QUESTION 21
Which of the following is the MOST important course of action to ensure the security of data transmitted from Internet of Things (IoT) consumer devices?
A. Developing incident response plans
B. Performing regular patch management
C. Enforcing the physical security of devices
D. Enabling data encryption options
Correct Answer: D
QUESTION 22
Before selecting a final risk response option for a given risk scenario, management should FIRST.
A. evaluate the organization’s ability to implement the solution.
B. evaluate the risk response of similar sized organizations.
C. determine control ownership.
D. determine the remediation timeline.
Correct Answer: A
QUESTION 23
Which of the following is the MOST effective way to ensure professional ethics are maintained as a core organizational value and adhered to by employees?
A. Include professional ethics in the corporate value statement
B. Establish a code of conduct document for employees to sign.
C. Include professional ethics criteria as part of performance appraisals.
D. Establish a channel for employees to report unethical behavior.
Correct Answer: C
QUESTION 24
Which of the following BEST enables an organization to manage risk against insider threats?
A. Data loss prevention (DLP) solution
B. Data log monitoring system
C. Data process mapping
D. Data classification scheme
Correct Answer: A
QUESTION 25
An organization is implementing a mobile application management tool on all company-owned and user-owned devices to minimize privacy risk. Which of the following presents the GREATEST concern?
A. Administrators can remotely wipe private data without user consent.
B. Application interfaces need to be developed for some enterprise applications.
C. Privacy impact assessments (PIAs) are not conducted.
D. Personal information from the tool is processed via cloud services.
Correct Answer: C
QUESTION 26
The PRIMARY purpose of conducting a privacy impact assessment (PIA) within an organization is to:
A. address privacy risk associated with consent rights.
B. manage privacy risk throughout the data life cycle.
C. mitigate privacy risk applicable to data regulations.
D. implement cost-effective privacy risk controls.
Correct Answer: B
QUESTION 27
A newly created IT risk management function is planning to document the organization’s IT risk universe. Which of the following would be MOST helpful to identify the IT scope?
A. Enterprise architecture (EA) model
B. IT risk register
C. Security architecture diagram
D. Security strategic plan
Correct Answer: A
QUESTION 28
Which of the following is the MOST important consideration when creating a risk report for senior management?
A. Management’s risk appetite has been reviewed.
B. Residual risk levels have been validated.
C. The risk report includes a heat map.
D. The report has been automatically generated.
Correct Answer: A
QUESTION 29
Which of the following situations would cause the GREATEST concern around the integrity of application logs?
A. Use of hashing algorithms
B. Weak privileged access management controls
C. Lack of a security information and event management (SIEM) system
D. Lack of data classification policies
Correct Answer: A
QUESTION 30
An organization’s current cloud service provider is located in a foreign country with recent regulatory changes that conflict with the organization’s local privacy regulations. Which of the following is the organization’s BEST course of action?
A. Ensure compliance with local legislation because it has a higher priority.
B. Terminate the current cloud contract and migrate to a local cloud provider.
C. Accept the risk because foreign legislation does not apply to the organization.
D. Conduct a risk assessment and develop mitigation options.
Correct Answer: B
QUESTION 31
When developing IT risk scenarios associated with a new line of business, which of the following would be MOST helpful to review?
A. Organizational threats
B. Cost-benefit analysis
C. Resource allocation plan
D. Competitor analysis
Correct Answer: A
QUESTION 32
Avoiding a business activity removes the need to determine:
A. systemic risk
B. inherent risk.
C. control risk.
D. residual risk.
Correct Answer: D
QUESTION 33
Which of the following is the GREATEST benefit of successfully incorporating professional ethics into an organization’s risk management practices?
A. Facilitating risk identification by business units
B. Building trust with stakeholders
C. Improving adherence to industry standards
D. Obtaining evidence of compliance with regulations
Correct Answer: B
QUESTION 34
A risk practitioner is collaborating with key stakeholders to prioritize a large number of IT risk scenarios. Which scenarios should receive the PRIMARY focus?
A. Scenarios with the highest risk impact to the business
B. Scenarios with the largest budget allocation for risk mitigation
C. Scenarios with the highest frequency of incidents
D. Scenarios with the highest number of open audit issues
Correct Answer: A
QUESTION 35
Which of the following is MOST important when identifying an organization’s risk exposure associated with Internet of Things (IoT) devices?
A. Visibility into all networked devices
B. Manual testing of device vulnerabilities
C. Management sign-off on the scope
D. Defined remediation plans
Correct Answer: A
QUESTION 36
Which of the following is the BEST method to track asset inventory?
A. Asset registration form
B. Automated asset management software
C. IT resource budgeting process
D. Periodic asset review by management
Correct Answer: B
QUESTION 37
An organization has observed an increasing trend of social engineering attempts facilitated by phishing emails. Which control type is the risk practitioner’s BEST recommendation to reduce the risk likelihood?
A. Compensating
B. Preventive
C. Corrective
D. Detective
Correct Answer: B
QUESTION 38
Which of the following BEST reduces the likelihood of employees unintentionally disclosing sensitive information to outside parties?
A. Regular employee security awareness training
B. An egress intrusion detection system (IDs)
C. Sensitive information classification and handling policies
D. Anti-malware controls on endpoint devices
Correct Answer: A
QUESTION 39
Which of the following is the PRIMARY benefit of implementing key control indicators (KCIs)?
A. Confirming the adequacy of recovery plans
B. Reducing the number of incidents
C. Providing early detection of control degradation
D. Improving compliance with control standards
Correct Answer: C
QUESTION 40
A risk practitioner has learned that the number of emergency change management tickets without subsequent approval has doubled from the same period of the previous year. Which of the following is the MOST important action for the risk practitioner to take?
A. Review the cause of the control failure.
B. Recommend remedial training.
C. Temporarily suspend emergency changes.
D. Initiate a review of the change management process.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.