لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following would be MOST helpful to a risk owner when making risk-aware decisions?
A. Risk exposure expressed in business terms
B. Recommendations for risk response options
C. Resource requirements for risk responses
D. List of business areas affected by the risk
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
A. Risk appetite statement
B. Enterprise risk management framework
C. Risk management policies
D. Risk register
عرض الإجابة
اجابة صحيحة: A
السؤال #3
During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. The overall control environment may still be effective if:
A. compensating controls are in place
B. a control mitigation plan is in place
C. risk management is effective
D. residual risk is accepted
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Which of the following is the MOST effective way to integrate risk and compliance management?
A. Embedding risk management into compliance decision-making
B. Designing corrective actions to improve risk response capabilities
C. Embedding risk management into processes that are aligned with business drivers
D. Conducting regular self-assessments to verify compliance
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following is the BEST evidence that risk management is driving business decisions in an organization?
A. Compliance breaches are addressed in a timely manner
B. Risk ownership is identified and assigned
C. Risk treatment options receive adequate funding
D. Residual risk is within risk tolerance
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?
A. Number of users that participated in the DRP testing
B. Number of issues identified during DRP testing
C. Percentage of applications that met the RTO during DRP testing
D. Percentage of issues resolved as a result of DRP testing
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:
A. identification
B. treatment
C. communication
D. assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #8
An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?
A. Invoke the disaster recovery plan during an incident
B. Prepare a cost-benefit analysis of alternatives available
C. Implement redundant infrastructure for the application
D. Reduce the recovery time by strengthening the response team
عرض الإجابة
اجابة صحيحة: C
السؤال #9
From a business perspective, which of the following is the MOST important objective of a disaster recovery test?
A. The organization gains assurance it can recover from a disaster
B. Errors are discovered in the disaster recovery process
C. All business critical systems are successfully tested
D. All critical data is recovered within recovery time objectives (RTOs)
عرض الإجابة
اجابة صحيحة: B
السؤال #10
A PRIMARY function of the risk register is to provide supporting information for the development of an organization's risk:
A. strategy
B. profile
C. process
D. map
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?
A. Encrypted storage of data
B. Links to source data
C. Audit trails for updates and deletions
D. Check totals on data records and data fields
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which of the following is the MAIN reason to continuously monitor IT-related risk?
A. To redefine the risk appetite and risk tolerance levels based on changes in risk factors
B. To update the risk register to reflect changes in levels of identified and new IT-related risk
C. To ensure risk levels are within acceptable limits of the organization's risk appetite and risk tolerance
D. To help identify root causes of incidents and recommend suitable long-term solutions
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Which of the following should be the PRIMARY input when designing IT controls?
A. Benchmark of industry standards
B. Internal and external risk reports
C. Recommendations from IT risk experts
D. Outcome of control self-assessments
عرض الإجابة
اجابة صحيحة: A
السؤال #14
A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?
A. Business continuity director
B. Disaster recovery manager
C. Business application owner
D. Data center manager
عرض الإجابة
اجابة صحيحة: B
السؤال #15
A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?
A. Perform their own risk assessment
B. Implement additional controls to address the risk
C. Accept the risk based on the third party's risk assessment
D. Perform an independent audit of the third party
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following should be considered when selecting a risk response?
A. Risk scenarios analysis
B. Risk response costs
C. Risk factor awareness
D. Risk factor identification
عرض الإجابة
اجابة صحيحة: D
السؤال #17
After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?
A. The risk practitioner
B. The business process owner
C. The risk owner
D. The control owner
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?
A. Key risk indicator (KRI) thresholds
B. Inherent risk
C. Risk likelihood and impact
D. Risk velocity
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Whether the results of risk analyses should be presented in quantitative or qualitative terms should be based PRIMARILY on the:
A. requirements of management
B. specific risk analysis framework being used
C. organizational risk tolerance
D. results of the risk assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #20
During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?
A. Data validation
B. Identification
C. Authentication
D. Data integrity
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Which of the following roles would provide the MOST important input when identifying IT risk scenarios?
A. Information security managers
B. Internal auditors
C. Business process owners
D. Operational risk managers
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Which of the following statements in an organization's current risk profile report is cause for further action by senior management?
A. Key performance indicator (KPI) trend data is incomplete
B. New key risk indicators (KRIs) have been established
C. Key performance indicators (KPIs) are outside of targets
D. Key risk indicators (KRIs) are lagging
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which of the following is MOST useful when communicating risk to management?
A. Risk policy
B. Audit report
C. Risk map
D. Maturity model
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?
A. User provisioning
B. Role-based access controls
C. Security log monitoring
D. Entitlement reviews
عرض الإجابة
اجابة صحيحة: C
السؤال #25
During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?
A. Business process owners
B. Business process consumers
C. Application architecture team
D. Internal audit
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.