Which of the following is the MOST important benefit of key risk indicators (KRIs)'

Which of the following is the BEST method to identify unnecessary controls?

Which of the following will BEST help in communicating strategic risk priorities?

Which of the following BEST helps to balance the costs and benefits of managing IT risk?

Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?

An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?

Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

Which of the following is the PRIMARY reason to perform ongoing risk assessments?

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?

Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?

Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?

The risk associated with an asset before controls are applied can be expressed as:

Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?

When prioritizing risk response, management should FIRST:

Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?

Which of the following is the MOST critical element to maximize the potential for a successful security implementation?

A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization Which of the following i< the MOST important topic to cover in this training?

The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. The risk practitioner should report to management that the risk has been:

IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would be MOST helpful?

An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan. Which of the following is the risk practitioner's BEST course of action?

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments: After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments: Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

The PRIMARY advantage of implementing an IT risk management framework is the:

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

The PRIMARY objective for requiring an independent review of an organization's IT risk management process should be to:

Which of the following would be- MOST helpful to understand the impact of a new technology system on an organization's current risk profile?