Which of the following is the PRIMARY reason to establish the root cause of an IT security incident?
An organization's risk tolerance should be defined and approved by which of the following?
Which of the following is the MOST effective way to help ensure an organization's current risk scenarios are relevant?
Which of the following should be the risk practitioner s FIRST course of action when an organization has decided to expand into new product areas?
A control owner responsible for the access management process has developed a machine learning model to automatically identify excessive access privileges. What is the risk practitioner's BEST course of action?
Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?
Which of the following IT key risk indicators (KRIs) provides management with the BEST feedback on IT capacity?
A risk practitioner shares the results of a vulnerability assessment for a critical business application with the business manager. Which of the following is the NEXT step?
An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:
During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?
Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners. Which of the following is MOST likely to change as a result?
After identifying new risk events during a project, the project manager s NEXT step should be to:
A risk practitioner notices that a particular key risk indicator (KRI) has remained below its established trigger point for an extended period of time. Which of the following should be done FIRST?
Which of the following is the BEST indicator of the effectiveness of a control action plan's implementation?
Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?
The PRIMARY purpose of using control metrics is to evaluate the:
A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to:
The MOST essential content to include in an IT risk awareness program is how to:
The PRIMARY purpose of vulnerability assessments is to:
An internally developed payroll application leverages Platform as a Service (PaaS) infrastructure from the cloud. Who owns the related data confidentiality risk?
Which of the following provides the BEST evidence that risk mitigation plans have been implemented effectively?
Which of the following would be MOST relevant to stakeholders regarding ineffective control implementation?
A recent audit identified high-risk issues in a business unit though a previous control self-assessment (CSA) had good results. Which of the following is the MOST likely reason for the difference?
The PRIMARY basis for selecting a security control is:
For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?
The BEST way to test the operational effectiveness of a data backup procedure is to:
Which of the following can be interpreted from a single data point on a risk heat map?
Which of the following is MOST influential when management makes risk response decisions?
Which of the following activities is PRIMARILY the responsibility of senior management?
Quantifying the value of a single asset helps the organization to understand the:
A department has been granted an exception to bypass the existing approval process for purchase orders. The risk practitioner should verify the exception has been approved by which of the following?
An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?
A risk practitioner has just learned about new done FIRST?
The PRIMARY purpose of a maturity model is to compare the:
IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:
An organization has received notification that it is a potential victim of a cybercrime that may have compromised sensitive customer data. What should be The FIRST course of action?
Which of the following is the GREATEST concern associated with the transmission of healthcare data across the internet?
What is MOST important for the risk practitioner to understand when creating an initial IT risk register?
The PRIMARY benefit of classifying information assets is that it helps to:
Which of the following is the BEST indicator of the effectiveness of a control monitoring program?
Which of the following BEST indicates that an organizations risk management program is effective?
Which of the following BEST enables a proactive approach to minimizing the potential impact of unauthorized data disclosure?
The risk associated with a high-risk vulnerability in an application is owned by the:
Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?
Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?
Which of the following is the MOST important information to be communicated during security awareness training?
Which of the following would provide the MOST comprehensive information for updating an organization's risk register?
An organization is making significant changes to an application. At what point should the application risk profile be updated?
When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?
PDF + Testing Engine
|
---|
$66 |
Testing Engine
|
---|
$50 |
PDF (Q&A)
|
---|
$42 |
Isaca Free Exams |
---|
|