GIAC Systems and Network Auditor GSNA Question # 24 Topic 3 Discussion
GSNA Exam Topic 3 Question 24 Discussion:
Question #: 24
Topic #: 3
John works as a Network Auditor for XYZ CORP. The company has a Windows-based network. John wants to conduct risk analysis for the company. Which of the following can be the purpose of this analysis? (Choose three)
A.
To ensure absolute safety during the audit
B.
To analyze exposure to risk in order to support better decision-making and proper management of those risks
C.
To try to quantify the possible impact or loss of a threat
D.
To assist the auditor in identifying the risks and threats
There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision-making and proper management of those risks To support risk-based audit decisions To assist the auditor in determining the audit objectives To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit