GSNA Question #57: Real Exam Question with Answer & Explanation

The correct answer is B. To analyze exposure to risk in order to support better decision-making and proper management C. To try to quantify the possible impact or loss of a threat D. To assist the auditor in identifying the risks and threats. There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision- making and proper management of those risks To support risk-based audit decisions

Question

John works as a Network Auditor for XYZ CORP. The company has a Windows-based network. John wants to conduct risk analysis for the company. Which of the following can be the purpose of this analysis? (Choose three)

Options

ATo ensure absolute safety during the audit
BTo analyze exposure to risk in order to support better decision-making and proper management
CTo try to quantify the possible impact or loss of a threat
DTo assist the auditor in identifying the risks and threats

Explanation

There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision- making and proper management of those risks To support risk-based audit decisions To assist the auditor in determining the audit objectives To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

Community Discussion

No community discussion yet for this question.

Full GSNA Practice