QUESTION 101
What is the MOST important consideration when selecting key performance indicators (KPIs) for control monitoring?
A. Source information is acquired at stable cost.
B. Source information is readily quantifiable.
C. Source information is tailored by removing outliers.
D. Source information is consistently available.
Correct Answer: D
QUESTION 102
Which of the following BEST enables senior management to make risk treatment decisions in line with the organization’s risk appetite?
A. Risk scenarios
B. Quantitative risk analysis
C. Industry risk benchmarks
D. Risk remediation plans
Correct Answer: B
QUESTION 103
Which of the following should be done FIRST to address emerging technology risk?
A. Identify and engage control owners.
B. Evaluate and select risk treatment options.
C. Identify and prioritize assets.
D. Develop targeted training for management and staff.
Correct Answer: C
QUESTION 104
Which of the following is the MOST important risk management activity during project initiation?
A. Establishing a risk mitigation plan
B. Classifying project data
C. Defining key risk indicators (KRIs)
D. Identifying key risk stakeholders
Correct Answer: D
QUESTION 105
Which of the following roles is PRIMARILY accountable for risk associated with business information protection?
A. Data owner
B. Application owner
C. System owner
D. Control owner
Correct Answer: A
QUESTION 106
Which of the following is MOST important for a risk practitioner to verify when periodically reviewing risk response action plans?
A. The action plans treat the corresponding risk.
B. Budget has been allocated for the action plans.
C. The action plans have documented schedules.
D. Key risk indicators (KRIs) are defined in the action plans.
Correct Answer: A
QUESTION 107
Which of the following is the PRIMARY reason to define and use key control indicators (KCIs) within a cloud access security broker (CASB) implementation?
A. KCIs are required for CASB implementation.
B. KCIs can help to identify cloud-based data breaches.
C. KCIs can help organizations evaluate the effectiveness of CASB controls.
D. KCIs can help organizations mitigate risk associated with CASB implementation.
Correct Answer: C
QUESTION 108
Which of the following is the MOST critical success factor (CSF) for the adoption of a three lines of defense model?
A. Key stakeholders are aware of their roles and responsibilities.
B. Escalation procedures are documented and communicated.
C. A centralized risk register is created with comprehensive risk scenarios.
D. Control ownership is assigned to risk owners.
Correct Answer: A
QUESTION 109
An organization recently invested in an identity and access management (IAM) solution to manage user activities across corporate mobile devices. Which of the following is MOST important to update in the risk register?
A. Risk tolerance
B. Risk appetite
C. Residual risk
D. Inherent risk
Correct Answer: C
QUESTION 110
A threat intelligence team has identified an indicator of compromise related to an advanced persistent threat (APT) actor. Which of the following is the risk practitioner’s BEST course of action?
A. Determine the adequacy of existing security controls.
B. Determine the business criticality of the asset.
C. Review the most recent vulnerability scanning report.
D. Review prior security incidents related to the asset.
Correct Answer: B
QUESTION 111
A new control is implemented to reduce risk to an acceptable level. Of the following, who should be assigned ownership of the new control?
A. A member of senior management who oversees IT
B. The individual accountable for the control’s performance
C. The risk practitioner who first identified the IT risk factor
D. The risk owner who determined the need for the new control
Correct Answer: B
QUESTION 112
Which of the following would BEST help a risk practitioner understand both the current state of an organization’s IT capabilities and the strategy to achieve the future state with minimal business disruption?
A. Annual report
B. Business impact analysis (BIA)
C. Multi-year strategy
D. Enterprise architecture (EA) framework
Correct Answer: D
QUESTION 113
Which of the following stakeholders is BEST suited to be the owner of a business continuity control?
A. Service level manager
B. Business process manager
C. Data center operations manager
D. Business information security officer
Correct Answer: C
QUESTION 114
Which of the following is MOST important for a risk practitioner to verify when evaluating policy exceptions that have been approved by management?
A. Internal audit has reviewed and approved the exceptions.
B. Exceptions are documented in the policy.
C. Requestors have signed a risk acceptance form.
D. Exceptions are tracked and regularly reviewed.
Correct Answer: D
QUESTION 115
Which of the following describes the relationship between the first line and the second line of defense?
A. The second line provides independent assurance of controls implemented by the first line.
B. The second line cannot directly intervene when the first line is developing internal control and risk systems.
C. The first line reports to senior management while the second line reports to the governing body.
D. The second line serves as an oversight role to facilitate risk practices implemented by the first line.
Correct Answer: D
QUESTION 116
Which of the following is MOST important to add to the risk register for a remediated risk scenario?
A. Evidence of successfully implemented controls
B. Minutes from control design meetings
C. Notification to technical teams of implementation schedules
D. Sign-off by senior executives
Correct Answer: A
QUESTION 117
A risk practitioner wants to better understand the organization’s environment to assess IT-related business risk. Which of the following would be MOST helpful to review?
A. Most recent IT audit reports
B. Enterprise architecture (EA) documentation
C. Compliance requirements and guidelines
D. Threat intelligence reports
Correct Answer: B
QUESTION 118
Which of the following is the MOST important requirement for monitoring key risk indicators (KRIs) using log analysis?
A. Obtaining logs in an easily readable format
B. Implementing an automated log analysis tool
C. Providing accurate logs in a timely manner
D. Collecting logs from the entire set of IT systems
Correct Answer: C
QUESTION 119
Which of the following controls would BEST mitigate the risk of user passwords being compromised by a man in the middle technique?
A. Require users to change password as frequently as possible.
B. Require users to select long passwords.
C. Implement a passwordless access mechanism.
D. Block user sessions after short periods of inactivity.
Correct Answer: C
QUESTION 120
What would be a risk practitioner’s BEST recommendation when several key performance indicators (KPIs) for a control process fail to meet service level agreements (SLAs)?
A. Adjust the process KPI threshold.
B. Develop an IT risk response plan.
C. Review process efficiency.
D. Review the organization’s IT risk profile.
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.