed.
D. The data is not properly encrypted on the application server.

Which of the following is BEST for providing uninterrupted services?

A. Snapshots
B. Differential backup
C. Televaulting
D. Mirroring

Which of the following BEST enables timely detection of changes in the IT environment to support informed decision making by management?

A. Continuous monitoring
B. Sampling checks on high-risk areas
C. Change management reports
D. Established key risk indicators (KRIs)

Which of the following controls would BEST ensure that payroll system rate changes are valid?

A. Only a payroll department manager can input the new rate.
B. Rate changes require visual verification before acceptance.
C. Rate changes must be entered twice to ensure that they are entered correctly.
D. Rate changes are reported to and independently verified by a manager.

Which of the following is the MOST effective control for emergency changes to application programs?

A. Processing the change through change control with review of the change the following day
B. Keeping a sealed envelope containing a password that operators can use to make emergency changes
C. Periodically checking the application program libraries to detect whether unauthorized changes have been made
D. Preparing and approving program change forms before the changes are made