READ Free Dumps For Isaca- CISA
| Question ID 22455 | Which of the following is a mechanism for mitigating risks?
|
| Option A | Security and control practices
|
| Option B | Property and liability insurance
|
| Option C | Audit and certification
|
| Option D | Contracts and service level agreements (SLAs)
|
| Correct Answer | A |
Explanation Risks are mitigated by implementing appropriate security and control practices. Insurance is a mechanism for transferring risk. Audit and certification are mechanisms of risk assurance, while contracts and SLAs are mechanisms of risk allocation.
| Question ID 22456 | When developing a risk management program, what is the FIRST activity to be performed?
|
| Option A | Threat assessment
|
| Option B | Classification of data
|
| Option C | Inventory of assets
|
| Option D | Criticality analysis
|
| Correct Answer | C |
Explanation Identification of the assets to be protected is the first step in the development of a risk management program. A listing of the threats that can affect the performance of these assets and criticality analysis are later steps in the process. Data classification is required for defining access controls and in criticality analysis.