Master Isaca IT Risk Fundamentals Exam with Reliable Practice Questions
Upgrade to Premium
An enterprise has initiated a project to implement a risk-mitigating control. Which of the following would provide senior management with the MOST useful information on the project's status?
Correct : C
For senior management, a risk report provides the most useful information on the status of a project to implement a risk-mitigating control. Here's why:
Comprehensive Overview: A risk report offers a detailed overview of all identified risks, their current status, and the effectiveness of the controls in place. This comprehensive view is crucial for senior management to understand the progress and any remaining challenges.
Actionable Insights: Risk reports include actionable insights and recommendations, helping management make informed decisions about resource allocation, prioritizing efforts, and implementing further risk mitigation strategies.
Ongoing Monitoring: Regular risk reports allow for ongoing monitoring of the project's status, ensuring that any deviations from the planned risk mitigation activities are identified and addressed promptly.
Start a Discussions
Which of the following is the MAIN reason to include previously overlooked risk in a risk report?
Correct : A
Including previously overlooked risks in a risk report ensures the dashboard's completeness and comprehensiveness. Here's an explanation:
Comprehensive Risk Management: To achieve comprehensive risk management, it's essential to consider all potential risks, including those previously overlooked. This ensures that the risk dashboard reflects the true risk landscape of the organization.
Assurance of Completeness: Adding overlooked risks provides assurance to stakeholders that the risk management process is thorough and that no significant risks are ignored. This completeness is crucial for maintaining confidence in the organization's risk management efforts.
Start a Discussions
An enterprise that uses a two-factor authentication login method for accessing sensitive data has implemented which type of control?
Correct : A
An enterprise that uses a two-factor authentication login method for accessing sensitive data has implemented a preventive control. Here's why:
Preventive Control: This type of control is designed to prevent security incidents before they occur. Two-factor authentication (2FA) enhances security by requiring two forms of verification (e.g., a password and a mobile code) to access sensitive data. This prevents unauthorized access by ensuring that even if one authentication factor (like a password) is compromised, the second factor remains a barrier to entry.
Corrective Control: These controls come into play after an incident has occurred, aiming to correct or mitigate the impact. Examples include restoring data from backups or applying patches after a vulnerability is exploited. 2FA does not correct an incident but prevents it from happening.
Detective Control: These controls are designed to detect and alert about incidents when they happen. Examples include intrusion detection systems (IDS) and audit logs. 2FA is not about detection but about prevention.
Therefore, two-factor authentication is a preventive control.
Start a Discussions
Which of the following is the BEST control to prevent unauthorized user access in a remote work environment?
Correct : B
The best control to prevent unauthorized user access in a remote work environment is multi-factor authentication (MFA). Here's the explanation:
Read-Only User Privileges: While limiting user privileges to read-only can reduce the risk of unauthorized changes, it does not prevent unauthorized access entirely.
Multi-Factor Authentication (MFA): MFA requires users to provide two or more verification factors to gain access, making it significantly harder for unauthorized users to access systems, even if they obtain one of the factors (e.g., a password). This is particularly effective in a remote work environment where the risk of credential theft and unauthorized access is higher.
Monthly User Access Recertification: This involves periodically reviewing and validating user access rights. While important, it is a periodic check and does not provide immediate prevention of unauthorized access.
Therefore, MFA is the most effective control for preventing unauthorized user access in a remote work environment.
Start a Discussions
Which of the following is an example of a preventive control?
Correct : C
An example of a preventive control is data management checks on sensitive data processing procedures. Here's why:
File Integrity Monitoring (FIM) on Personal Database Stores: FIM is a detective control. It monitors changes to files and alerts administrators when unauthorized modifications occur.
Air Conditioning Systems with Excess Capacity to Permit Failure of Certain Components: This is an example of a contingency plan or redundancy, designed to ensure availability but not directly related to preventing security incidents.
Data Management Checks on Sensitive Data Processing Procedures: These checks are designed to ensure that data is processed correctly and securely from the start, preventing errors and unauthorized changes to sensitive data. This is a preventive measure as it aims to prevent issues before they occur.
Therefore, data management checks on sensitive data processing procedures are a preventive control.
Start a Discussions