- (Exam Topic 3)
In which of the following system development life cycle (SDLC) phases should controls be incorporated into system specifications?
Correct Answer:
C
- (Exam Topic 3)
An organization automatically approves exceptions to security policies on a recurring basis. This practice is MOST likely the result of:
Correct Answer:
D
- (Exam Topic 3)
The PRIMARY objective of a risk identification process is to:
Correct Answer:
B
- (Exam Topic 2)
An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?
Correct Answer:
A
- (Exam Topic 3)
An organization's chief information officer (CIO) has proposed investing in a new. untested technology to take advantage of being first to market Senior management has concerns about the success of the project and has set a limit for expenditures before final approval. This conditional approval indicates the organization's risk:
Correct Answer:
B