لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
which of the following would qualify as a key performance indicator {KPI} ?
A. number of attacks against the organization's website
B. number of identified system vulnerabilities
C. aggregate risk of the organization
D. number of exception requests processed in the past 10 days
عرض الإجابة
اجابة صحيحة: B
السؤال #2
which of the following is the most important responsibility of a risk owner?
A. establishing the risk register
B. establishing business information criteria
C. testing control design
D. accepting residual risk
عرض الإجابة
اجابة صحيحة: D
السؤال #3
the best way to test the operational effectiveness of a data backup procedure is to:
A. inspect a selection of audit trail and backup logs
B. interview employees to compare actual with except procedures
C. conduct an audit of files stored offsite
D. demonstrate a successful recovery from backup files
عرض الإجابة
اجابة صحيحة: D
السؤال #4
an organization's HR development has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. which of the following is the best key performance indicator (KPI) of the effectiveness of this policy?
A. percentage of staff members seeking exception to the policy
B. percentage of staff members taking leave according to the policy
C. financial loss incurred due to malicious activities during staff members' leave
D. number of malicious activities occurring during staff members' leave
عرض الإجابة
اجابة صحيحة: B
السؤال #5
a change management process has recently been updated with new testing procedures. What is the next course of action?
A. conduct a cost-benefit analysis to justify the cost of the control
B. monitor processes to ensure recent updates are being followed
C. assess the maturity of the change management process
D. communicate to those who test and promote changes
عرض الإجابة
اجابة صحيحة: B
السؤال #6
which of the following is the following is the most effective control to maintain the integrity of system configuration files?
A. monitoring against the configuration standard
B. recording changes to configuration files
C. implementing automated vulnerability scanning
D. restricting access to configuration documentation
عرض الإجابة
اجابة صحيحة: A
السؤال #7
a large organization needs to report risk at all levels for a new centralized project to reduce cost and improve performance. which of the following would most effectively represent the overall risk of the project to senior management?
A. key risk indicators (KPIS)
B. Aggregated key performance indicators (KPIs)
C. risk heat map
D. centralized risk register
عرض الإجابة
اجابة صحيحة: C
السؤال #8
which of the following is the best indicator of the effectiveness of a control action plan's implementation?
A. increased number of control
B. reduced risk level
C. increased risk appetite
D. stakeholder commitment
عرض الإجابة
اجابة صحيحة: B
السؤال #9
which of the following is the most effective control to maintain the integrity of system confutation areas?
A. monitoring against the configuration standard
B. recording changes to configuration files
C. implementing automated vulnerability scanning
D. restricting access to configuration documentation
E. invoke the established incident response plan
F. conduct an immediate risk assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #10
an organization is making significant change to an application. at what point should the application risk profile be updated?
A. upon release to production
B. during, backlog scheduling
C. when reviewing functional requirements
D. after user acceptance testing (UAT)
عرض الإجابة
اجابة صحيحة: C
السؤال #11
a risk practitioner notices a trend of noncompliance reactiveness of a control action plan's would best assist in making a recommendation to
A.
B. reduced risk level
C. increased risk appetite
D. stakeholder commitment
عرض الإجابة
اجابة صحيحة: B
السؤال #12
which of the following is the best way to ensure ongoing control effectiveness?
A. obtaining management control attestations
B. establishing policies and procedures
C. measuring trends in control performance
D. periodically reviewing control design
عرض الإجابة
اجابة صحيحة: C
السؤال #13
within the three lines of defense model, the accountability for the system of internal control resides with:
A. the risk practitioner
B. enterprise risk management
C. the board of directors
D. the chief information officer (CIO)
عرض الإجابة
اجابة صحيحة: C
السؤال #14
a newly hired risk practitioner finds that the risk register has not been updated in the past year. what is the risk practition's best course of action?
A. outsource the process for updating the risk register
B. implement a process improvement and replace the old risk register
C. identify changes in risk factors and initiate risk reviews
D. engage an external consultant to redesign the risk management process
عرض الإجابة
اجابة صحيحة: C
السؤال #15
which of the following is the best approach for determining whether a risk action plan is effective?
A. monitoring changes of key performance indicators (KPIs)
B. assessing changes in residual risk
C. assessing the inherent risk
D. comparing the remediation cost against budget
عرض الإجابة
اجابة صحيحة: B
السؤال #16
which stakeholders are primarily responsible for determining enterprise IT risk appetite?
A. audit and compliance management
B. enterprise risk management and business process owners
C. the chief information officer (CIO) and the chief financial officer (CFO)
D. executive management and the board of directors
عرض الإجابة
اجابة صحيحة: D
السؤال #17
the effectiveness of a control has decreased. what is the most likely effect on the boarded risk?
A. the residual risk changes
B. the risk classification changes
C. the risk impact changes
D. the internet risk changes
عرض الإجابة
اجابة صحيحة: A
السؤال #18
which of the following provides the best measurement of an organization's risk management maturity level?
A. level of residual risk
B. IT alignment to business objectives
C. the result of a gap analysis
D. key risk indicators (KRIS)
عرض الإجابة
اجابة صحيحة: B
السؤال #19
which of the following is the primary reason to establish the root cause of an IT security incident?
A. assign responsibility and account ability for the incident
B. prepare a report for senior management
C. update the risk register
D. avoid recurrence of the incident
عرض الإجابة
اجابة صحيحة: D
السؤال #20
an organization operate in a jurisdiction where heavy fines are imposed for leakage of customer data. which of the following provides the best input to assess the inherent risk impact?
A. Number of customer records held
B. Number of databases that host customer data
C. Number of encrypted customer databases
D. Number of staff members having access to customer data
عرض الإجابة
اجابة صحيحة: B
السؤال #21
An program has opened a subsidiary in a foreign country. which of the following would be the best view to measure the effectiveness of the subsidiary's IT systems controls?
A. review design documentation of IT system
B. implement IT system in alignment with business objectives
C. evaluate compliance with legal and regulatory requirements
D. review metrics and key performance indicators (KPIs)
عرض الإجابة
اجابة صحيحة: C
السؤال #22
what should a risk practitioner do first when vulnerability assessment results identify a weakness in an application
A. Assess the risk to determine mitigation needed
B. Recommend a penetration test
C. Review regular control testing results
D. Analyze key performance indicator's (KPIs)
عرض الإجابة
اجابة صحيحة: A
السؤال #23
The PRIMARY reason for periodically monitoring key risk indicators (KRIS) is to:
A. rectify errors in results of KRIS
B. detect changes in the risk profile
C. reduce costs of risk mitigation controls
D. continually improve risk assessments
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which of the following is a risk practitioner's BEST course of action upon learning that a control under internal review may no longer be necessary?
A. Update the status of the control as obsolete
B. Consult the internal auditor for a second opinion
C. Obtain approval to retire the control
D. verify the effectiveness of the original mitigation plan
عرض الإجابة
اجابة صحيحة: A
السؤال #25
When reviewing a report on the performance of control processes, it is MOST important to verify whether the:
A. residual risk objectives have been achieved
B. control process is designed effectively
C. business process objectives have been met
D. control adheres to regulatory standards
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Deviation from migration action plan's completion date should be determined by end of the following?
A. the risk owner as determined by risk management processes
B. benchmarking analysis with similar complete processes
C. Change management as determined by a change control board
D. Project governance criteria as determined by the project office
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A organization's risk practitioner learns a new third-party system on the corporate network has introduced vulnerabilities that could compromise corporate IT systems. What should the risk practitioner do FIRST?
A. Request IT to remove the system from the network
B. Notify information security management
C. Identify procedures to mitigate the vulnerabilities
D. Confirm the vulnerabilities with the third party
عرض الإجابة
اجابة صحيحة: C
السؤال #28
For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?
A. Conduct a root-cause analysis
B. Temporarily increase the risk threshold
C. Initiate a feasibility study for a new application
D. Suspend processing to investigate the problem
عرض الإجابة
اجابة صحيحة: A
السؤال #29
A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. What is the BEST course of action?
A. Develop an improved password software routine
B. Select another application with strong password controls
C. Obtain management approval for policy exception
D. Continue the implementation with no changes
عرض الإجابة
اجابة صحيحة: A
السؤال #30
deviation from ananalyzation action plan's completion data should be determined by end of the following?
A. The risk owner as determined by risk managers processes
B. Benchmarking analysis with similar completed projects
C. change management as determined by a change control board
D. Project governance criteria as determined by the project office
عرض الإجابة
اجابة صحيحة: A
السؤال #31
which of the following approaches best identifies information systems control definition?
A. Gap analysis
B. best practice assessment
C. counter measures analysis
D. Risk assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #32
once a risk owner has decided to implement a control to mitigate risk, it is most to develop:
A. a process for measuring and reporting control performance
B. a process by passing control procedures in case of exceptions
C. an alternate control design in case of failure of the identified control
عرض الإجابة
اجابة صحيحة: A
السؤال #33
A control gap has been identified in a key process. who would be the MOST appropriation P2the risk associated with this gap?
A. Key control owner
B. Chief information security officer (CISO)
C. Business process owner
D. Operational risk manager
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following should be the PRIMARY recipient of reports showing the progress of a current IT risk mitigation project?
A. Project manager
B. IT risk manager
C. Senior management
D. Project sponsor
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Which of the following best facilitates the development of effective IT risk scenarios?
