Page 1 out of 73. Viewing questions 1-15 out of 1089
Question 1
Topic 4
Topic 4 Which of the following is MOST helpful in preventing risk events from materializing?
A. Maintaining the risk register
B. Reviewing and analyzing security incidents
C. Establishing key risk indicators (KRIs)
D. Prioritizing and tracking issues
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Topic 4
Topic 4 An organization will be impacted by a new data privacy regulation due to the location of its production facilities. What action should the risk practitioner take when evaluating the new regulation?
A. Perform an analysis of the new regulation to ensure current risk is identified.
B. Evaluate if the existing risk responses to the previous regulation are still adequate.
C. Assess the validity and perform update testing on data privacy controls.
D. Develop internal control assessments over data privacy for the new regulation.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Topic 4
Topic 4 An organization has provided legal text explaining the rights and expected behavior of users accessing a system from geographic locations that have strong privacy regulations. Which of the following control types has been applied?
A. Detective
B. Preventive
C. Compensating
D. Directive
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Topic 4
Topic 4 Which of the following would present the MOST significant risk to an organization when updating the incident response plan?
A. Undefined assignment of responsibility
B. Obsolete response documentation
C. Increased stakeholder turnover
D. Failure to audit third-party providers
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Topic 4
Topic 4 A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of the following should be the risk practitioner's NEXT step?
A. Identify resources for implementing responses.
B. Prepare a business case for the response options.
C. Update the risk register with the results.
D. Develop a mechanism for monitoring residual risk.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Topic 4
Topic 4 Which of the following BEST helps to identify significant events that could impact an organization?
A. Vulnerability analysis
B. Scenario analysis
C. Heat map analysis
D. Control analysis
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Topic 4
Topic 4 A risk practitioner is presenting the risk profile to management, indicating an increase in the number of successful network attacks. This information would be MOST helpful to:
A. determine the availability of network resources.
B. justify additional controls.
C. justify investing in a log collection system.
D. determine the frequency of monitoring.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Topic 4
Topic 4 Which of the following MOST effectively limits the impact of a ransomware attack?
A. End user training
B. Cyber insurance
C. Data backups
D. Cryptocurrency reserve
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Topic 4
Topic 4 A company has recently acquired a customer relationship management (CRM) application from a certified software vendor. Which of the following will BEST help to prevent technical vulnerabilities from being exploited?
A. Verify the software agreement indemnifies the company from losses.
B. Update the software with the latest patches and updates.
C. Review the source code and error reporting of the application.
D. Implement code reviews and quality assurance on a regular basis.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Topic 4
Topic 4 A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the value added by the platform and the organization's risk appetite. Which of the following is the risk practitioners BEST course of action?
A. Update the risk register with the process changes.
B. Review risk related to standards and regulations.
C. Conduct a risk assessment with stakeholders.
D. Conduct third-party resilience tests.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Topic 4
Topic 4 The PRIMARY reason for prioritizing risk scenarios is to:
A. facilitate risk response decisions.
B. support risk response tracking.
C. assign risk ownership.
D. provide an enterprise-wide view of risk.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Topic 4
Topic 4 A third-party vendor has offered to perform user access provisioning and termination. Which of the following control accountabilities is BEST retained within the organization?
A. Reviewing access control lists
B. Performing user access recertification
C. Authorizing user access requests
D. Terminating inactive user access
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Topic 4
Topic 4 In order to determine if a risk is under-controlled, the risk practitioner will need to:
A. determine the sufficiency of the IT risk budget
B. monitor and evaluate IT performance
C. identify risk management best practices
D. understand the risk tolerance
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Topic 4
Topic 4 Which of the following is the BEST way to quantify the likelihood of risk materialization?
A. Balanced scorecard
B. Business impact analysis (BIA)
C. Threat and vulnerability assessment
D. Compliance assessments
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Topic 4
Topic 4 Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
A. Ensuring that risk and control assessments consider fraud
B. Implementing processes to detect and deter fraud
C. Providing oversight of risk management processes
D. Monitoring the results of actions taken to mitigate fraud