COBIT defines stakeholder value creation as which of the following?
COBIT defines stakeholder value creation as which of the following? A. Realization of benefits at a controlled resource cost while controlling risk B. Realization of benefits at an optimal resource cost while optimizing risk C. Realization of benefits at a reduced resource cost while mitigating risk
Who is responsible for the oversight of structures and mechanisms that drive enterprise governance of informat
Who is responsible for the oversight of structures and mechanisms that drive enterprise governance of information and technology (EGIT)? A. Individual business units B. External regulators C. The board Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-4/exploring-how-corporate-governance-codes-address-it-governance
When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical i
When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step? A. Determine the impact on the controls that were selected by the organization to respond to identified risks. B. Determine the impact on confidentiality, integrity and availability of the information system. C. Determine the impact […]
Which of the following approaches encompasses social engineering of staff, bypassing of physical access contro
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing? A. Blue team B. White box C. Gray box D. Red team Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach
An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month.
An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden? A. CSP can share all security reports with customers to streamline the process. B. CSP can schedule a call with each customer. C. CSP can […]
Policies and procedures shall be established, and supporting business processes and technical measures impleme
Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description? A. Operations Maintenance B. System Development Maintenance C. Equipment Maintenance D. System Maintenance Reference: https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf (2)
The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:
The PRIMARY objective of an audit initiation meeting with a cloud audit client is to: A. select the methodology of an audit. B. review requested evidence provided by the audit client. C. discuss the scope of the cloud audit. D. identify resource requirements of the cloud audit.
When a client’s business process changes, the CSP SLA should:
When a client’s business process changes, the CSP SLA should: A. be reviewed, but the SLA cannot be updated. B. not be reviewed, but the cloud contract should be cancelled immediately. C. not be reviewed as the SLA cannot be updated. D. be reviewed and updated if required. Reference: http://www.diva-portal.org/smash/get/diva2:1312384/FULLTEXT01.pdf
SAST testing is performed by:
SAST testing is performed by: A. scanning the application source code. B. scanning the application interface. C. scanning all infrastructure components. D. performing manual actions to gain control of the application. Explanation: SAST analyzes application code offline. SAST is generally a rules-based test that will scan software code for items such as credentials embedded into […]
Organizations maintain mappings between the different control frameworks they adopt to:
Organizations maintain mappings between the different control frameworks they adopt to: A. help identify controls with common assessment status. B. avoid duplication of work when assessing compliance. C. help identify controls with different assessment status. D. start a compliance assessment using latest assessment. Reference: https://www.isaca.org/resources/news-and-trends/industry-news/2019/employing-cobit-2019-for-enterprise-governance-strategy