Page 1 out of 73. Viewing questions 1-15 out of 1089
Question 1
Topic 4
Topic 4 Which of the following is MOST helpful in preventing risk events from materializing?
A.
Maintaining the risk register
B.
Reviewing and analyzing security incidents
C.
Establishing key risk indicators (KRIs)
Most Votes
D.
Prioritizing and tracking issues
Answer:
B
User Votes:
A 6 votes
50%
B 10 votes
50%
C 15 votes
50%
D 7 votes
50%
Discussions
0/ 1000
SowndharyaRaj
8 months, 1 week ago
Asdffgghhjjk
hmsrumi
4 months, 3 weeks ago
C. Establishing key risk indicators (KRIs)
Pronel
3 months, 4 weeks ago
A. Maintaining the risk register
Agnes
3 weeks, 3 days ago
Key Risk Indicators (KRIs) are metrics used to provide early signals of increasing risk exposures in various areas of an organization. KRIs help organizations detect potential issues before they become actual problems, allowing for proactive risk management and mitigation. This makes them most helpful in preventing risk events from materializing.
Here's how the other options compare:
A. Maintaining the risk register: Important for documentation and tracking known risks, but it is more about record-keeping than prevention.
B. Reviewing and analyzing security incidents: Valuable for reactive analysis and improving future defenses, but it addresses risks after they have occurred.
D. Prioritizing and tracking issues: Useful for managing known issues, not for early identification or preventing potential risks.
Question 2
Topic 4
Topic 4 An organization will be impacted by a new data privacy regulation due to the location of its production facilities. What action should the risk practitioner take when evaluating the new regulation?
A.
Perform an analysis of the new regulation to ensure current risk is identified.
Most Votes
B.
Evaluate if the existing risk responses to the previous regulation are still adequate.
C.
Assess the validity and perform update testing on data privacy controls.
D.
Develop internal control assessments over data privacy for the new regulation.
Answer:
A
User Votes:
A 12 votes
50%
B 4 votes
50%
C 2 votes
50%
D 5 votes
50%
Discussions
0/ 1000
Question 3
Topic 4
Topic 4 An organization has provided legal text explaining the rights and expected behavior of users accessing a system from geographic locations that have strong privacy regulations. Which of the following control types has been applied?
A.
Detective
B.
Preventive
C.
Compensating
D.
Directive
Most Votes
Answer:
D
User Votes:
A 2 votes
50%
B 8 votes
50%
C
50%
D 10 votes
50%
Discussions
0/ 1000
Question 4
Topic 4
Topic 4 Which of the following would present the MOST significant risk to an organization when updating the incident response plan?
A.
Undefined assignment of responsibility
Most Votes
B.
Obsolete response documentation
C.
Increased stakeholder turnover
D.
Failure to audit third-party providers
Answer:
A
User Votes:
A 12 votes
50%
B 3 votes
50%
C
50%
D 3 votes
50%
Discussions
0/ 1000
Question 5
Topic 4
Topic 4 A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of the following should be the risk practitioner's NEXT step?
A.
Identify resources for implementing responses.
B.
Prepare a business case for the response options.
C.
Update the risk register with the results.
Most Votes
D.
Develop a mechanism for monitoring residual risk.
Answer:
C
User Votes:
A 1 votes
50%
B 5 votes
50%
C 11 votes
50%
D
50%
Discussions
0/ 1000
Question 6
Topic 4
Topic 4 Which of the following BEST helps to identify significant events that could impact an organization?
A.
Vulnerability analysis
B.
Scenario analysis
C.
Heat map analysis
D.
Control analysis
Answer:
A
User Votes:
A 8 votes
50%
B 4 votes
50%
C 3 votes
50%
D
50%
Discussions
0/ 1000
Question 7
Topic 4
Topic 4 A risk practitioner is presenting the risk profile to management, indicating an increase in the number of successful network attacks. This information would be MOST helpful to:
A.
determine the availability of network resources.
B.
justify additional controls.
Most Votes
C.
justify investing in a log collection system.
D.
determine the frequency of monitoring.
Answer:
B
User Votes:
A
50%
B 11 votes
50%
C 3 votes
50%
D 3 votes
50%
Discussions
0/ 1000
Question 8
Topic 4
Topic 4 Which of the following MOST effectively limits the impact of a ransomware attack?
A.
End user training
B.
Cyber insurance
C.
Data backups
D.
Cryptocurrency reserve
Answer:
A
User Votes:
A 6 votes
50%
B 2 votes
50%
C 6 votes
50%
D 1 votes
50%
Discussions
0/ 1000
Question 9
Topic 4
Topic 4 A company has recently acquired a customer relationship management (CRM) application from a certified software vendor. Which of the following will BEST help to prevent technical vulnerabilities from being exploited?
A.
Verify the software agreement indemnifies the company from losses.
B.
Update the software with the latest patches and updates.
Most Votes
C.
Review the source code and error reporting of the application.
D.
Implement code reviews and quality assurance on a regular basis.
Answer:
B
User Votes:
A 2 votes
50%
B 10 votes
50%
C 1 votes
50%
D 2 votes
50%
Discussions
0/ 1000
Question 10
Topic 4
Topic 4 A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the value added by the platform and the organization's risk appetite. Which of the following is the risk practitioners BEST course of action?
A.
Update the risk register with the process changes.
B.
Review risk related to standards and regulations.
C.
Conduct a risk assessment with stakeholders.
D.
Conduct third-party resilience tests.
Answer:
C
User Votes:
A 1 votes
50%
B 2 votes
50%
C 9 votes
50%
D 1 votes
50%
Discussions
0/ 1000
Question 11
Topic 4
Topic 4 The PRIMARY reason for prioritizing risk scenarios is to:
A.
facilitate risk response decisions.
B.
support risk response tracking.
C.
assign risk ownership.
D.
provide an enterprise-wide view of risk.
Answer:
A
User Votes:
A 9 votes
50%
B
50%
C 3 votes
50%
D 1 votes
50%
Discussions
0/ 1000
Question 12
Topic 4
Topic 4 A third-party vendor has offered to perform user access provisioning and termination. Which of the following control accountabilities is BEST retained within the organization?
A.
Reviewing access control lists
B.
Performing user access recertification
C.
Authorizing user access requests
D.
Terminating inactive user access
Answer:
C
User Votes:
A 3 votes
50%
B 2 votes
50%
C 9 votes
50%
D
50%
Discussions
0/ 1000
Question 13
Topic 4
Topic 4 In order to determine if a risk is under-controlled, the risk practitioner will need to:
A.
determine the sufficiency of the IT risk budget
B.
monitor and evaluate IT performance
C.
identify risk management best practices
D.
understand the risk tolerance
Most Votes
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D 13 votes
50%
Discussions
0/ 1000
Question 14
Topic 4
Topic 4 Which of the following is the BEST way to quantify the likelihood of risk materialization?
A.
Balanced scorecard
B.
Business impact analysis (BIA)
C.
Threat and vulnerability assessment
Most Votes
D.
Compliance assessments
Answer:
C
User Votes:
A 1 votes
50%
B 3 votes
50%
C 10 votes
50%
D
50%
Discussions
0/ 1000
Question 15
Topic 4
Topic 4 Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
A.
Ensuring that risk and control assessments consider fraud
B.
Implementing processes to detect and deter fraud
Most Votes
C.
Providing oversight of risk management processes
D.
Monitoring the results of actions taken to mitigate fraud
Asdffgghhjjk
C. Establishing key risk indicators (KRIs)
A. Maintaining the risk register
Key Risk Indicators (KRIs) are metrics used to provide early signals of increasing risk exposures in various areas of an organization. KRIs help organizations detect potential issues before they become actual problems, allowing for proactive risk management and mitigation. This makes them most helpful in preventing risk events from materializing.
Here's how the other options compare:
A. Maintaining the risk register: Important for documentation and tracking known risks, but it is more about record-keeping than prevention.
B. Reviewing and analyzing security incidents: Valuable for reactive analysis and improving future defenses, but it addresses risks after they have occurred.
D. Prioritizing and tracking issues: Useful for managing known issues, not for early identification or preventing potential risks.