لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following is MOST helpful in identifying new risk exposures due to changes in the business environment?
A. Standard operating procedures
B. SWOT analysis
C. Industry benchmarking
D. Control gap analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which of the following is the BEST evidence that a user account has been properly authorized?
A. An email from the user accepting the account
B. Notification from human resources that the account is active
C. User privileges matching the request form
D. Formal approval of the account by the user's manager
عرض الإجابة
اجابة صحيحة: C
السؤال #3
To implement the MOST effective monitoring of key risk indicators (KRIs), which of the following needs to be in place?
A. Threshold definition
B. Escalation procedures
C. Automated data feed
D. Controls monitoring
عرض الإجابة
اجابة صحيحة: B
السؤال #4
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
A. Assess management's risk tolerance
B. Recommend management accept the low risk scenarios
C. Propose mitigating controls
D. Re-evaluate the risk scenarios associated with the control
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Employees are repeatedly seen holding the door open for others, so that trailing employees do not have to stop and swipe their own ID badges. This behavior BEST represents:
A. a threat
B. a vulnerability
C. an impact
D. a control
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following would BEST help an enterprise prioritize risk scenarios?
A. Industry best practices
B. Placement on the risk map
C. Degree of variances in the risk
D. Cost of risk mitigation
عرض الإجابة
اجابة صحيحة: D
السؤال #7
A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?
A. Ensuring time synchronization of log sources
B. Ensuring the inclusion of external threat intelligence log sources
C. Ensuring the inclusion of all computing resources as log sources
D. Ensuring read-write access to all log sources
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Malware has recently affected an organization, The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:
A. a gap analysis
B. a root cause analysis
C. an impact assessment
D. a vulnerability assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #9
The PRIMARY reason for establishing various Threshold levels for a set of key risk indicators (KRIs) is to:
A. highlight trends of developing risk
B. ensure accurate and reliable monitoring
C. take appropriate actions in a timely manner
D. set different triggers for each stakeholder
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Who is PRIMARILY accountable for risk treatment decisions?
A. Risk owner
B. Business manager
C. Data owner
D. Risk manager
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?
A. Organizational reporting process
B. Incident reporting procedures
C. Regularly scheduled audits
D. Incident management policy
عرض الإجابة
اجابة صحيحة: C
السؤال #12
The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:
A. align with audit results
B. benchmark with competitor s actions
C. reference best practice
D. focus on the business drivers
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?
A. Enhance the security awareness program
B. Increase the frequency of incident reporting
C. Purchase cyber insurance from a third party
D. Conduct a control assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #14
An organization delegates its data processing to the internal IT team to manage information through its applications. Which of the following is the role of the internal IT team in this situation?
A. Data controllers
B. Data processors
C. Data custodians
D. Data owners
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following should be of GREATEST concern to a risk practitioner when determining the effectiveness of IT controls?
A. Configuration updates do not follow formal change control
B. Operational staff perform control self-assessments
C. Controls are selected without a formal cost-benefit
D. analysis-Management reviews security policies once every two years
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An organization has decided to outsource a web application, and customer data will be stored in the vendor's public cloud. To protect customer data, it is MOST important to ensure which of the following?
A. The organization's incident response procedures have been updated
B. The vendor stores the data in the same jurisdiction
C. Administrative access is only held by the vendor
D. The vendor's responsibilities are defined in the contract
عرض الإجابة
اجابة صحيحة: A
السؤال #17
While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:
A. control is ineffective and should be strengthened
B. risk is inefficiently controlled
C. risk is efficiently controlled
D. control is weak and should be removed
عرض الإجابة
اجابة صحيحة: B
السؤال #18
The BEST criteria when selecting a risk response is the:
A. capability to implement the response
B. importance of IT risk within the enterprise
C. effectiveness of risk response options
D. alignment of response to industry standards
عرض الإجابة
اجابة صحيحة: B
السؤال #19
A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?
A. invoke the established incident response plan
B. Inform internal audit
C. Perform a root cause analysis
D. Conduct an immediate risk assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #20
The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner s BEST recommendation?
A. Perform a root cause analysis
B. Perform a code review
C. Implement version control software
D. Implement training on coding best practices
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.