QUESTION 1
Which of the following is a PRIMARY responsibility of a control owner?
A. Monitoring status of risk response
B. Identifying trends in the risk profile
C. Selecting controls to mitigate risk
D. Assessing levels of risk
Correct Answer: C
QUESTION 2
Which of the following is the MOST important course of action to foster an ethical, risk-aware culture?
A. Establish an enterprise-wide ethics training and awareness program.
B. Perform a comprehensive review of all applicable legislative frameworks and requirements.
C. Implement a fraud detection and prevention framework.
D. Ensure the alignment of the organization’s policies and standards to the defined risk appetite.
Correct Answer: A
QUESTION 3
Which of the following is the MOST important requirement when implementing a data loss prevention (DLP) system?
A. Selecting an encryption solution
B. Determining the value of data
C. Identifying users who have access
D. Defining the data retention period
Correct Answer: B
QUESTION 4
In response to recent cyber threats, an organization has introduced new security risk metrics. Which of the following would be of GREATEST concern to senior management?
A. Risk reports with new metrics have not been shared with internal audit.
B. Risk thresholds of the new metrics are yet to be validated.
C. The new risk metrics do not have historical trending information.
D. A number of existing security metrics are yet to be reviewed.
Correct Answer: B
QUESTION 5
An organization has recently implemented an emerging technology across multiple business units. Which of the following is the responsibility of the control owners in the impacted department?
A. Analyze and update control assessments for changes.
B. Perform a business impact analysis (BIA) on the controls.
C. Perform a gap analysis of the impacted processes.
D. Review and document classifications for controls.
Correct Answer: A
QUESTION 6
Which of the following has the GREATEST positive impact on ethical compliance within the risk management process?
A. Employees are required to complete ethics training courses annually.
B. An independent ethics investigation team has been established.
C. Senior management demonstrates ethics in their day-to-day decision making.
D. The risk practitioner is required to consult with the ethics committee.
Correct Answer: C
QUESTION 7
When assigning an IT risk owner, it is ESSENTIAL that the owner has:
A. oversight of the IT function.
B. authority to commit resources to manage the risk.
C. ownership of the service where the risk exists.
D. relevant experience with risk mitigation strategy.
Correct Answer: B
QUESTION 8
Which of the following should be done FIRST upon learning that the organization will be affected by a new regulation in its industry?
A. Transfer the risk.
B. Perform a gap analysis.
C. Determine risk appetite for the new regulation.
D. Implement specific monitoring controls.
Correct Answer: B
QUESTION 9
Which of the following should be done FIRST when a new risk scenario has been identified?
A. Estimate the residual risk.
B. Identify the risk owner.
C. Establish key risk indicators (KRIs).
D. Design control improvements.
Correct Answer: B
QUESTION 10
Which of the following BEST indicates the risk appetite and tolerance level for the risk associated with business interruption caused by IT system failures?
A. Incident management service level agreement (SLA)
B. Mean time to recover (MTTR)
C. Recovery time objective (RTO)
D. IT system criticality classification
Correct Answer: C
QUESTION 11
After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable +t enterprise to accomplish this objective?
A. Increased training and monitoring for disaster recovery personnel who perform below expectations
B. Annual review and updates to the disaster recovery plan (DRP)
C. Increased outsourcing of disaster recovery capabilities to ensure reliability
D. Continuous testing of disaster recovery capabilities with implementation of lessons learned
Correct Answer: D
QUESTION 12
When identifying improvements focused on the information asset life cycle, which of the following is CRITICAL for enabling data interoperability?
A. Segregation
B. Standardization
C. Replication
D. Sanitization
Correct Answer: B
QUESTION 13
Which of the following should a CIO review to obtain a holistic view of IT performance when identifying potential gaps in service delivery?
A. Staff performance evaluations
B. Return on investment (ROI) analysis
C. Service level agreement (SLA) reporting
D. Key performance indicators (KPIs)
Correct Answer: D
QUESTION 14
new regulation requires a large bank to include cyber-related risks within its enterprise risk profile when reporting compliance. Which of the following is the bank’s BEST strategy?
A. Focus on system-level tracking of cyber risks to perform exclusive cyber risk aggregation.
B. Maintain a separate cybersecurity risk management process for compliance reporting.
C. Rely on industry benchmarking to determine acceptable risk exposure levels.
D. Use a standard approach to map cyber risk consequences to business objectives.
Correct Answer: D
QUESTION 15
Within the context of governance reporting, which of the following is MOST useful for communicating whether the chosen IT strategy is working effectively?
A. Service level agreement (SLA) results
B. Self-assessment results
C. Key risk indicators (KRIs)
D. Key performance indicators (KPIs)
Correct Answer: D
QUESTION 16
Which of the following is MOST likely to have a negative impact on accountability for information risk ownership?
A. The same person is listed as both the control owner and the risk owner for the information.
B. The risk owner is a department manager, and the control owner is a member of the risk owner’s staff.
C. Information risk is assigned to a department, and an individual owner has not been assigned.
D. The risk owner and the control owner of the information do not work in the same department.
Correct Answer: C
QUESTION 17
What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?
A. It enables the tracing of data to business functions.
B. It ensures the adoption of enterprise data quality standards.
C. It facilitates appropriate access to data consumers.
D. improves communication with senior management and the business.
Correct Answer: A
QUESTION 18
Which of the following should be done FIRST when designing an IT balanced scorecard?
A. Analyze the business strategy.
B. Review the IT resource plan.
C. Develop key performance indicators (KPIs).
D. Communicate to stakeholders.
Correct Answer: A
QUESTION 19
Which of the following metrics is MOST useful to ensure IT services meet business requirements?
A. Number of discontinued business transformation programs
B. Frequency of IT services risk profile updates
C. Frequency of IT policy updates
D. Number of business disruptions due to IT incidents
Correct Answer: D
QUESTION 20
An enterprise is developing a business intelligence system that uses structured and unstructured data from its applications. Which of the following is the MOST important consideration when deploying the system?
A. Data ownership
B. Data availability
C. Data classification
D. Data quality
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.