Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • Oct-2024 Download Free Latest Exam IT-Risk-Fundamentals Certified Sample Questions [Q39-Q61]

Oct-2024 Download Free Latest Exam IT-Risk-Fundamentals Certified Sample Questions [Q39-Q61]

Share

Oct-2024 Download Free Latest Exam IT-Risk-Fundamentals Certified Sample Questions

Prepare for your exam certification with our IT-Risk-Fundamentals Certified ISACA

NEW QUESTION # 39
A business continuity plan (BCP) is:

  • A. a methodical plan detailing the steps of incident response activities.
  • B. a risk-related document that focuses on business impact assessments (BIAs).
  • C. a document of controls that reduce the risk of losing critical processes.

Answer: B

Explanation:
Definition and Purpose:
* ABusiness Continuity Plan (BCP)is a document that outlines how a business will continue operating during an unplanned disruption in service. It focuses on the processes and procedures necessary to ensure that critical business functions can continue.
BCP Components:
* The BCP typically includesBusiness Impact Assessments (BIAs), which identify critical functions and the impact of a disruption.
* It also encompasses risk assessments, recovery strategies, and continuity strategies for critical business functions.
Explanation of Options:
* Amethodical plan detailing the steps of incident response activities describes more of anIncident Response Plan (IRP).
* Ba document of controls that reduce the risk of losing critical processes could be part of a BCP but is more characteristic of a risk management plan.
* Caccurately reflects the BCP's focus on identifying and mitigating risks to business functions through BIAs, making it the most comprehensive and accurate description.
Conclusion:
* Therefore,Ccorrectly identifies a BCP as a document that focuses on BIAs to manage risks to critical
* business processes.


NEW QUESTION # 40
A risk practitioner has been asked to prepare a risk report by the end of the day that includes an analysis of the most significant risk events facing the organization. Which of the following would BEST enable the risk practitioner to meet the report deadline?

  • A. Delphi method
  • B. Markov analysis
  • C. Monte Carlo simulation

Answer: A

Explanation:
The Delphi method is best suited for preparing a risk report with an analysis of the most significant risk events facing the organization within a short deadline. Here's why:
* Delphi Method: This method involves gathering expert opinions through a series of questionnaires, which are then aggregated and shared with the group for further refinement. It is a quick and effective way to reach a consensus on significant risk events due to its iterative process of anonymous feedback and revisions. This method can provide a structured and comprehensive analysis in a limited time frame.
* Markov Analysis: This is a stochastic process for modeling random systems that transition from one state to another. It requires substantial data and time to analyze probabilities of different states, making it less practical for a quick report.
* Monte Carlo Simulation: This method uses random sampling and statistical modeling to estimate the probability of different outcomes. While highly accurate and useful for complex risk scenarios, it is time-consuming and data-intensive, making it less suitable for a same-day deadline.
Therefore, the Delphi method is the best option for quickly preparing a risk report with significant risk events.


NEW QUESTION # 41
Which of the following is an example of a preventive control?

  • A. Air conditioning systems with excess capacity to permit failure of certain components
  • B. File integrity monitoring (FIM) on personal database stores
  • C. Data management checks on sensitive data processing procedures

Answer: C

Explanation:
An example of a preventive control is data management checks on sensitive data processing procedures.
Here's why:
* File Integrity Monitoring (FIM) on Personal Database Stores: FIM is a detective control. It monitors changes to files and alerts administrators when unauthorized modifications occur.
* Air Conditioning Systems with Excess Capacity to Permit Failure of Certain Components: This is an example of a contingency plan or redundancy, designed to ensure availability but not directly related to preventing security incidents.
* Data Management Checks on Sensitive Data Processing Procedures: These checks are designed to ensure that data is processed correctly and securely from the start, preventing errors and unauthorized
* changes to sensitive data. This is a preventive measure as it aims to prevent issues before they occur.
Therefore, data management checks on sensitive data processing procedures are a preventive control.


NEW QUESTION # 42
Which of the following is used to estimate the frequency and magnitude of a given risk scenario?

  • A. Risk governance
  • B. Risk register
  • C. Risk analysis

Answer: C

Explanation:
Risk analysis is used to estimate the frequency and magnitude of a given risk scenario. Here's the breakdown:
* Risk Analysis: This process involves identifying and evaluating risks to estimate their likelihood (frequency) and potential impact (magnitude). It includes both qualitative and quantitative methods to understand the nature of risks and their potential consequences.
* Risk Register: This is a tool used to document risks, including their characteristics and management strategies. It does not perform the analysis itself but records the results of the risk analysis process.
* Risk Governance: This refers to the framework and processes for managing risks at an enterprise level.
It includes the policies, procedures, and structures to ensure effective risk management but does not directly involve estimating frequency and magnitude.
Therefore, risk analysis is the correct method for estimating the frequency and magnitude of a risk scenario.


NEW QUESTION # 43
The MOST important reason for developing and monitoring key risk indicators (KRIs) is that they provide:

  • A. an early warning of possible risk materialization.
  • B. measurable metrics for acceptable risk levels.
  • C. information about control compliance.

Answer: A

Explanation:
Step by Step Comprehensive Detailed Explanation with All References:
* Purpose of KRIs:
* KRIs are designed to provide early warnings about potential risk events.
* They help organizations to take preventive actions before risks become critical issues.
* Early Warning System:
* KRIs are critical for proactive risk management, enabling organizations to respond quickly to changes in risk levels.
* They complement other risk management tools by focusing on early detection.
* References:
* ISA 315 (Revised 2019), Anlage 5discusses the importance of timely and accurate information in managing and mitigating risks effectively.


NEW QUESTION # 44
Which type of assessment evaluates the changes in technical or operating environments that could result in adverse consequences to an enterprise?

  • A. Vulnerability assessment
  • B. Threat assessment
  • C. Control self-assessment

Answer: B

Explanation:
A Threat Assessment evaluates changes in the technical or operating environments that could result in adverse consequences to an enterprise. This process involves identifying potential threats thatcould exploit vulnerabilities in the system, leading to significant impacts on the organization's operations, financial status, or reputation. It is essential to distinguish between different types of assessments:
* Vulnerability Assessment: Focuses on identifying weaknesses in the system that could be exploited by threats. It does not specifically evaluate changes in the environment but rather the existing vulnerabilities within the system.
* Threat Assessment: Involves evaluating changes in the technical or operating environments that could introduce new threats or alter the impact of existing threats. It looks at how external and internal changes could create potential risks for the organization. This assessment is crucial for understanding how the evolving environment can influence the threat landscape.
* Control Self-Assessment (CSA): A process where internal controls are evaluated by the employees responsible for them. It helps in identifying control gaps but does not specifically focus on changes in
* the environment or their impact.
Given these definitions, the correct type of assessment that evaluates changes in technical or operating environments that could result in adverse consequences to an enterprise is the Threat Assessment.


NEW QUESTION # 45
Which of the following is the BEST reason for an enterprise to avoid an absolute prohibition on risk?

  • A. It may not provide adequate support for budget increases.
  • B. It may lead to ineffective use of resources.
  • C. It may not be understood by executive management.

Answer: B

Explanation:
An absolute prohibition on risk means that an enterprise avoids any and all forms of risk, regardless of potential benefits. This approach can lead to the following issues:
* Inefficiency in Resource Allocation:Absolute risk avoidance can cause an enterprise to allocate resources ineffectively. For example, by avoiding all risks, the enterprise may miss out on opportunities that could bring substantial benefits. Resources that could be invested in innovation or improvement are instead tied up in mitigating even the smallest of risks.
* Stifling Innovation and Growth:Enterprises that are overly risk-averse may hinder innovation and growth. Taking calculated risks is essential for driving new initiatives, products, or services. Without accepting some level of risk, companies might lag behind competitors who are willing to innovate and take strategic risks.
* Poor Risk Management Practices:By trying to avoid all risks, enterprises might develop a risk management strategy that is more about avoidance than mitigation and management. Effective risk management involves identifying, assessing, and mitigating risks, not completely avoiding them. This ensures that the company is prepared for potential challenges and can manage them proactively.
References:
* ISA 315 Anlage 5andAnlage 6discuss the importance of understanding and managing risks associated with IT environments. They highlight the need for a balanced approach to risk management that includes both manual and automated controls to handle various risk levels (e.g., operational, compliance, strategic).
* SAP Reports and Handbookshighlight the necessity of balancing risk with operational efficiency to maintain effective resource allocation and drive business objectives forward.


NEW QUESTION # 46
Which of the following is the PRIMARY reason for an organization to monitor and review l&T-related risk periodically?

  • A. To facilitate the timely identification and replacement of legacy IT assets
  • B. To address changes in external and internal risk factors
  • C. To ensure risk is managed within acceptable limits

Answer: B

Explanation:
Monitoring and Reviewing IT-Related Risk:
* Periodic monitoring and reviewing of IT-related risks are essential to ensure that the organization can adapt to both internal and external changes that might affect risk levels.
Primary Reason:
* The primary reason for this ongoing process is to address changes in external (e.g., regulatory changes, market conditions) and internal (e.g., organizational changes, new IT deployments) risk factors.
* Risks are dynamic and can evolve due to various factors. Therefore, continuous monitoring helps in identifying new risks and changes in existing risks, ensuring that they are managed appropriately.
Comparison of Options:
* Bensuring risk is managed within acceptable limits is a significant outcome of monitoring but is not the primary driver for periodic review.
* Cfacilitating the identification and replacement of legacy IT assets is an operational concern but does not encompass the broader scope of risk management.
* Addressing changes in risk factors is a proactive approach that enables an organization to stay ahead of potential issues and maintain an effective risk management posture.
Conclusion:
* Thus, the primary reason for an organization to monitor and review IT-related risk periodically isto address changes in external and internal risk factors.


NEW QUESTION # 47
To address concerns of increased online skimming attacks, an enterprise is training the software development team on secure software development practices. This is an example of which of the following risk response strategies?

  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk avoidance

Answer: A

Explanation:
The enterprise is addressing concerns about increased online skimming attacks by training the software development team on secure software development practices. This is an example of risk mitigation because it involves taking steps to reduce the likelihood or impact of the risk.
* Risk Response Strategies Overview:
* Risk Acceptance:Choosing to accept the risk without taking any action.
* Risk Avoidance:Taking action to completely avoid the risk.
* Risk Mitigation:Implementing measures to reduce the likelihood or impact of the risk.
* Risk Transfer:Shifting the risk to another party (e.g., through insurance).
* Explanation of Risk Mitigation:
* Risk mitigation involves implementing controls and measures that will lessen the risk's likelihood or impact.
* Training the software development team on secure software development practices directly addresses the potential vulnerabilities that could be exploited in online skimming attacks, thereby reducing the risk.
* References:
* ISA 315 (Revised 2019), Anlage 6discusses the importance of understanding and implementing IT controls to mitigate risks associated with IT systems.


NEW QUESTION # 48
Which of the following is the GREATEST benefit of effective asset valuation?

  • A. It assures that asset valuation is consistently applied to all assets across the enterprise.
  • B. It protects the enterprise from paying more for protection than the net worth of the asset.
  • C. It ensures assets are linked to processes and classified based on business value.

Answer: C

Explanation:
Effective asset valuation is crucial for several reasons, but the greatest benefit is its ability to ensure that assets are linked to processes and classified based on their business value. Here's a detailed explanation:
* Linking Assets to Processes:
* Understanding Asset Utilization: By valuing assets effectively, an organization can better understand how each asset is used in various processes. This linkage helps in optimizing the use of assets, ensuring that they contribute effectively to business operations.
* Enhancing Process Efficiency: When assets are correctly valued and linked to processes, it enables the organization to streamline operations, reduce waste, and improve overall efficiency.
* Classification Based on Business Value:
* Prioritization of Resources: Effective asset valuation allows the organization to prioritize resources towards assets that hold the highest business value. This means that critical assets that support key business processes receive the necessary attention and investment.
* Informed Decision Making: Accurate valuation provides management with the necessary information to make informed decisions about asset maintenance, replacement, and enhancement, ensuring that the assets continue to provide value to the business.
* Risk Management:
* Mitigating Financial Risks: By knowing the exact value of assets, the organization can avoid over-investing or under-investing in protection measures. This balance helps in mitigating financial risks associated with asset management.
* Compliance and Reporting: Proper asset valuation ensures compliance with financial reporting standards and regulations, thereby reducing the risk of legal or regulatory issues.
References:
* The importance of linking assets to business processes and their classification based on business value is emphasized in various audit and IT management frameworks, including COBIT and ITIL.
* ISA 315 highlights the importance of understanding the entity's information system and relevant controls, which includes the valuation and management of assets.


