لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?
A. Perform a risk assessment
B. Disable user access
C. Develop an access control policy
D. Perform root cause analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?
A. Corporate incident escalation protocols are established
B. Exposure is integrated into the organization's risk profile
C. Risk appetite cascades to business unit management
D. The organization-wide control budget is expanded
عرض الإجابة
اجابة صحيحة: C
السؤال #3
A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. Which of the following is the MOST likely reason for senior management's response?
A. The underlying data source for the KRI is using inaccurate data and needs to be corrected
B. The KRI is not providing useful information and should be removed from the KRI inventory
C. The KRI threshold needs to be revised to better align with the organization s risk appetite
D. Senior management does not understand the KRI and should undergo risk training
عرض الإجابة
اجابة صحيحة: C
السؤال #4
To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:
A. require the vendor to sign a nondisclosure agreement
B. clearly define the project scope
C. perform background checks on the vendor
D. notify network administrators before testing
عرض الإجابة
اجابة صحيحة: A
السؤال #5
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
A. Report the gap to senior management
B. Consult with the IT department to update the RTO
C. Complete a risk exception form
D. Consult with the business owner to update the BCP
عرض الإجابة
اجابة صحيحة: D
السؤال #6
The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of:
A. accounts without documented approval
B. user accounts with default passwords
C. active accounts belonging to former personnel
D. accounts with dormant activity
عرض الإجابة
اجابة صحيحة: B
السؤال #7
A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?
A. Recommend avoiding the risk
B. Validate the risk response with internal audit
C. Update the risk register
D. Evaluate outsourcing the process
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?
A. Ensuring availability of resources for log analysis
B. Implementing log analysis tools to automate controls
C. Ensuring the control is proportional to the risk
D. Building correlations between logs collected from different sources
عرض الإجابة
اجابة صحيحة: C
السؤال #9
An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?
A. Review the risk identification process
B. Inform the risk scenario owners
C. Create a risk awareness communication plan
D. Update the risk register
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following is a detective control?
A. Limit check
B. Periodic access review
C. Access control software
D. Rerun procedures
عرض الإجابة
اجابة صحيحة: D
السؤال #11
IT risk assessments can BEST be used by management:
A. for compliance with laws and regulations
B. as a basis for cost-benefit analysis
C. as input foe decision-making
D. to measure organizational success
عرض الإجابة
اجابة صحيحة: A
السؤال #12
It is MOST appropriate for changes to be promoted to production after they are;
A. communicated to business management
B. tested by business owners
C. approved by the business owner
D. initiated by business users
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which of the following is MOST effective against external threats to an organizations confidential information?
A. Single sign-on
B. Data integrity checking
C. Strong authentication
D. Intrusion detection system
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?
A. Total cost to support the policy
B. Number of exceptions to the policy
C. Total cost of policy breaches
D. Number of inquiries regarding the policy
عرض الإجابة
اجابة صحيحة: B
السؤال #15
An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?
A. The third party s management
B. The organization's management
C. The control operators at the third party
D. The organization's vendor management office
عرض الإجابة
اجابة صحيحة: A
السؤال #16
When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?
A. Risk analysis results
B. Exception handling policy
C. Vulnerability assessment results
D. Benchmarking assessments
عرض الإجابة
اجابة صحيحة: C
السؤال #17
An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?
A. Develop a compensating control
B. Allocate remediation resources
C. Perform a cost-benefit analysis
D. Identify risk responses
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?
A. Vulnerability scanning
B. Continuous monitoring and alerting
C. Configuration management
D. Access controls and active logging
عرض الإجابة
اجابة صحيحة: C
السؤال #19
While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BES reduce the risk associated with such a data breach?
A. Ensuring the vendor does not know the encryption key
B. Engaging a third party to validate operational controls
C. Using the same cloud vendor as a competitor
D. Using field-level encryption with a vendor supplied key
عرض الإجابة
اجابة صحيحة: A
السؤال #20
The PRIMARY purpose of using control metrics is to evaluate the:
A. amount of risk reduced by compensating controls
B. amount of risk present in the organization
C. variance against objectives
D. number of incidents
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?
A. Derive scenarios from IT risk policies and standards
B. Map scenarios to a recognized risk management framework
C. Gather scenarios from senior management
D. Benchmark scenarios against industry peers
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?
A. Key performance indicators (KPIs)
B. Risk heat maps
C. Internal audit findings
D. Periodic penetration testing
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?
A. Relevance to the business process
B. Regulatory compliance requirements
C. Cost-benefit analysis
D. Comparison against best practice
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which of the following criteria is MOST important when developing a response to an attack that would compromise data?
A. The recovery time objective (RTO)
B. The likelihood of a recurring attack
C. The organization's risk tolerance
D. The business significance of the information
عرض الإجابة
اجابة صحيحة: D
السؤال #25
Which of the following is the MOST important element of a successful risk awareness training program?
A. Customizing content for the audience
B. Providing incentives to participants
C. Mapping to a recognized standard
D. Providing metrics for measurement
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Which of the following is the BEST method for assessing control effectiveness?
A. Ad hoc control reporting
B. Control self-assessment
C. Continuous monitoring
D. Predictive analytics
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Which of the following is the BEST indication of an effective risk management program?
A. Risk action plans are approved by senior management
B. Residual risk is within the organizational risk appetite
C. Mitigating controls are designed and implemented
D. Risk is recorded and tracked in the risk register
عرض الإجابة
اجابة صحيحة: B
السؤال #28
When reporting on the performance of an organization's control environment including which of the following would BEST inform stakeholders risk decision- making?
A. The audit plan for the upcoming period
B. Spend to date on mitigating control implementation
C. A report of deficiencies noted during controls testing
D. A status report of control deployment
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.