A. Participated on by IT subject matter experts
B. Utilization of a cross-functional team
C. validation by senior management
D. Integration of contingency planning
عرض الإجابة
اجابة صحيحة: B
السؤال #36
which of the following is the Most effective way to integrate business risk management with IT operations?
A. provide security awareness training
C. Perform periodic IT control self-assessments (CSAs)
D. Perform periodic risk assessments
عرض الإجابة
اجابة صحيحة: D
السؤال #37
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following control weaknesses could have Scontributed MOST to this problem?
A. The programmer did not involve the user in testing
B. The user requirements were not documented
C. Payroll files were not under the control of a librarian
D. The programmer had access to the production programs
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Which of the following is MOST helpful in determining the effectiveness of an organization's IT risk mitigation efforts?
A. Verifying whether risk action plans have been completed
B. Assigning identification dates for risk scenarios in the risk register
C. Reviewing key risk indicators (KRIs)
D. Updating impact assessments for risk scenarios
عرض الإجابة
اجابة صحيحة: C
السؤال #39
An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?
A. Sales manager
B. IT service desk manager
C. Access control manager
D. Customer service manager
عرض الإجابة
اجابة صحيحة: C
السؤال #40
which type of cloud computing deployment provides the consumer the GREAETEST degree of control over the environment?
A. Hybrid cloud
B. Private cloud
C. community cloud
D. public cloud
عرض الإجابة
اجابة صحيحة: B
السؤال #41
During control review, the control owner states that an outing control has deteriorated owner time What is the BEST recommendation to the control owner
A. Certify the control after documenting the concern
B. Implement compensating controls to reduce residual risk
C. Discuss risk mitigation options with the risk owner
D. Excalate the issue to senior management
عرض الإجابة
اجابة صحيحة: B
السؤال #42
Which of the following should be of GREATEST concern for an organization considering the adoption of a bring your own device (BYOD) initiative?
A. Malicious users
B. User support
C. Device corruption
D. Data loss,
عرض الإجابة
اجابة صحيحة: D
السؤال #43
Which of the following will BEST help in communicating strategic risk priorities?
A. Balanced Scorecard
B. Business impact analysis (BIA)
C. Heat map
D. Risk register
عرض الإجابة
اجابة صحيحة: C
السؤال #44
The PRIMARY benefit of classifying information assets is that it helps to:
A. facilitate internal audit
B. determine the appropriate level of control
C. assign risk ownership
D. communicate risk to senior management
عرض الإجابة
اجابة صحيحة: B
السؤال #45
which type of cloud computing deployment provide the construction the GREATEST degree of control over the environment?
A. hybrid cloud
B. private cloud
C. community cloud
D. public cloud
عرض الإجابة
اجابة صحيحة: B
السؤال #46
During a control review, the control owner states that an existing control has deteriorated over time. What is the BEST recommendation to the control owner?
A. certify the control after documenting the concern
B. Implement compensating controls to reduce residual risk
C. Discuss risk mitigation options with the risk owner
D. Excalate the issue to senior management
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following should be of GREATEST concern for an organization considering the adoption of a bring your own device (BYOD) initiative?
A. Malicious users
B. User support
C. Device corruption
D. Data loss,
عرض الإجابة
اجابة صحيحة: D
السؤال #48
Which of the following will BEST help in communicating strategic risk priorities?
A. Balanced Scorecard
B. Business impact analysis (BIA)
C. Heat map
D. Risk register
عرض الإجابة
اجابة صحيحة: C
السؤال #49
The PRIMARY benefit of classifying information assets is that it helps to:
A. facilitate internal audit
B. determine the appropriate level of control
C. assign risk ownership
D. communicate risk to senior management
عرض الإجابة
اجابة صحيحة: B
السؤال #50
which of following is the PRIMARY consideration when establishing an organization management the logic?
A. risk to lesson level
B. benchmarking information
C. resource requirements
D. business context
عرض الإجابة
اجابة صحيحة: D
السؤال #51
which of the following best indicates effective information security incident management?
A. ercentage of high risk security incidents
B.
C. monthly trend of information security-related incident
D. frequency of information security incident response plan testing
عرض الإجابة
اجابة صحيحة: D
السؤال #52
The PRIMARY benefit of conducting continuous monitoring of access controls is the ability to identify
A. inconsistencies between security policies and procedures
B. leading or lagging key risk indicators (KRIs)
C. possible noncompliant activities that lead to data disclosure
D. unknown threats to undermine existing access controls
عرض الإجابة
اجابة صحيحة: C
السؤال #53
The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of:
A. accounts without documented approval
B. user accounts with default passwords
C. active accounts belonging to former personnel
D. accounts with dormant activity
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.