NEW QUESTION # 49
A key risk indicator (KRI) is PRIMARILY used for which of the following purposes?

  • A. Predicting risk events
  • B. Facilitating dashboard reporting
  • C. Optimizing risk management

Answer: A

Explanation:
* Primary Use of KRIs:
* KRIs are primarily used to predict risk events by providing measurable data that signals potential issues.
* This predictive capability helps organizations to mitigate risks before they escalate.
* Risk Prediction:
* Effective KRIs allow organizations to foresee potential risks and implement measures to address them proactively.
* This improves the overall risk management process by reducing the likelihood and impact of risk events.
* References:
* ISA 315 (Revised 2019), Anlage 6emphasizes the use of indicators and metrics to monitor and predict risks within an organization's IT and operational environments.


NEW QUESTION # 50
Which of the following includes potential risk events and the associated impact?

  • A. Risk policy
  • B. Risk profile
  • C. Risk scenario

Answer: C

Explanation:
A risk scenario includes potential risk events and the associated impact. Here's the detailed breakdown:
* Risk Scenario: This describes potential events that could affect the organization and includes detailed
* descriptions of the circumstances, events, and potential impacts. It helps in understanding what could happen and how it would impact the organization.
* Risk Policy: This outlines the overall approach and guidelines for managing risk within the organization.
It does not detail specific events or impacts.
* Risk Profile: This provides an overview of the risk landscape, summarizing the types and levels of risk the organization faces. It is more of a high-level summary rather than detailed potential events and impacts.
Therefore, a risk scenario is the most detailed in terms of potential risk events and their associated impacts.


NEW QUESTION # 51
Which of the following MUST be established in order to manage l&T-related risk throughout the enterprise?

  • A. An enterprise risk governance committee
  • B. The enterprise risk universe
  • C. Industry best practices for risk management

Answer: A

Explanation:
To manage IT-related risk throughout the enterprise, it is crucial to establish an enterprise risk governance committee. This committee provides oversight and direction for the risk management activities across the organization. It ensures that risks are identified, assessed, and managed in alignment with the organization's risk appetite and strategy. The committee typically includes senior executives and stakeholders who can influence policy and resource allocation. This structure supports a comprehensive approach to risk management, integrating risk considerations into decision-making processes. This requirement is in line with guidance from frameworks such as COBIT and ISO 27001, which emphasize governance structures for effective risk management.


NEW QUESTION # 52
The use of risk scenarios to guide senior management through a rapidly changing market environment is considered a key risk management

  • A. incentive.
  • B. capability.
  • C. benefit.

Answer: C


NEW QUESTION # 53
Which of the following is the MOST important aspect of key performance indicators (KPIs)?

  • A. KPIs aid management in monitoring the organization's IT infrastructure capacity.
  • B. KPIs identify underperforming assets that may impact the achievement of operational goals.
  • C. KPIs provide inputs for monitoring the usage of IT assets to determine return on investment (ROI).

Answer: B

Explanation:
Definition and Importance of KPIs:
* Key Performance Indicators (KPIs) are measurable values that demonstrate how effectively an organization is achieving key business objectives. They are critical for assessing performance against targets.
Primary Aspect of KPIs:
* The primary aspect of KPIs is their ability to identify underperforming assets or processes that may impact the achievement of operational goals. This aligns with the fundamental purpose of KPIs, which is to measure performance and indicate areas that need improvement.
* By identifying underperforming assets, management can take corrective actions to align performance with strategic objectives, ensuring that the organization remains on track to achieve its goals.
Comparison of Options:
* BandCare important functions of KPIs, but they are not the primary focus. Monitoring IT asset usage and ROI (B) and infrastructure capacity (C) are specific applications of KPIs but do not encompass the overall critical aspect of identifying performance issues that impact operational goals.
* Effective KPIs should provide a comprehensive view that helps in identifying critical performance gaps impacting the organization's objectives.
Conclusion:
* Therefore, the most important aspect of KPIs is that theyidentify underperforming assets that may impact the achievement of operational goals.


NEW QUESTION # 54
Which of the following are control conditions that exist in IT systems and may be exploited by an attacker?

  • A. Vulnerabilities
  • B. Threats
  • C. Cybersecurity risk scenarios

Answer: A

Explanation:
Control conditions that exist in IT systems and may be exploited by an attacker are known as vulnerabilities.
Here's the breakdown:
* Cybersecurity Risk Scenarios: These are hypothetical situations that outline potential security threats and their impact on an organization. They are not specific control conditions but rather a part of risk assessment and planning.
* Vulnerabilities: These are weaknesses or flaws in the IT systems that can be exploited by attackers to gain unauthorized access or cause damage. Vulnerabilities can be found in software, hardware, or procedural controls, and addressing these is critical for maintaining system security.
* Threats: These are potential events or actions that can exploit vulnerabilities to cause harm. While threats are important to identify, they are not the control conditions themselves but rather the actors or events that take advantage of these conditions.
Thus, the correct answer is vulnerabilities, as these are the exploitable weaknesses within IT systems.


NEW QUESTION # 55
Why is risk identification important to an organization?

  • A. It enables the risk register to detail potential impacts to an enterprise's business processes.
  • B. It provides a review of previous and likely threats to the enterprise.
  • C. It ensures risk is recognized and the impact to business objectives is understood.

Answer: C

Explanation:
Risk identification is critical because it ensures that risk is recognized and the impact on business objectives is understood. Here's why:
* Provides a review of previous and likely threats to the enterprise: While this is part of risk identification, it does not encompass the primary purpose. Reviewing past threats helps in understanding historical risks but does not address the recognition and understanding of current and future risks.
* Ensures risk is recognized and the impact to business objectives is understood: This is the essence of risk identification. It helps in identifying potential risks and understanding how these risks can impact the achievement of business objectives. Recognizing risks allows organizations to proactively address them before they materialize.
* Enables the risk register to detail potential impacts to an enterprise's business processes: This is a result of risk identification, but the primary importance lies in the recognition and understanding of risks.
Therefore, risk identification is crucial as it ensures that risks are recognized and their impacts on business objectives are understood.


NEW QUESTION # 56
An enterprise has initiated a project to implement a risk-mitigating control. Which of the following would provide senior management with the MOST useful information on the project's status?

  • A. Risk heat map
  • B. Risk report
  • C. Risk register

Answer: B

Explanation:
For senior management, a risk report provides the most useful information on the status of a project to implement a risk-mitigating control. Here's why:
* Comprehensive Overview:A risk report offers a detailed overview of all identified risks, their current status, and the effectiveness of the controls in place. This comprehensive view is crucial for senior management to understand the progress and any remaining challenges.
* Actionable Insights:Risk reports include actionable insights and recommendations, helping management make informed decisions about resource allocation, prioritizing efforts, and implementing further risk mitigation strategies.
* Ongoing Monitoring:Regular risk reports allow for ongoing monitoring of the project's status, ensuring that any deviations from the planned risk mitigation activities are identified and addressed promptly.
* References:According to professional auditing standards like ISA 315, ongoing communication and reporting on risk management activities are vital for effective governance and oversight by senior management.


NEW QUESTION # 57
The MOST important reason to monitor implemented controls is to ensure the controls:

  • A. enable IT operations to meet agreed service levels.
  • B. mitigate risk associated with regulatory noncompliance.
  • C. are effective and manage risk to the desired level.

Answer: C

Explanation:
Importance of Monitoring Controls:
* Monitoring implemented controls is a critical aspect of risk management and audit practices. The primary goal is to ensure that the controls are functioning as intended and effectively mitigating identified risks.
Effectiveness and Risk Management:
* Controls are put in place to manage risks to acceptable levels, as determined by the organization's risk appetite and risk management framework. Regular monitoring helps in verifying the effectiveness of these controls and whether they continue to manage risks appropriately.
* References from the ISA 315 standard emphasize the importance of evaluating and monitoring controls to ensure they address the risks they were designed to mitigate.
Other Considerations:
* While enabling IT operations to meet agreed service levels (B) and mitigating regulatory compliance risks (C) are important, they are secondary to the primary purpose of ensuring controls are effective in managing risk.
* Effective risk management encompasses meeting service levels and compliance, but these are outcomes of having robust, effective controls.
Conclusion:
* Therefore, the most important reason to monitor implemented controls is to ensure theyare effective and manage risk to the desired level.


NEW QUESTION # 58
Which of the following is the MAIN objective of governance?

  • A. Creating value through investments for the organization
  • B. Creating risk awareness at all levels of the organization
  • C. Creating controls throughout the entire organization

Answer: A

Explanation:
Governance is primarily concerned with ensuring that an organization achieves its objectives, operates efficiently, and adds value to its stakeholders. The main objective of governance is to create value through investments for the organization. This encompasses making strategic decisions that align with the organization's goals, ensuring that resources are used effectively, and that the organization's activities are sustainable and provide long-term benefits. While creating controls and risk awareness are essential aspects of governance, they serve the broader goal of value creation through strategic investments. This concept is aligned with principles found in corporate governance frameworks and standards such as ISO/IEC 38500 and COBIT (Control Objectives for Information and Related Technologies).


NEW QUESTION # 59
Which of the following statements on an organization's cybersecurity profile is BEST suited for presentation to management?

  • A. The probability of a cyber attack varies between unlikely and very likely.
  • B. Risk management believes the likelihood of a cyber attack is not imminent.
  • C. Security measures are configured to minimize the risk of a cyber attack.

Answer: C

Explanation:
Communicating Cybersecurity Profile:
* When presenting the organization's cybersecurity profile to management, it is crucial to focus on the effectiveness of the security measures in place and their ability to minimize risks.
Clarity and Relevance:
* Statement A ("The probability of a cyber attack varies between unlikely and very likely") is too vague
* and does not provide actionable information.
* Statement B ("Risk management believes the likelihood of a cyber attack is not imminent") lacks specificity and does not detail the measures taken.
Effectiveness of Security Measures:
* Statement C highlights the proactive steps taken to configure security measures to minimize risk. This approach is more likely to instill confidence in management about the current cybersecurity posture.
* According to best practices in IT risk management, as outlined in various frameworks such as NIST and ISO 27001, focusing on the effectiveness and configuration of security controls is key to managing cybersecurity risks.
Conclusion:
* Thus, the statement best suited for presentation to management is:Security measures are configured to minimize the risk of a cyber attack.


NEW QUESTION # 60
For risk reporting to adequately reflect current risk management capabilities, the risk report should be based on the enterprise:

  • A. risk appetite.
  • B. risk profile.
  • C. risk management framework.

Answer: B

Explanation:
* Understanding Risk Reporting:
* For risk reporting to accurately reflect current risk management capabilities, it should be based on the organization's current risk profile, which provides a comprehensive view of all identified risks, their severity, and their impact on the organization.
* Components of Risk Reporting:
* Risk Management Framework(A) provides the overall approach and guidelines for managing risk but does not reflect the current state of risks.
* Risk Appetite(C) defines the level of risk the organization is willing to accept but does not detail the current risks being managed.
* Current Risk Profile:
* The risk profile offers a detailed snapshot of the current risks, including emerging risks, changes in existing risks, and the effectiveness of the controls in place to manage these risks.
* This aligns with guidelines from frameworks such as ISO 31000 and COSO ERM, which stress the importance of a dynamic and current view of the risk landscape for effective risk reporting.
* Conclusion:
* Therefore, to reflect current risk management capabilities, the risk report should be based on the enterprise'srisk profile.


NEW QUESTION # 61
......

Free ISACA IT-Risk-Fundamentals Exam 2024 Practice Materials Collection: https://passguide.vce4dumps.com/IT-Risk-Fundamentals-latest-dumps.html

Related Articles

more
ISACA IT-Risk-Fundamentals Certification Practice Exam

Selecting right prep4sure dumps is the key to pass actual test, the accuracy of our dumps torrent and latest dumps will guarantee you high passing score.

Latest Prep4sure VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 VCE4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy