IAP301

You review how you are going to manage your IT investment such as contracts, new policy ideas, service level agreements (SLAs) which are stated commitment to provide a specific service level". In which phase of COBIT 5.0 does this situation belong to?

Alice sends an email to Bob that says "I agree to purchase 100 widgets at $10 each." Bob receives the email and it is digitally signed by Alice's private key. The signature verifies that the email came from Alice. Later, Alice claims she never sent that email agreeing to purchase the widgets. However, Bob has the digitally signed email which proves the message came from Alice. What is the issue here ?

A major retailer recently began offering an augmented reality (AR) shopping app that allows customers to visualize products in their homes. During a routine security audit, the app developer uncovered that hackers could potentially access the smartphone cameras of users. Further, analysis showed that certain camera permissions were not configured properly, allowing malicious actors a way to activate cameras without the user's knowledge. Which of the following best describes the problem?

A company is developing a new web application and wants to ensure it follows industry standards for security, accessibility, and interoperability. For security, they decide to implement authentication following the OpenID Connect standard. This allows users to login with their existing accounts from Google, Facebook etc. rather than creating new credentials. For accessibility, they ensure the application complies with guidelines. This covers aspects like color contrast, keyboard navigation, and screen reader functionality. For interoperability, they use common web standards like HTTP, HTML5, CSS, and JavaScript. What does the company apply?

An audit that is done by government agencies that assess the company's

compliance with laws and regulations is called ________.

A hospital implements a new electronic health record (EHR) system. Shortly after deployment, nurses report that the system is very slow during peak hours of the day, delaying access to patient records. The hospital's IT team investigates and determines the EHR system is undersized for the number of concurrent users during busy shifts, causing performance lag. Which control should they apply to mitigate the problem?

What is an detective control?

a. A control that stops behavior immediately and does not rely on human decisions

b. A control that does not stop behavior immediately and relies on human decisions

c. A control that does not stop behavior immediately but automates notification of incident

d. A control that stops behavior immediately and relies on human decisions

While a company encrypt data and has security controls around data transmission/storage, there is still a risk that data could be inadvertently exposed or stolen in a sophisticated cyberattack. Which of the following best describes the problem?

a. risk exposure

b. risk appetite

c. residual risk

d. risk tolerance

A publicly traded company is preparing its quarterly financial statements. The CEO pressures the CFO to manipulate revenue numbers to make the company's growth appear stronger than it actually was to boost the stock price. The CFO reluctantly agrees to falsify the financials. This is a act of __________ violation.

Which of the following are control objectives for Payment Card Industry Data Security Standard (PCI DSS)?