Exam Bank Questions with complete Answers for Auditing IT Infrastructures Already Passed

Exam Bank Questions with complete Answers for Auditing IT Infrastructures Already Passed Communicate the results, Prevent misunderstanding of the results, and Facilitate follow-up corrective action. - Answers What is the purpose of the audit report? Executive Summary - Answers A concise yet informative review intended for senior level management or those with decision-making power. A single page or multiple pages - Answers An executive summary can be how long? Qualified Opinion - Answers The auditor notes one or more conditional exceptions were found. Unqualified Opinion - Answers The auditor found no discovered exceptions. Intro, Objective and Scope, Methodology, Finding, Recommendations, Action plan - Answers Components found in the final report as well as the executive summary. Criteria - Answers This provides the context for evaluating the evidence collected by the auditor and the subsequent procedures the auditor performs. Circumstance - Answers This identifies the situation within the IT environment that exists. Cause - Answers This identifies the reason for the gap between the circumstance and the criteria. Impact - Answers This identifies the effect or potential impact on the IT landscape based on the difference between the circumstance and the desired state. Introduction - Answers This provides the purpose and scope of the assessment. This includes the systems, personal, locations, and other details about the assessed environment. Approach - Answers This describes the methods taken. This includes those involved as part of the assessment and the techniques and tools use to collect information. System Characterization - Answers This provides details about the infrastructure systems. This includes the hardware, software, data, interfaces, and associated users. Threat Statement - Answers This is a complete outline of potential threat sources and associated activities. Summary - Answers This provides a concise review of the observations as well as risk levels. This may include any recommendations. High 1.0 - Answers The threat source is highly motivated and sufficiently capable and controls to prevent the vulnerability from being exercised and ineffective. Medium 0.5 - Answers The threat source is motivated and capable but controls are in place that may impede successful exercise of the vulnerability. Low 0.1 - Answers The threat source lacks motivation or capability or controls are in place to prevent or at least significantly impede the vulnerability from being exercised. Identified vulnerabilities with associated threats. - Answers The results of the assessment should include a paring of what? A brief description. - Answers For each pair, the report should include what for the threat and vulnerability? Management - Answers Lack of accountability can result in inadequate privacy protection as well as noncompliance with legislation. Notice - Answers If an individual cannot obtain the privacy policies, he or she may deny consent to use personal information. Choice and consent - Answers If consent is not obtained prior to collecting personal information the organization can suffer reputation risk and loss of customer trust. Collection - Answers Collecting more information than is needed can result in increased retention and security costs and introduces additional liability. Use and retention - Answers Personal information could be prematurely destroyed, resulting in information not being available to make important decisions. Access - Answers Individuals unable to access their information might not be able to correct inaccurate information. This could result in a negative decision being made about the individual, resulting in legal liability. Disclosure to third parties - Answers Providing data to third parties with inadequate controls could affect customer retention and result in identity theft. Security for privacy - Answers Inadequate security controls could result in the unauthorized use of privacy data, causing harm to the individual. Quality - Answers Basing business decisions on inaccurate personal information could result in lost profits. Monitoring and enforcement - Answers Customer satisfaction and retention might be jeopardized if customer inquiries or complaints are not adequately addressed as a result of an ineffective monitoring process. The flow of information to other countries - Answers Organizations that operate within a single country may still have to meet certain requirements based on? Respecting Intellectual Property Rights (IPRs) - Answers Organizations, regardless of size, depend on proprietary software and other intangible assets.