QUESTION 61
The PRIMARY objective of a business impact analysis (BIA) is to determine
A. the impact of losing the support of key business resources.
B. how long the business can withstand a loss before becoming insolvent.
C. whether the impact of a risk event is within the organization’s risk appetite.
D. the suitability of the recovery time objective (RTO) and recovery point objective (RPO).
Correct Answer: A
QUESTION 62
Which of the following situations would cause the GREATEST concern around the integrity of application logs?
A. Weak privileged access management controls
B. Lack of a security information and event management (SIEM) system
C. Use of hashing algorithms
D. Lack of data classification policies
Correct Answer: A
QUESTION 63
Which of the following BEST facilitates the process of documenting risk tolerance?
A. Creating a risk register
B. Interviewing management
C. Researching industry standards
D. Conducting a risk assessment
Correct Answer: B
QUESTION 64
A risk practitioner wants to identify potential risk events that affect the continuity of a critical business process. Which of the following should the risk practitioner do FIRST?
A. Evaluate current risk management alignment with relevant regulations.
B. Conduct a benchmarking exercise against industry peers.
C. Determine if business continuity procedures are reviewed and updated on a regular basis.
D. Review the methodology used to conduct the business impact analysis (BIA).
Correct Answer: D
QUESTION 65
A system implementation project must go live with unresolved defects. Which of the following is the risk practitioner’s BEST course of action?
A. Request additional testing of the defects to establish readiness of the system.
B. Present risk assessment results to the project steering committee.
C. Establish key risk indicators (KRIs) to track the risk trend of the defects.
D. Review the business case to confirm realization of project objectives and benefits
Correct Answer: B
QUESTION 66
Which of the following is the BEST course of action for a system administrator who suspects a colleague may be intentionally weakening a system’s validation controls in order to pass through fraudulent transactions?
A. Implement compensating controls to deter fraud attempts.
B. Monitor the activity to collect evidence.
C. Determine whether the system environment has flaws that may motivate fraud attempts.
D. Share the concern through a whistleblower communication channel.
Correct Answer: D
QUESTION 67
Which of the following is the PRIMARY business justification for an organization to perform process mapping of its enterprise architecture (EA) model?
A. Facilitating regulatory compliance
B. Supporting operational goals
C. Simplifying control implementation
D. Managing complexity successfully
Correct Answer: D
QUESTION 68
Which of the following is the MOST important key risk indicator (KRI) to protect personal information on corporate mobile endpoints?
A. Percentage of endpoints that are not encrypted
B. Ratio of undiscoverable endpoints to encrypted endpoints
C. Percentage of endpoints with outdated antivirus signatures
D. Number of endpoints not compliant with patching policy
Correct Answer: A
QUESTION 69
An organization’s risk profile indicates that residual risk levels have fallen significantly below management’s risk appetite. Which of the following is the BEST course of action?
A. Optimize controls.
B. Increase risk appetite.
C. Decrease monitoring of residual risk levels.
D. Add more risk scenarios to the risk register.
Correct Answer: A
QUESTION 70
Which of the following is MOST important to consider when determining risk appetite?
A. Risk heat map
B. Service level agreements (SLAs)
C. IT capacity
D. Risk culture
Correct Answer: D
QUESTION 71
Following a business continuity planning exercise, an organization decides to accept an identified risk associated with a critical business system. Which of the following should be done NEXT?
A. Document the decision-making process and considerations used.
B. Perform a business impact analysis (BIA) to assess the impact of the risk.
C. Develop a control to reduce the level of the risk.
D. Develop a disaster recovery plan (DRP) and business continuity plan (BCP) to ensure resiliency.
Correct Answer: A
QUESTION 72
Which of the following controls would BEST enable a project management office (PMO) to identify and eliminate recurring issues on IT projects?
A. Recording the appropriate project risk in the project register
B. Performing lessons learned on project closeout
C. Managing the projects as a program or portfolio
D. Implementing performance management for project managers
Correct Answer: B
QUESTION 73
The role of the risk management function in IT project management is to:
A. reduce project cost by eliminating risk to the project.
B. support the project team in identifying and responding to risk.
C. update and publish the project risk register on a regular basis.
D. implement project status checks to avoid financial risk.
Correct Answer: B
QUESTION 74
An organization is developing a security risk awareness training program for the IT help desk and has asked the risk practitioner for suggestions. In addition to technical topics, which of the following is MOST important to recommend be included in the training?
A. Security policy review
B. Identity verification procedures
C. The business continuity plan (BCP)
D. Password selection options
Correct Answer: B
QUESTION 75
Which of the following BEST prevents unauthorized access to customer personal data transmitted to third-party service providers?
A. Requiring service providers to report privacy breaches
B. Implementing and reviewing data sharing controls
C. Ensuring service providers comply with laws and regulations
D. Reviewing and testing service providers’ business continuity plans (BCPs)
Correct Answer: B
QUESTION 76
Which of the following is MOST important to consider when selecting the physical location for a data center?
A. Proximity to emergency service providers
B. Proximity to support teams
C. Availability of contract workers
D. Likelihood of a natural disaster
Correct Answer: D
QUESTION 77
Which of the following is the MOST effective approach to reduce mean time to identify advanced persistent threats (APTs)?
A. Conduct frequent internal audits of IT systems.
B. Review information from threat intelligence sources.
C. Define a comprehensive set of key risk indicators (KRIs).
D. Document thorough IT risk scenarios in the risk register.
Correct Answer: B
QUESTION 78
What would be the MAIN concern associated with a decentralized IT function maintaining multiple risk registers?
A. Aggregate risk within the IT function may exceed the organization’s appetite.
B. Risk treatment efforts within the IT function may overlap one another.
C. Related IT risk scenarios in the IT function may be updated at different times.
D. Duplicate IT risk scenarios may be documented across the organization.
Correct Answer: A
QUESTION 79
An organization has implemented a DevOps model for software release and a software developer has administrative access to a production application. Which of the following should be of GREATEST concern to a risk practitioner?
A. There is no detailed log to support accountability.
B. Passwords are not changed periodically.
C. Access management standards are not updated annually.
D. An annual entitlement review has not been performed.
Correct Answer: A
QUESTION 80
A local organization is in the process of merging its operations with an organization that operates globally. Which of the following is the MOST effective way for a risk practitioner to ensure the combined enterprise remains compliant with all legal and regulatory requirements?
A. Create a program to handle common regulations with supplements for regional exceptions.
B. Obtain periodic regulatory attestations for regions outside the local organization’s headquarters.
C. Implement bottom-up compliance reporting from each business unit.
D. Engage the local organization’s internal audit department to review regulatory compliance.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.