Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 14: It Risk Analysis and Risk Management

Full screen (f)
exit full mode
Question
A given threat is usually associated with one risk
Use Space or
up arrow
down arrow
to flip the card.
Question
If assessed using the NIST 800-39 framework, the risk estimate is an accurate measure of the IT risk facing the organization
Question
In the NIST 800-39 framework, risk monitoring

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Question
Section 302 of the Sarbanes-Oxley act of 2002 specifies that

A) Penalties for non-compliance with the law
B) Attestations are made in accordance with PCAOB standards
C) Signing officers take personal responsibility for the reported financial statements
D) Privacy requirements for healthcare records
Question
The motivation for the passage of the Sarbanes-Oxley act was

A) Failure of Internet technologies
B) Denial of culpability by senior executives for falsification of records
C) To prevent stock market crashes
D) To recover retiree savings
Question
Section 404 of the Sarbanes-Oxley act of 2002 specifies that

A) The signing officer has reviewed financial statements
B) Penalties for non-compliance with the law
C) Privacy requirements for healthcare records have been followed
D) Attestations are made in accordance with PCAOB standards
Question
In the NIST 800-39 framework, risk response

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Question
The NIST risk management framework includes

A) Profits, losses
B) Agent, action, asset
C) Assets, threats, vulnerabilities, controls
D) Frame, assess, monitor, respond
Question
The management model that guides the ISO risk management methodology is

A) Toyota's Muda, Kaizen, Jidoka, Muri
B) Juran's planning, control, improvement
C) Shewart's mean, range, standard error
D) Deming's Plan-Do-Check-Act
Question
IT risk is

A) The risk associated with the use of IT in an organization
B) A quantified measure of the potential damage caused by a specified threat
C) IT resource or information that is to be protected
D) Weaknesses in an IT system that can lead to a compromise of an asset
Question
A certain risk has a 1% likelihood of occurrence in the coming year. If the risk is observed, the organization estimates a loss of $1million. The risk is then assessed as

A) 1%
B) $1,000,000
C) 1,000
D) $10,000
Question
The Sarbanes-Oxley act applies to

A) Internal control over financial reporting by publicly traded companies
B) Internal control over financial reporting by all financial entities
C) Privacy of healthcare information
D) External audits of publicly traded companies
Question
Risk is

A) A quantified measure of the potential damage caused by a specified threat
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset
Question
Risk is quantified by taking the product of

A) Hours and hourly rates
B) GDP and growth rate
C) Likelihood and magnitude
D) Risk frame and risk assessment
Question
As described in the text, a statement of a risk includes

A) Agent, threat, asset, damage
B) Agent, action, damage, threat
C) Agent, action, asset, damage
D) Threat, asset, action, damage
Question
In the NIST 800-39 framework, risk assessment

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Question
A certain risk has a 1% likelihood of occurrence in the coming year. If the risk is observed, the organization estimates a loss of $1million. A second risk has a 15% likelihood of occurrence in the coming year. If the second risk is observed, the organization estimates a loss of $100,000. Comparing the two risks

A) Risk 2 is greater than risk 1
B) Risk 1 is greater than risk 2
C) Risk 2 is equal to risk 1
D) Risk 2 is negligible
Question
The NIST risk-management framework is specified in the NIST document

A) 27002
B) 404
C) 800-39
D) 27000
Question
In the NIST 800-39 framework, the risk frame

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Question
Risk management is

A) A quantified measure of the potential damage caused by a specified threat
B) Managing the financial impacts of unusual events
C) Avoiding risks
D) Avoiding uncertainty
Question
The verification of IT general controls as part of a SOX audit follows a

A) Top-down procedure
B) Bottom-up procedure
C) Either of the above, depending upon the organization
D) Both the above, to ensure comprehensive coverage
Question
Internal controls over financial reporting involve all of the following except

A) A process
B) Supervision of the company's principal executives
C) Profit guidance
D) Maintenance of records
Question
Section 906 of the Sarbanes-Oxley act of 2002 specifies

A) Penalties for non-compliance with the law
B) That the signing officer has reviewed financial statements
C) Privacy requirements for healthcare records have been followed
D) That attestations are made in accordance with PCAOB standards
Question
IT general controls are controls that

A) Only affect non-financial systems such as email systems
B) Involve the most important financial applications
C) Are directly supervised by the organization's senior leadership
D) Involve the underlying IT systems which support financial applications
Question
The PCAOB created by the Sarbanes-Oxley act of 2002

