لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing?
A. IT security assessment
B. IT audit
C. Threat and vulnerability assessment
D. Risk assessment
عرض الإجابة
اجابة صحيحة: CDE
السؤال #2
A risk practitioner has determined that a key control does not meet design expectations. Which of the following should be done NEXT?
A. Document the finding in the risk register
B. Invoke the incident response plan
C. Re-evaluate key risk indicators
D. Modify the design of the control
عرض الإجابة
اجابة صحيحة: C
السؤال #3
An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?
A. Service level agreement
B. Customer service reviews
C. Scope of services provided
D. Right to audit the provider
عرض الإجابة
اجابة صحيحة: D
السؤال #4
An effective control environment is BEST indicated by controls that:
A. minimize senior management's risk tolerance
B. manage risk within the organization's risk appetite
C. reduce the thresholds of key risk indicators (KRIs)
D. are cost-effective to implement
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?
A. In order to avoid risk
B. Complex metrics require fine-tuning
C. Risk reports need to be timely
D. Threats and vulnerabilities change over time
عرض الإجابة
اجابة صحيحة: B
السؤال #6
You are the risk professional in Bluewell Inc. A risk is identified and enterprise wants to quickly implement control by applying technical solution that deviates from the company's policies. What you should do?
A. Recommend against implementation because it violates the company's policies
B. Recommend revision of the current policy
C. Recommend a risk assessment and subsequent implementation only if residual risk is accepted
D. Conduct a risk assessment and allow or disallow based on the outcome
عرض الإجابة
اجابة صحيحة: D
السؤال #7
For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"
A. Level 3
B. Level 0
C. Level 5
D. Level 2
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Risk management strategies are PRIMARILY adopted to:
A. take necessary precautions for claims and losses
B. achieve acceptable residual risk levels
C. avoid risk for business and IT assets
D. achieve compliance with legal requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Jane, the Director of Sales, contacts you and demands that you add a new feature to the software your project team is creating for the organization. In the meeting she tells you how important the scope change would be. You explain to her that the software is almost finished and adding a change now could cause the deliverable to be late, cost additional funds, and would probably introduce new risks to the project. Jane stands up and says to you, "I am the Director of Sales and this change will happen in the
A. Include the change in the project scope immediately
B. Direct your project team to include the change if they have time
D. Report Jane to your project sponsor and then include the change
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?
A. Ongoing availability of data
B. Ability to aggregate data
C. Ability to predict trends
D. Availability of automated reporting systems
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Jane is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are referred to as?
A. Contingency risks
B. Benefits
C. Residual risk
D. Opportunities
عرض الإجابة
اجابة صحيحة: C
السؤال #12
The MOST important characteristic of an organization s policies is to reflect the organization's:
A. risk assessment methodology
B. risk appetite
C. capabilities
D. asset value
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which of the following is an output of risk assessment process?
A. Identification of risk
B. Identification of appropriate controls
C. Mitigated risk
D. Enterprise left with residual risk
عرض الإجابة
اجابة صحيحة: A
السؤال #14
01.Which of the following is the BEST indicator that incident response training is effective?
A. ecreased reporting of security incidents to the response team
B. ncreased reporting of security incidents to the response team
C. ecreased number of password resets
D. ncreased number of identified system vulnerabilities
عرض الإجابة
اجابة صحيحة: b
السؤال #15
08.In an operational review of the processing environment, which indicator would be MOST beneficial?
A. ser satisfaction
B. udit findings
C. egulatory changes
D. anagement changes
عرض الإجابة
اجابة صحيحة: a
السؤال #16
Which of the following will significantly affect the standard information security governance model?
A. Currency with changing legislative requirements
B. Number of employees
C. Complexity of the organizational structure
D. Cultural differences between physical locations
عرض الإجابة
اجابة صحيحة: B
السؤال #17
When it appears that a project risk is going to happen, what is this term called?
A. Issue
B. Contingency response
C. Trigger
D. Threshold
عرض الإجابة
اجابة صحيحة: DBC
السؤال #18
You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project? Each correct answer represents a complete solution. Choose all that apply.
A. Project scope statement
B. Cost management plan
C. Risk register
D. Organizational process assets
عرض الإجابة
اجابة صحيحة: D
السؤال #19
What is the BEST information to present to business control owners when justifying costs related to controls?
A. Loss event frequency and magnitude
B. The previous year's budget and actuals
C. Industry benchmarks and standards
D. Return on IT security-related investments
عرض الإجابة
اجابة صحيحة: D
السؤال #20
While defining the risk management strategies, what are the major parts to be determined first? Each correct answer represents a part of the solution. Choose two.
A. IT architecture complexity
B. Organizational objectives
C. Risk tolerance
D. Risk assessment criteria
عرض الإجابة
اجابة صحيحة: B
السؤال #21
04.Which of the following is MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
A. he approved budget of the project
B. he frequency of incidents
C. he annual loss expectancy of incidents
D. he total cost of ownership
عرض الإجابة
اجابة صحيحة: d
السؤال #22
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."
A. Quality management plan B
C. Risk register
D. Project charter
عرض الإجابة
اجابة صحيحة: C
السؤال #23
A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:
A. updating the risk register
B. documenting the risk scenarios
C. validating the risk scenarios
D. identifying risk mitigation controls
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Risks with low ratings of probability and impact are included for future monitoring in which of the following?
A. Risk alarm
B. Observation list
C. Watch-list
D. Risk register
عرض الإجابة
اجابة صحيحة: C
السؤال #25
The BEST reason to classify IT assets during a risk assessment is to determine the:
A. priority in the risk register
B. business process owner
C. enterprise risk profile
D. appropriate level of protection
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which of the following is the final step in the policy development process?
A. Management approval
B. Continued awareness activities
C. Communication to employees
D. Maintenance and review
عرض الإجابة
اجابة صحيحة: B
السؤال #27
03.An enterprise learns of a security breach at another entity using similar network technology. The MOST important action for a risk practitioner is to:
A. ssess the likelihood of the incident occurring at the risk practitioner’s enterprise
B. iscontinue the use of the vulnerable technology
C. eport to senior management that the enterprise is not affected
D. emind staff that no similar security breaches have taken place
عرض الإجابة
اجابة صحيحة: a
السؤال #28
You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize
A. Risk identification
B. Risk trigger
C. Risk event
D. Risk response
عرض الإجابة
اجابة صحيحة: C
السؤال #29
You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning. What is the best reason for the duplicate risk identification sessions?
A. The iterative meetings allow all stakeholders to participate in the risk identification processes throughout the project phases
B. The iterative meetings allow the project manager to discuss the risk events which have passed the project and which did not happen
C. The iterative meetings allow the project manager and the risk identification participants to identify newly discovered risk events throughout the project
D. The iterative meetings allow the project manager to communicate pending risks events during project execution
عرض الإجابة
اجابة صحيحة: C
السؤال #30
David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engaged in electronic commerce (e-commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?
A. Acceptance
B. Avoidance
C. Exploit
D. Enhance
عرض الإجابة
اجابة صحيحة: ABC
السؤال #31
Which of the following risk register updates is MOST important for senior management to review?
A. Extending the date of a future action plan by two months
B. Retiring a risk scenario no longer used
C. Avoiding a risk that was previously accepted
D. Changing a risk owner
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: