Examice

Exam CBAP All QuestionsBrowse all questions from this exam

Question 439

A conservative company with rigorous risk control plans and internal audit rules has a recurrent problem with a core business application. As a result, access to this application must be restricted and controlled and maintenance must be on-site. However, the company feels that the application must have an emergency service team. The routine maintenance of this solution is provided by an external vendor and the vendor requested 24 hours remote access to quality and production data. In this context, what is the company's response to the vendor's request?

Denied, because the vendor requested it

Denied, because of the company's risk aversion

Accepted, because the company has an urgent problem to solve

Accepted, because immediate remote access will resolve any issue

Correct Answer: B

The company's conservative nature with rigorous risk control plans and internal audit rules means they prioritize security and control. Given that they have a recurrent problem with a core business application, they require restricted and controlled access and insist that maintenance must be on-site. This implies a significant level of risk aversion. Therefore, the request for 24 hours remote access from an external vendor goes against their stringent policies, making it necessary to deny the request to adhere to their risk management approach.

Discussion

rupakarthikOption: B

Ans-B. Read first 2 sentences.

DoomsdayNairOption: B

B. Denied, because of the company's risk aversion

rebelngOption: B

The answer is B. Company policy cannot be changed for routine maintenance.

Jules_CmrfrdOption: B

B. Denied, because of the company's risk aversion

Sha7rourOption: B

Answer is B , question said MUST be in house

OlivierPaudexOption: B

24 hours remote access and production data access is far too much to resolve a problem. I will go for B, denied because of risk aversion

binu801

How the maintenance will be done without access. either the org should do it in house , but if it decides to outsource it has to provide all necessary data and access- so between C and D

xiaoyangwu

remote access and onsite access are different, onsite access means inside the LAN, but remote access need through internet.