A) Defines the format of annual financial reports
B) Oversees auditors and defines auditing standards
C) Performs independent audits of suspect firms
D) Regulates the stock market
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 14: It Risk Analysis and Risk Management
1
A given threat is usually associated with one risk
False
2
If assessed using the NIST 800-39 framework, the risk estimate is an accurate measure of the IT risk facing the organization
False
3
In the NIST 800-39 framework, risk monitoring

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
D
4
Section 302 of the Sarbanes-Oxley act of 2002 specifies that

A) Penalties for non-compliance with the law
B) Attestations are made in accordance with PCAOB standards
C) Signing officers take personal responsibility for the reported financial statements
D) Privacy requirements for healthcare records
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
The motivation for the passage of the Sarbanes-Oxley act was

A) Failure of Internet technologies
B) Denial of culpability by senior executives for falsification of records
C) To prevent stock market crashes
D) To recover retiree savings
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
Section 404 of the Sarbanes-Oxley act of 2002 specifies that

A) The signing officer has reviewed financial statements
B) Penalties for non-compliance with the law
C) Privacy requirements for healthcare records have been followed
D) Attestations are made in accordance with PCAOB standards
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
In the NIST 800-39 framework, risk response

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
The NIST risk management framework includes

A) Profits, losses
B) Agent, action, asset
C) Assets, threats, vulnerabilities, controls
D) Frame, assess, monitor, respond
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
The management model that guides the ISO risk management methodology is

A) Toyota's Muda, Kaizen, Jidoka, Muri
B) Juran's planning, control, improvement
C) Shewart's mean, range, standard error
D) Deming's Plan-Do-Check-Act
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
IT risk is

A) The risk associated with the use of IT in an organization
B) A quantified measure of the potential damage caused by a specified threat
C) IT resource or information that is to be protected
D) Weaknesses in an IT system that can lead to a compromise of an asset
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
A certain risk has a 1% likelihood of occurrence in the coming year. If the risk is observed, the organization estimates a loss of $1million. The risk is then assessed as

A) 1%
B) $1,000,000
C) 1,000
D) $10,000
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
The Sarbanes-Oxley act applies to

A) Internal control over financial reporting by publicly traded companies
B) Internal control over financial reporting by all financial entities
C) Privacy of healthcare information
D) External audits of publicly traded companies
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
Risk is

A) A quantified measure of the potential damage caused by a specified threat
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
Risk is quantified by taking the product of

A) Hours and hourly rates
B) GDP and growth rate
C) Likelihood and magnitude
D) Risk frame and risk assessment
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
As described in the text, a statement of a risk includes

A) Agent, threat, asset, damage
B) Agent, action, damage, threat
C) Agent, action, asset, damage
D) Threat, asset, action, damage
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
In the NIST 800-39 framework, risk assessment

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
A certain risk has a 1% likelihood of occurrence in the coming year. If the risk is observed, the organization estimates a loss of $1million. A second risk has a 15% likelihood of occurrence in the coming year. If the second risk is observed, the organization estimates a loss of $100,000. Comparing the two risks

A) Risk 2 is greater than risk 1
B) Risk 1 is greater than risk 2
C) Risk 2 is equal to risk 1
D) Risk 2 is negligible
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
The NIST risk-management framework is specified in the NIST document

A) 27002
B) 404
C) 800-39
D) 27000
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
In the NIST 800-39 framework, the risk frame

A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
Risk management is

A) A quantified measure of the potential damage caused by a specified threat
B) Managing the financial impacts of unusual events
C) Avoiding risks
D) Avoiding uncertainty
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
The verification of IT general controls as part of a SOX audit follows a

A) Top-down procedure
B) Bottom-up procedure
C) Either of the above, depending upon the organization
D) Both the above, to ensure comprehensive coverage
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
Internal controls over financial reporting involve all of the following except

A) A process
B) Supervision of the company's principal executives
C) Profit guidance
D) Maintenance of records
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
Section 906 of the Sarbanes-Oxley act of 2002 specifies

A) Penalties for non-compliance with the law
B) That the signing officer has reviewed financial statements
C) Privacy requirements for healthcare records have been followed
D) That attestations are made in accordance with PCAOB standards
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
IT general controls are controls that

A) Only affect non-financial systems such as email systems
B) Involve the most important financial applications
C) Are directly supervised by the organization's senior leadership
D) Involve the underlying IT systems which support financial applications
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
The PCAOB created by the Sarbanes-Oxley act of 2002

A) Defines the format of annual financial reports
B) Oversees auditors and defines auditing standards
C) Performs independent audits of suspect firms
D) Regulates the stock market
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree