Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The COSO framework is built on five interrelated components. Which of the follow

ID: 3741159 • Letter: T

Question

The COSO framework is built on five interrelated components. Which of the following is NOT one of them?

Control environment

Control activities

Risk assessment

InfoSec Governance

Which type of access controls can be role-based or task-based?

content-dependent

nondiscretionary

discretionary

constrained

Which of the following is NOT a category of access control?

mitigating

compensating

preventative

deterrent

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Use within an organization to formulate security requirements and objectives

Use within an organization to ensure compliance with laws and regulations

Implementation of business-enabling information security

To enable organizations that adopt it to obtain certification

Which of the following is NOT a change control principle of the Clark-Wilson model?

No unauthorized changes by authorized subjects

No changes by unauthorized subjects

No changes by authorized subjects without external validation

The maintenance of internal and external consistency

a.

Control environment

b.

Control activities

c.

Risk assessment

d.

InfoSec Governance

Explanation / Answer

If you have any problems with the answer or want me to edit the answer, just let me know in the comments and I will try to get on to it as soon as possible. Do give a positive rating if you think this answer helped.

1. The five components of COSO framework are :

I. Control Environment

II. Risk Assessment

III. Control Activities

IV. Information and Communication

V. Monitoring Activities.

Hence InfoSec Governance is not a component of COSO framework. Therefore correct option is d. InfoSec Governance.

2. A non discretionary access control can be role-based or task-based. Hence the correct option is b. Non discretionary.

3. Compensating, preventative and deterrent are types of access controls. Hence the correct option is a. Mitigating.

4. The primary purpose of ISO/IEC 27001:2005 is to formulate security requirements and objectives within an organization. Hence the correct option is a. Use within an organization to formulate security requirements and objectives.

5. No changes by authorized subjects without external validation is not change control principle of the Clark-Wilson model. Hence the correct option is c. No changes by authorized subjects without external validation.

Related Questions

The CEO of a well known car seller company wants to determine the factors having
Question #3362904
The CEO of a well-known car reseller company wants to determine the factors driv
Question #2947543
The CEO of an audit client routinely has paid for his personal gasoline and laun
Question #2413959
The CEO of an international cruise line is facing an ethical decision regarding
Question #400330
The CEO of the Jen and Benny\'s ice cream company is concerned about the net wei
Question #3431323
The CEO of the company you are following has asked you to analyze the possibilit
Question #2769618
The CEO of the company you are following has asked you to analyze the possibilit
Question #2804524
The CEO of your company has called his Environmental Department into his office.
Question #300066
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The COSO framework is built on five interrelated components. Which of the follow
Next
The COUGAR program plans to acquire a total of 600 end items costing $720 millio

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.