لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which of the following is MOST important to understand when determining an appropriate risk assessment approach?
A. Complexity of the IT infrastructure
B. Value of information assets
C. Management culture
D. Threats and vulnerabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following should be management's PRIMARY consideration when approving risk response action plans?
A. Ability of the action plans to address multiple risk scenarios
B. Ease of implementing the risk treatment solution
C. Changes in residual risk after implementing the plans
D. Prioritization for implementing the action plans
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which of the following provides the BEST evidence that risk mitigation plans have been implemented effectively?
A. Self-assessments by process owners
B. Mitigation plan progress reports
C. Risk owner attestation
D. Change in the level of residual risk
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?
A. Sensitivity analysis
B. Level of residual risk
C. Cost-benefit analysis
D. Risk appetite
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following is the MAIN reason for documenting the performance of controls?
A. Obtaining management sign-off
B. Demonstrating effective risk mitigation
C. Justifying return on investment
D. Providing accurate risk reporting
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following would be MOST helpful when estimating the likelihood of negative events?
A. Business impact analysis
B. Threat analysis
C. Risk response analysis
D. Cost-benefit analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #7
The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:
A. plan awareness programs for business managers
B. evaluate maturity of the risk management process
C. assist in the development of a risk profile
D. maintain a risk register based on noncompliances
عرض الإجابة
اجابة صحيحة: A
السؤال #8
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
A. Describe IT risk scenarios in terms of business risk
B. Recommend the formation of an executive risk council to oversee IT risk
C. Provide an estimate of IT system downtime if IT risk materializes
D. Educate business executives on IT risk concepts
عرض الإجابة
اجابة صحيحة: C
السؤال #9
A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?
A. Impact
B. Residual risk
C. Inherent risk
D. Risk appetite
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which of the following attributes of a key risk indicator (KRI) is MOST important?
A. Repeatable
B. Automated
C. Quantitative
D. Qualitative
عرض الإجابة
اجابة صحيحة: C
السؤال #11
A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches. Which of the following elements of the risk register is MOST important to update to reflect this change?
A. Risk impact
B. Risk trend
C. Risk appetite
D. Risk likelihood
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which of the following is MOST important to the integrity of a security log?
A. Least privilege access
B. Inability to edit
C. Ability to overwrite
D. Encryption
عرض الإجابة
اجابة صحيحة: B
السؤال #13
The PRIMARY purpose of IT control status reporting is to:
A. ensure compliance with IT governance strategy
B. assist internal audit in evaluating and initiating remediation efforts
C. benchmark IT controls with Industry standards
D. facilitate the comparison of the current and desired states
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following is MOST helpful in aligning IT risk with business objectives?
A. Introducing an approved IT governance framework
B. Integrating the results of top-down risk scenario analyses
C. Performing a business impact analysis (BlA)
D. Implementing a risk classification system
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
A. Providing oversight of risk management processes
B. Implementing processes to detect and deter fraud
C. Ensuring that risk and control assessments consider fraud
D. Monitoring the results of actions taken to mitigate fraud
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?
A. Conduct a comprehensive compliance review
B. Develop incident response procedures for noncompliance
C. Investigate the root cause of noncompliance
D. Declare a security breach and Inform management
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system. These scenarios will be owned by the system manager. Which of the following would be the BEST method to use when developing the scenarios?
A. Cause-and-effect diagram
B. Delphi technique
C. Bottom-up approach
D. Top-down approach
عرض الإجابة
اجابة صحيحة: A
السؤال #18
A large organization is replacing its enterprise resource planning (ERP) system and has decided not to deploy the payroll module of the new system. Instead, the current payroll system will continue to be used. Of the following, who should own the risk if the ERP and payroll system fail to operate as expected?
A. The business owner
B. The ERP administrator
C. The project steering committee
D. The IT project manager
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Which of the following is the BEST course of action to reduce risk impact?
A. Create an IT security policy
B. Implement corrective measures
C. Implement detective controls
D. Leverage existing technology
عرض الإجابة
اجابة صحيحة: B
السؤال #20
The MOST effective way to increase the likelihood that risk responses will be implemented is to:
A. create an action plan
B. assign ownership
C. review progress reports
D. perform regular audits
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?
A. Assess the vulnerability management process
B. Conduct a control serf-assessment
C. Conduct a vulnerability assessment
D. Reassess the inherent risk of the target
عرض الإجابة
اجابة صحيحة: B
السؤال #22
An organization has completed a project to implement encryption on all databases that host customer data. Which of the following elements of the risk register should be updated the reflect this change?
A. Risk likelihood
B. Inherent risk
C. Risk appetite
D. Risk tolerance
عرض الإجابة
اجابة صحيحة: D
السؤال #23
The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?
A. Escalate to senior management
B. Require a nondisclosure agreement
C. Sanitize portions of the register
D. Determine the purpose of the request
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: