خذ اختبارات أخرى عبر الإنترنت

السؤال #1

Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

A. Risk mitigation budget

B. Business Impact analysis

C. Cost-benefit analysis

D. Return on investment

عرض الإجابة

اجابة صحيحة: A

السؤال #2

Which of the following conditions presents the GREATEST risk to an application?

A. Application controls are manual

B. Application development is outsourced

C. Source code is escrowed

D. Developers have access to production environment

عرض الإجابة

اجابة صحيحة: B

السؤال #3

The MAIN purpose of conducting a control self-assessment (CSA) is to:

A. gain a better understanding of the control effectiveness in the organization

B. gain a better understanding of the risk in the organization

C. adjust the controls prior to an external audit

D. reduce the dependency on external audits

عرض الإجابة

اجابة صحيحة: C

السؤال #4

The PRIMARY objective of The board of directors periodically reviewing the risk profile is to help ensure:

A. the risk strategy is appropriate

B. KRIs and KPIs are aligned

C. performance of controls is adequate

D. the risk monitoring process has been established

عرض الإجابة

اجابة صحيحة: C

السؤال #5

Which of the following is the BEST way to validate the results of a vulnerability assessment?

A. Perform a penetration test

B. Review security logs

C. Conduct a threat analysis

D. Perform a root cause analysis

عرض الإجابة

اجابة صحيحة: B

السؤال #6

Improvements in the design and implementation of a control will MOST likely result in an update to:

A. inherent risk

B. residual risk

C. risk appetite

D. risk tolerance

عرض الإجابة

اجابة صحيحة: C

السؤال #7

A risk practitioner is reporting on an increasing trend of ransomware attacks in the industry. Which of the following information is MOST important to include to enable an informed response decision by key stakeholders?

A. Methods of attack progression

B. Losses incurred by industry peers

C. Most recent antivirus scan reports

D. Potential impact of events

عرض الإجابة

اجابة صحيحة: D

السؤال #8

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

A. Updating the risk register to include the risk mitigation plan

B. Determining processes for monitoring the effectiveness of the controls

C. Ensuring that control design reduces risk to an acceptable level

D. Confirming to management the controls reduce the likelihood of the risk

عرض الإجابة

اجابة صحيحة: A

السؤال #9

An organization's financial analysis department uses an in-house forecasting application for business projections. Who is responsible for defining access roles to protect the sensitive data within this application?

A. IT risk manager

B. IT system owner

C. Information security manager

D. Business owner

عرض الإجابة

اجابة صحيحة: D

السؤال #10

Quantifying the value of a single asset helps the organization to understand the:

A. overall effectiveness of risk management

B. consequences of risk materializing

C. necessity of developing a risk strategy,

D. organization s risk threshold

عرض الإجابة

اجابة صحيحة: C

السؤال #11

Who should be responsible for implementing and maintaining security controls?

A. End user

B. Internal auditor

C. Data owner

D. Data custodian

عرض الإجابة

اجابة صحيحة: C

السؤال #12

Which of the following is MOST important when developing risk scenarios?

A. Reviewing business impact analysis (BIA)

B. Collaborating with IT audit

C. Conducting vulnerability assessments

D. Obtaining input from key stakeholders

عرض الإجابة

اجابة صحيحة: C

السؤال #13

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

A. communication

B. identification

C. treatment

D. assessment

عرض الإجابة

اجابة صحيحة: B

السؤال #14

After identifying new risk events during a project, the project manager s NEXT step should be to:

A. determine if the scenarios need 10 be accepted or responded to

B. record the scenarios into the risk register

C. continue with a qualitative risk analysis

D. continue with a quantitative risk analysis

عرض الإجابة

اجابة صحيحة: B

السؤال #15

A risk practitioner has just learned about new done FIRST?

A. Notify executive management

B. Analyze the impact to the organization

C. Update the IT risk register

D. Design IT risk mitigation plans

عرض الإجابة

اجابة صحيحة: C

السؤال #16

Management has required information security awareness training to reduce the risk associated with credential compromise. What is the BEST way to assess the effectiveness of the training?

A. Conduct social engineering testing

B. Audit security awareness training materials

C. Administer an end-of-training quiz

D. Perform a vulnerability assessment

عرض الإجابة

اجابة صحيحة: C

السؤال #17

Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

A. Performing a benchmark analysis and evaluating gaps

B. Conducting risk assessments and implementing controls

C. Communicating components of risk and their acceptable levels

D. Participating in peer reviews and implementing best practices

عرض الإجابة

اجابة صحيحة: D

السؤال #18

Which of the following is the BEST indicator of the effectiveness of IT risk management processes?

A. Percentage of business users completing risk training

B. Percentage of high-risk scenarios for which risk action plans have been developed

C. Number of key risk indicators (KRIs) defined

D. Time between when IT risk scenarios are identified and the enterprise's response

عرض الإجابة

اجابة صحيحة: B

السؤال #19

A bank wants to send a critical payment order via email to one of its offshore branches. Which of the following is the BEST way to ensure the message reaches the intended recipient without alteration?

A. Add a digital certificate

B. Apply multi-factor authentication

C. Add a hash to the message

D. Add a secret key

عرض الإجابة

اجابة صحيحة: B

السؤال #20

Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

A. Better understanding of the risk appetite

B. Improving audit results

C. Enabling risk-based decision making

D. Increasing process control efficiencies

عرض الإجابة

اجابة صحيحة: C

السؤال #21

Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

A. Changes in control design

B. A decrease in the number of key controls

C. Changes in control ownership

D. An increase in residual risk

عرض الإجابة

اجابة صحيحة: B

السؤال #22

Following a significant change to a business process, a risk practitioner believes the associated risk has been reduced. The risk practitioner should advise the risk owner to FIRST

A. review the key risk indicators

B. conduct a risk analysis

C. update the risk register

D. reallocate risk response resources

عرض الإجابة

اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:

رقم الواتس اب/الهاتف:

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان