خذ اختبارات أخرى عبر الإنترنت

السؤال #1

Which of the following BEST enables a risk practitioner to enhance understanding of risk among stakeholders?

A. Key risk indicators

B. Risk scenarios

C. Business impact analysis

D. Threat analysis

عرض الإجابة

اجابة صحيحة: C

السؤال #2

Which of the following would be considered a vulnerability?

A. Delayed removal of employee access

B. Authorized administrative access to HR files

C. Corruption of files due to malware

D. Server downtime due to a denial of service (DoS) attack

عرض الإجابة

اجابة صحيحة: C

السؤال #3

Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

A. Key risk indicators (KRls) are developed for key IT risk scenarios

B. IT risk scenarios are assessed by the enterprise risk management team

C. Risk appetites for IT risk scenarios are approved by key business stakeholders

D. IT risk scenarios are developed in the context of organizational objectives

عرض الإجابة

اجابة صحيحة: C

السؤال #4

Which of the following can be used to assign a monetary value to risk?

A. Annual loss expectancy (ALE)

B. Business impact analysis

C. Cost-benefit analysis

D. Inherent vulnerabilities

عرض الإجابة

اجابة صحيحة: D

السؤال #5

Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?

A. Defining expectations in the enterprise risk policy

B. Increasing organizational resources to mitigate risks

C. Communicating external audit results

D. Avoiding risks that could materialize into substantial losses

عرض الإجابة

اجابة صحيحة: D

السؤال #6

Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

A. minimize the number of risk scenarios for risk assessment

B. aggregate risk scenarios identified across different business units

C. build a threat profile of the organization for management review

D. provide a current reference to stakeholders for risk-based decisions

عرض الإجابة

اجابة صحيحة: D

السؤال #7

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

A. Implement a tool to create and distribute violation reports

B. Raise awareness of encryption requirements for sensitive data

C. Block unencrypted outgoing emails which contain sensitive data

D. Implement a progressive disciplinary process for email violations

عرض الإجابة

اجابة صحيحة: C

السؤال #8

Which of the following is MOST important to ensure when continuously monitoring the performance of a client-facing application?

A. Objectives are confirmed with the business owne

B. Control owners approve control changes

C. End-user acceptance testing has been conducte

D. Performance information in the log is encrypte

عرض الإجابة

اجابة صحيحة: D

السؤال #9

Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

A. A record of incidents is maintained

B. Forensic investigations are facilitated

C. Security violations can be identified

D. Developing threats are detected earlier

عرض الإجابة

اجابة صحيحة: D

السؤال #10

What is the PRIMARY reason to periodically review key performance indicators (KPIs)?

A. Ensure compliance

B. Identify trends

C. Promote a risk-aware culture

D. Optimize resources needed for controls

عرض الإجابة

اجابة صحيحة: A

السؤال #11

Which of the following is the BEST way to support communication of emerging risk?

A. Update residual risk levels to reflect the expected risk impact

B. Adjust inherent risk levels upward

C. Include it on the next enterprise risk committee agenda

D. Include it in the risk register for ongoing monitoring

عرض الإجابة

اجابة صحيحة: A

السؤال #12

Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

A. Directives from legal and regulatory authorities

B. Audit reports from internal information systems audits

C. Automated logs collected from different systems

D. Trend analysis of external risk factors

عرض الإجابة

اجابة صحيحة: B

السؤال #13

Which of the following is the BEST way to identify changes to the risk landscape?

A. Internal audit reports

B. Access reviews

C. Threat modeling

D. Root cause analysis

عرض الإجابة

اجابة صحيحة: B

السؤال #14

When updating the risk register after a risk assessment, which of the following is MOST important to include?

A. Historical losses due to past risk events

B. Cost to reduce the impact and likelihood

C. Likelihood and impact of the risk scenario

D. Actor and threat type of the risk scenario

عرض الإجابة

اجابة صحيحة: C

السؤال #15

Whose risk tolerance matters MOST when making a risk decision?

A. Customers who would be affected by a breach

B. Auditors, regulators and standards organizations

C. The business process owner of the exposed assets

D. The information security manager

عرض الإجابة

اجابة صحيحة: A

السؤال #16

Which of the following BEST indicates the effectiveness of anti-malware software?

A. Number of staff hours lost due to malware attacks

B. Number of downtime hours in business critical servers

C. Number of patches made to anti-malware software

D. Number of successful attacks by malicious software

عرض الإجابة

اجابة صحيحة: A

السؤال #17

A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

A. map findings to objectives

B. provide a quantified detailed analysts

C. recommend risk tolerance thresholds

D. quantify key risk indicators (KRls)

عرض الإجابة

اجابة صحيحة: A

السؤال #18

Which of the following would present the GREATEST challenge when assigning accountability for control ownership?

A. Weak governance structures

B. Senior management scrutiny

C. Complex regulatory environment

D. Unclear reporting relationships

عرض الإجابة

اجابة صحيحة: A

السؤال #19

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

A. A high number of approved exceptions exist with compensating controls

B. Successive assessments have the same recurring vulnerabilities

C. Redundant compensating controls are in place

D. Asset custodians are responsible for defining controls instead of asset owners

عرض الإجابة

اجابة صحيحة: D

السؤال #20

A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

A. conduct a gap analysis against compliance criteria

B. identify necessary controls to ensure compliance

C. modify internal assurance activities to include control validation

D. collaborate with management to meet compliance requirements

عرض الإجابة

اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:

رقم الواتس اب/الهاتف:

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان