1.
Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions?
2.
Which term BEST describes a practice used to detect fraud for users or a user by forcing them to be away from the workplace for a while?
 
3.
Which of the following is a fraud detection method whereby employees are moved from position to position?
4.
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:
5.
Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:
6.
In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated?
7.
Of the multiple methods of handling risks which we must undertake to carry out business operations, which one involves using controls to reduce the risk?
8.
There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to conduct business operations. What is this this approach to risk management called?
9.
John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS auditor?
10.
Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks?