During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised? A. Authentication B. Identification C. Data validation D. Data integrity
When developing a business continuity plan (BCP), it is MOST important to: A. develop a multi-channel communication plan B. prioritize critical services to be restored C. identify a geographically dispersed disaster recovery site D. identify an alternative location to host operations
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario? A. Sammy is correct, because she is the project manager. B. Sammy is correct, because organizations can create risk scores for each objective of the project. C. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment. D. Harry is correct, because the risk probability and impact considers all objectives of the project.
Correct Answer: B
Explanation:
Explanation: Sammy She certainly can create an assessment for a risk event for time cost, and scope. It is probable that a risk event may have an effect on just one or more objectives so an assessment of the objective is acceptable.
Incorrect Answers:
A: Just because Sammy is the project manager, it is not necessary that she is right.
C: Harry is incorrect as there are multiple approaches to risk assessment for a project
D: Harry’s reasoning is flawed as each objective can be reviewed for the risk’s impact rather than the total project.
Which of the following methods involves the use of predictive or diagnostic analytical tool for exposing risk factors? A. Scenario analysis B. Sensitivity analysis C. Fault tree analysis D. Cause and effect analysis
Correct Answer: D
Explanation:
Explanation: Cause-and-effect analysis involves the use of predictive or diagnostic analytical tool for exploring the root causes or factors that contribute to positive or negative effects or outcomes. These tools also help in identifying potential risk.
Incorrect Answers:
A: This analysis is not a method for exposing risk factors. It is used for analyzing scenarios.
B: Sensitivity analysis is the quantitative risk analysis technique that:
Assist in determination of risk factors that have the most potential impact
Examines the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline values
C: Fault tree analysis (FIA) is a technique that provides a systematic description of the combination of possible occurrences in a system, which can result in an undesirable outcome. It combines hardware failures and human failures.
In which of the following conditions business units tend to point the finger at IT when projects are not delivered on time? A. Threat identification in project B. System failure C. Misalignment between real risk appetite and translation into policies D. Existence of a blame culture
Correct Answer: D
Explanation:
Explanation:
In a blame culture, business units tend to point the finger at IT when projects are not delivered on time or do not meet expectations. In doing so, they fail to realize how the business unit’s involvement up front affects project success. In extreme cases, the business unit may assign blame for a failure to meet the expectations that the unit never clearly communicated.
Incorrect Answers: A, B, C: These are not relevant to the pointing of finger at IT when projects are not delivered on time.
Which of the following serve as the authorization for a project to begin? A. Approval of project management plan B. Approval of a risk response document C. Approval of risk management document D. Approval of a project request document
Correct Answer: D
Explanation:
Explanation: Approval of a project initiation document (PID) or a project request document (PRD) is the authorization for a project to begin.
Incorrect Answers:
A: Project management plan is being made after the project is being authorized.
B: Risk response document comes under risk management process, hence the latter phase in project development process.
C: Risk management document is being prepared later after the project initiation, during the risk management plan. It has no scope during project initialization.
Which of the following business requirements MOST relates to the need for resilient business and information systems processes? A. Confidentiality B. Effectiveness C. Integrity D. Availability
Correct Answer: D
Explanation:
Explanation:
Availability relates to information being available when required by the business process in present as well as in future. Resilience is the ability to provide and maintain an acceptable level of service during disasters or when facing operational challenges. Hence they are most closely related.
Incorrect Answers:
A: Integrity relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. While the lack of system resilience can in some cases affect data integrity, resilience is more closely linked to the business information requirement of availability.
B: Confidentiality deals with the protection of sensitive information from unauthorized disclosure. While the lack of system resilience can in some cases affect data confidentiality, resilience is more closely linked to the business information requirement of availability.
C: Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner. While the lack of system resilience can in some cases affect effectiveness, resilience is more closely linked to the business information requirement of availability.
You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request? A. Add the change to the program scope herself, as she is a project manager B. Create a change request charter justifying the change request C. Document the change request in a change request form. D. Add the change request to the scope and complete integrated change control
Correct Answer: C
Explanation:
Explanation:
Change requests must be documented to be considered. Alice should create a change request form and follow the procedures of the change control system.
Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments? A. Return On Security Investment B. Total Cost of Ownership C. Return On Investment D. Redundant Array of Inexpensive Disks
Correct Answer: C
Explanation:
Explanation:
Return On Investment (ROI) is a performance measure used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.
The return on investment formula: ROI = (Gain from investment – Cost of investment) / Cost of investment
In the above formula “gains from investment”, refers to the proceeds obtained from selling the investment of interest.
Incorrect Answers: A, B: These options are not related to the measurement of efficiency of an investment.
D: RAID is described as a redundant array of inexpensive disks. It is a technology that allows computer users to achieve high levels of storage reliability from low-cost and less reliable PC-class disk-drive components, via the technique of arranging the devices into arrays for redundancy.
You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project? A. $ 2,160,000 B. $ 95,000 C. $ 108,000 D. $ 90,000
Correct Answer: C
Explanation:
Explanation:
The ALE of this project will be $ 108,000. Single Loss Expectancy is a term related to Quantitative Risk Assessment. It can be defined as the monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as follows: SLE = Asset value * Exposure factor
Therefore,
SLE = 200,000 * 0.45 = $ 90,000
As the loss is occurring once every month, therefore ARO is 12. Now ALE can be calculated as follows:
ALE = SLE * ARO = 90,000 * 12 = $ 108,000
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.