An organizational policy requires critical security patches to be deployed in production within three weeks of patch availability. Which of the following is the BEST metric to verify adherence to the policy?
A multinational company needs to implement a new centralized security system. The risk practitioner has identified a conflict between the organization's data-handling policy and local privacy regulations. Which of the following would be the BEST recommendation?
Which of the following is the ULTIMATE objective of utilizing key control indicators (KCIs) in the risk management process?
Which of the following BEST helps to mitigate risk associated with excessive access by authorized users?
It was discovered that a service provider's administrator was accessing sensitive information without the approval of the customer in an Infrastructure as a Service (laaS) model. Which of the following would BEST protect against a future recurrence?
Who is the BEST person to an application system used to process employee personal data?
Which of the following is the MOST important consideration when prioritizing risk response?
Which of the following is the MOST effective way to help ensure future risk levels do not exceed the organization's risk appetite?
Which of the following is the BEST recommendation to address recent IT risk trends that indicate social engineering attempts are increasing in the organization?
Which of the following is MOST useful input when developing risk scenarios?
During a post-implementation review for a new system, users voiced concerns about missing functionality. Which of the following is the BEST way for the organization to avoid this situation in the future?
Which of the following is the BEST approach when a risk treatment plan cannot be completed on time?
An organization operates in an environment where the impact of ransomware attacks is high, with a low likelihood. After quantifying the impact of the risk associated with ransomware attacks exceeds the organization's risk appetite and tolerance, which of the following is the risk practitioner's BEST recommendation?
Which of the following is the BEST metric to demonstrate the effectiveness of an organization's patch management process?
A penetration testing team discovered an ineffectively designed access control. Who is responsible for ensuring the control design gap is remediated?
A key risk indicator (KRI) that incorporates data from external open-source threat intelligence sources has shown changes in risk trend data. Which of the following is MOST important to update in the risk register?
Which of the following BEST facilitates the development of relevant risk scenarios?
When assigning control ownership, it is MOST important to verify that the owner has accountability for:
Which of the following would BEST prevent an unscheduled application of a patch?
A robotic process automation (RPA) project has implemented new robots to enhance the efficiency of a sales business process. Which of the following provides the BEST evidence that the new controls have been implemented successfully?
A global organization is considering the transfer of its customer information systems to an overseas cloud service provider in the event of a disaster. Which of the following should be the MOST important risk consideration?
An organization recently experienced a cyber attack that resulted in the loss of confidential customer data. Which of the following is the risk practitioner's BEST recommendation after recovery steps have been completed?
An organization needs to send files to a business partner to perform a quality control audit on the organization’s record-keeping processes. The files include personal information on the organization's customers. Which of the following is the BEST recommendation to mitigate privacy risk?
Warning banners on login screens for laptops provided by an organization to its employees are an example of which type of control?
A user has contacted the risk practitioner regarding malware spreading laterally across the organization's corporate network. Which of the following is the risk practitioner’s BEST course of action?
Which of the following is MOST important for the organization to consider before implementing a new in-house developed artificial intelligence (Al) solution?
Which of the following should be of MOST concern to a risk practitioner reviewing the system development life cycle (SDLC)?
An application development team has a backlog of user requirements for a new system that will process insurance claim payments for customers. Which of the following should be the MOST important consideration for a risk-based review of the user requirements?
Who is accountable for authorizing application access in a cloud Software as a Service (SaaS) solution?
Which of the following is the MOST important reason to communicate control effectiveness to senior management?
Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?
Which of the following should be done FIRST upon learning that the organization will be affected by a new regulation in its industry?
One of an organization's key IT systems cannot be patched because the patches interfere with critical business application functionalities. Which of the following would be the risk practitioner's BEST recommendation?
An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner's FIRST course of action?
Analyzing trends in key control indicators (KCIs) BEST enables a risk practitioner to proactively identify impacts on an organization's:
Which of the following is the BEST way to determine whether new controls mitigate security gaps in a business system?
Which of the following should be the GREATEST concern for an organization that uses open source software applications?
Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?
When of the following provides the MOST tenable evidence that a business process control is effective?
Determining if organizational risk is tolerable requires:
Which of the following poses the GREATEST risk to an organization's operations during a major it transformation?
Which of the following is the MOST important consideration when sharing risk management updates with executive management?
Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?
When of the following is the BEST key control indicator (KCI) to determine the effectiveness of en intrusion prevention system (IPS)?
Which of the following is the MOST common concern associated with outsourcing to a service provider?
Winch of the following is the BEST evidence of an effective risk treatment plan?
The PRIMARY advantage of involving end users in continuity planning is that they:
Which of the following is the BEST way to quantify the likelihood of risk materialization?
Which of the following is necessary to enable an IT risk register to be consolidated with the rest of the organization’s risk register?
Print jobs containing confidential information are sent to a shared network printer located in a secure room. Which of the following is the BEST control to prevent the inappropriate disclosure of confidential information?
PDF + Testing Engine
|
---|
$57.75 |
Testing Engine
|
---|
$43.75 |
PDF (Q&A)
|
---|
$36.75 |
Isaca Free Exams |
---|
|