After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?
Which of the following is MOST important when developing key performance indicators (KPIs)?
A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:
A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. Which of the following is MOST likely to change as a result of this implementation?
An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?
Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?
An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?
Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?
Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?
When a high number of approved exceptions are observed during a review of a control procedure, an organization should FIRST initiate a review of the:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?
Which of the following should be the HIGHEST priority when developing a risk response?
An organization wants to assess the maturity of its internal control environment. The FIRST step should be to:
Establishing and organizational code of conduct is an example of which type of control?
Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?
Which of the following is the BEST method for assessing control effectiveness?
A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:
When an organization's business continuity plan (BCP) states that it cannot afford to lose more than three hours of a critical application's data, the three hours is considered the application’s:
A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?
Which of the following BEST enables effective risk-based decision making?
Which of the following would be MOST useful when measuring the progress of a risk response action plan?
An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:
Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?
Which of the following is the MOST effective key performance indicator (KPI) for change management?
Which of the following is the BEST method to identify unnecessary controls?
After several security incidents resulting in significant financial losses, IT management has decided to outsource the security function to a third party that provides 24/7 security operation services. Which risk response option has management implemented?
Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:
Which of the following would BEST provide early warning of a high-risk condition?
Which of the following is the MOST important consideration when sharing risk management updates with executive management?
During which phase of the system development life cycle (SDLC) should information security requirements for the implementation of a new IT system be defined?
The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?
Which of the following should be a risk practitioner's NEXT step upon learning the impact of an organization's noncompliance with a specific legal regulation?
Which of the following is the MOST important factor affecting risk management in an organization?
An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?
The acceptance of control costs that exceed risk exposure is MOST likely an example of:
A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?
Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?
Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?
A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?
Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?
Which of the following will BEST mitigate the risk associated with IT and business misalignment?
Which of the following is the MOST important element of a successful risk awareness training program?
Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?
An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?
Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?
Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?
Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?
It is MOST appropriate for changes to be promoted to production after they are:
PDF + Testing Engine
|
---|
$66 |
Testing Engine
|
---|
$50 |
PDF (Q&A)
|
---|
$42 |
Isaca Free Exams |
---|
![]() |