QUESTION 161
Which of the following is PRIMARILY a risk management responsivity of the first line in the three lines model?
A. Establishing risk policies and standards
B. Implementing risk treatment plans
C. Validating the status of risk mitigation efforts
D. Conducting independent reviews of risk assessment results
Correct Answer: B
QUESTION 162
Which of the following IS a PRIMARY responsibility of a risk owner?
A. Selecting risk treatment options
B. Identifying risk scenarios
C. Monitoring the organizational risk profile
D. Assessing levels of risk
Correct Answer: A
QUESTION 163
Which of the following is a risk practitioner’s BEST recommendation to senior management when the cost to mitigate a risk scenario exceeds the financial impact should the risk materialize?
A. Increase the organization’s risk appetite.
B. Reassess the risk frequently.
C. Implement the risk mitigation plan.
D. Manage the risk within risk tolerance.
Correct Answer: D
QUESTION 164
An organization recently implemented an automated interface for uploading payment files to its banking system to replace manual processing. Which of the following elements of the risk register is MOST appropriate for the risk practitioner to update to reflect the improved control?
A. Risk scenarios
B. Risk ownership
C. Risk impact
D. Risk likelihood
Correct Answer: D
QUESTION 165
An IT risk practitioner’s report includes a treatment plan and projected risk ratings if recommendations are implemented. Once corrective actions are taken by the system owner, which of the following types of risk will the projected risk become?
A. Residual
B. Inherent
C. Control
D. Compliance
Correct Answer: A
QUESTION 166
The GREATEST benefit of introducing continuous monitoring to an IT control environment is that it:
A. enables timely detection of emerging risk.
B. identifies stakeholders involved in the process.
C. helps to obtain buy-in for future IT investments.
D. enables the collection of benchmarking data.
Correct Answer: A
QUESTION 167
Which of the following is the PRIMARY risk management responsibility of the second line in the three lines model?
A. Providing assurance of control effectiveness
B. Implementing internal controls
C. Applying risk treatments
D. Monitoring risk responses
Correct Answer: D
QUESTION 168
A multinational organization is considering implementing standard background checks for all new employees. A KEY concern regarding this approach is that it may:
A. violate laws in other countries.
B. be too time consuming.
C. be too costly.
D. fail to identify all relevant issues.
Correct Answer: A
QUESTION 169
After the implementation of a remediation plan, an assessment of associated control design and operating effectiveness can determine the level of
A. audit risk.
B. inherent risk.
C. residual risk.
D. aggregated risk.
Correct Answer: C
QUESTION 170
An end-point protection solution is in place to protect workstations from malware. The IT department is trying to determine whether additional protection is warranted. Which of the following is being evaluated?
A. Residual risk
B. Impact analysis
C. Likelihood analysis
D. Inherent risk
Correct Answer: A
QUESTION 171
After the implementation of a blockchain solution, a risk practitioner discovers noncompliance with new industry regulations. Which of the following is the MOST important course of action prior to informing senior management?
A. Implement compensating controls.
B. Evaluate the potential impact.
C. Evaluate the design effectiveness of existing controls.
D. Evaluate the industry response to the new regulations.
Correct Answer: B
QUESTION 172
Which of the following BEST enables the recovery of data that has been encrypted by a ransomware attack?
A. Backing up data using multiple types of media
B. Recovering from the previous backup cycle
C. Using built-in immutable backups
D. Verifying data after backups
Correct Answer: C
QUESTION 173
Which of the following is the MOST important objective of integrating risk management into an organization’s strategic planning?
A. Ensuring continuously effective and efficient business operations
B. Developing IT service continuity and disaster recovery measures
C. Safeguarding business-critical assets from emerging risks
D. Ensuring undesired risk events are identified and transferred
Correct Answer: C
QUESTION 174
Which of the following groups would provide the MOST relevant perspective when reporting loss exposure based on a risk analysis exercise?
A. Independent risk consultants
B. Internal auditors
C. Process owners
D. Senior management
Correct Answer: D
QUESTION 175
Which of the following should senior management do FIRST to address the risk of violating the organization’s ethics policy?
A. Implement a whistleblower policy.
B. Communicate the policy across the organization.
C. Require all organizational employees to sign the policy.
D. Integrate the ethics policy with HR policies.
Correct Answer: B
QUESTION 176
A group of end users received a real phishing email from an external source. Which of the following is the BEST indicator that past awareness training was effective?
A. Percentage of users who clicked on the link
B. Percentage of users who reported receiving the email
C. Number of users who deleted the email without any further action
D. Number of users who opened the email
Correct Answer: B
QUESTION 177
Which of the following is MOST important to define when creating a risk management strategy?
A. Levels of contingency planning
B. Lines for risk reporting
C. Organizational risk tolerance
D. Centralized risk governance structure
Correct Answer: C
QUESTION 178
Which of the following would be MOST important when ensuring that an action plan requiring software changes was properly executed based on an approved risk response?
A. Evaluating newly developed source code for deficiencies
B. Obtaining the risk owner’s sign-off to close the action plan
C. Reviewing the developer’s attestation of code changes
D. Validating change procedures when the code was implemented
Correct Answer: D
QUESTION 179
Which of the following is the PRIMARY goal of enterprise architecture (EA)?
A. To implement a governance framework that aligns with the desired organizational structure
B. To develop and design a technology framework to be used by all IT staff within the organization
C. To document all implemented systems reflecting the architectural views relevant to the IT team
D. To provide a vision of the future state and generate strategy to move from current to future state
Correct Answer: D
QUESTION 180
A key risk indicator (KRI) for technology operations has been above risk thresholds for the last three reporting periods. What is the BEST way for a risk practitioner to address this concern?
A. Initiate corrective actions with the accountable risk owner.
B. Continue monitoring the KRI for changes in subsequent reporting periods.
C. Adjust the original thresholds for the KRI for future reporting periods.
D. Implement forward-looking risk metrics to compare results.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.