Page 45 - CITP Review
P. 45
4. As an external CITP consulting for ABC Company, you review the organizations’ risk assessment
(which you find accurate) and design controls to mitigate detected risks. To which primary
stakeholder do you present your final suggestions?
a. The company’s IT department.
b. The company’s president.
c. The company’s board of directors.
d. The company’s CIO.
5. Which is not considered linked information?
a. Place of birth
b. Home address
c. Email address.
d. Date of birth.
6. You are approached by an organization to conduct a readiness assessment. Which will you be doing
if you accept the engagement?
a. Consulting on the design of cybersecurity related internal controls.
b. Conducting a risk assessment.
c. Conducting a vulnerability assessment.
d. Identifying process gaps.
7. Who would be able to require entity management to provide additional knowledge about the
company’s cybersecurity risk management program?
a. Board of directors.
b. Analysts and investors.
c. Business partners.
d. Industry regulators.
8. Which is a cybersecurity advisory service that could be performed by a CITP for ABC Company?
a. GAAP audit.
b. Readiness assessment.
c. SOC for Cybersecurity engagement.
d. An examination of security and privacy controls.
9. Which is a cybersecurity attest service that could be performed by a CITP for ABC Company?
a. SOC for Cybersecurity engagement.
b. Readiness assessment.
c. GAAP audit.
d. Security risk assessment.
10. Which would be considered personally identifiable information (PII)?
a. Full name.
b. First name.
c. Last name.
d. Last four digits of Social Security number.
© 2019 Association of International Certified Professional Accountants. All rights reserved. 1-37
