خذ اختبارات أخرى عبر الإنترنت

السؤال #1

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

A. The control catalog

B. The asset profile

C. Business objectives

D. Key risk indicators (KRls)

عرض الإجابة

اجابة صحيحة: D

السؤال #2

Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

A. Maintain and review the classified data inventor

B. Implement mandatory encryption on data

C. Conduct an awareness program for data owners and users

D. Define and implement a data classification policy

عرض الإجابة

اجابة صحيحة: D

السؤال #3

The GREATEST concern when maintaining a risk register is that:

A. impacts are recorded in qualitative terms

B. executive management does not perform periodic reviews

C. IT risk is not linked with IT assets

D. significant changes in risk factors are excluded

عرض الإجابة

اجابة صحيحة: B

السؤال #4

Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?

A. A control self-assessment

B. A third-party security assessment report

C. Internal audit reports from the vendor

D. Service level agreement monitoring

عرض الإجابة

اجابة صحيحة: B

السؤال #5

Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

A. Percentage of unpatched IT assets

B. Percentage of IT assets without ownership

C. The number of IT assets securely disposed during the past year

D. The number of IT assets procured during the previous month

عرض الإجابة

اجابة صحيحة: C

السؤال #6

Which of the following will BEST quantify the risk associated with malicious users in an organization?

A. Business impact analysis

B. Risk analysis

C. Threat risk assessment

D. Vulnerability assessment

عرض الإجابة

اجابة صحيحة: A

السؤال #7

When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

A. cost-benefit analysis

B. investment portfolio

C. key performance indicators (KPIs)

D. alignment with risk appetite

عرض الإجابة

اجابة صحيحة: B

السؤال #8

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

A. reduce the risk to an acceptable level

B. communicate the consequences for violations

C. implement industry best practices

D. reduce the organization's risk appetite

عرض الإجابة

اجابة صحيحة: B

السؤال #9

The BEST way to demonstrate alignment of the risk profile with business objectives is through:

A. risk scenarios

B. risk tolerance

C. risk policy

D. risk appetite

عرض الإجابة

اجابة صحيحة: B

السؤال #10

Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

A. Perform an m-depth code review with an expert

B. Validate functionality by running in a test environment

C. Implement a service level agreement

D. Utilize the change management process

عرض الإجابة

اجابة صحيحة: D

السؤال #11

Which of the following would require updates to an organization's IT risk register?

A. Discovery of an ineffectively designed key IT control

B. Management review of key risk indicators (KRls)

C. Changes to the team responsible for maintaining the register

D. Completion of the latest internal audit

عرض الإجابة

اجابة صحيحة: B

السؤال #12

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

A. risk appetite

B. security policies

C. process maps

D. risk tolerance level

عرض الإجابة

اجابة صحيحة: C

السؤال #13

Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

A. To enable consistent data on risk to be obtained

B. To allow for proper review of risk tolerance

C. To identify dependencies for reporting risk

D. To provide consistent and clear terminology

عرض الإجابة

اجابة صحيحة: A

السؤال #14

Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

A. Quantitative analysis might not be possible

B. Risk factors might not be relevant to the organization

C. Implementation costs might increase

D. Inherent risk might not be considered

عرض الإجابة

اجابة صحيحة: D

السؤال #15

The PRIMARY benefit associated with key risk indicators (KRls) is that they

A. help an organization identify emerging threats

B. benchmark the organization's risk profile

C. identify trends in the organization's vulnerabilities

D. enable ongoing monitoring of emerging risk

عرض الإجابة

اجابة صحيحة: B

السؤال #16

Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?

A. Updating multi-factor authentication

B. Monitoring key access control performance indicators

C. Analyzing access control logs for suspicious activity

D. Revising the service level agreement (SLA)

عرض الإجابة

اجابة صحيحة: B

السؤال #17

A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

A. Business continuity manager (BCM)

B. Human resources manager (HRM)

C. Chief risk officer (CRO)

D. Chief information officer (CIO)

عرض الإجابة

اجابة صحيحة: B

السؤال #18

A new policy has been published to forbid copying of data onto removable media. Which type of control has been implemented?

A. Preventive

B. Detective

C. Directive

D. Deterrent

عرض الإجابة

اجابة صحيحة: A

السؤال #19

Who should be accountable for monitoring the control environment to ensure controls are effective?

A. Risk owner

B. Security monitoring operations

C. Impacted data owner

D. System owner

عرض الإجابة

اجابة صحيحة: C

السؤال #20

Which of the following would be the BEST recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

A. Optimize the control environment

B. Realign risk appetite to the current risk level

C. Decrease the number of related risk scenarios

D. Reduce the risk management budget

عرض الإجابة

اجابة صحيحة: A

السؤال #21

A control owner has completed a year-long project To strengthen existing controls. It is MOST important for the risk practitioner to:

A. update the risk register to reflect the correct level of residual risk

B. ensure risk monitoring for the project is initiated

C. conduct and document a business impact analysis (BIA)

D. verify cost-benefit of the new controls betng implemented

عرض الإجابة

اجابة صحيحة: B

السؤال #22

When updating a risk register with the results of an IT risk assessment, the risk practitioner should log:

A. high impact scenarios

B. high likelihood scenarios

C. treated risk scenarios

D. known risk scenarios

عرض الإجابة

اجابة صحيحة: A

السؤال #23

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

A. Vulnerability and threat analysis

B. Control remediation planning

C. User acceptance testing (UAT)

D. Control self-assessment (CSA)

عرض الإجابة

اجابة صحيحة: A

السؤال #24

An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

A. A recommendation for internal audit validation

B. Plans for mitigating the associated risk

C. Suggestions for improving risk awareness training

D. The impact to the organization’s risk profile

عرض الإجابة

اجابة صحيحة: C

السؤال #25

Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

A. Digital signatures

B. Encrypted passwords

C. One-time passwords

D. Digital certificates

عرض الإجابة

اجابة صحيحة: A

السؤال #26

An organization has recently updated its disaster recovery plan (DRP). Which of the following would be the GREATEST risk if the new plan is not tested?

A. External resources may need to be involved

B. Data privacy regulations may be violated

C. Recovery costs may increase significantly

D. Service interruptions may be longer than anticipated

عرض الإجابة

اجابة صحيحة: A

السؤال #27

An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

A. The number of users who can access sensitive data

B. A list of unencrypted databases which contain sensitive data

C. The reason some databases have not been encrypted

D. The cost required to enforce encryption

عرض الإجابة

اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:

رقم الواتس اب/الهاتف:

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان