Which of the following would BEST enable mitigation of newly identified risk factors related to internet of Things (loT)?
Which of the following process controls BEST mitigates the risk of an employee issuing fraudulent payments to a vendor?
A risk practitioner is involved in a comprehensive overhaul of the organizational risk management program. Which of the following should be reviewed FIRST to help identify relevant IT risk scenarios?
A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the value added by the platform and the organization's risk appetite. Which of the following is the risk practitioner's BEST course of action?
A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?
The software version of an enterprise's critical business application has reached end-of-life and is no longer supported by the vendor. IT has decided to develop an in-house replacement application. Which of the following should be the PRIMARY concern?
Which of the following scenarios presents the GREATEST risk of noncompliance with data privacy best practices?
A MAJOR advantage of using key risk indicators (KRIs) is that they:
A global organization has implemented an application that does not address all privacy requirements across multiple jurisdictions. Which of the following risk responses has the organization adopted with regard to privacy requirements?
A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?
Which of the following is the GREATEST risk associated with inappropriate classification of data?
Which of the following is the PRIMARY objective of aggregating the impact of IT risk scenarios and reflecting the results in the enterprise risk register?
Which of the following is BEST measured by key control indicators (KCIs)?
A data center has recently been migrated to a jurisdiction where heavy fines will be imposed should leakage of customer personal data occur. Assuming no other changes to the operating environment, which factor should be updated to reflect this situation as an input to scenario development for this particular risk event?
Which of the following is a risk practitioner's BEST recommendation to help reduce IT risk associated with scheduling overruns when starting a new application development project?
An incentive program is MOST likely implemented to manage the risk associated with loss of which organizational asset?
The BEST way for management to validate whether risk response activities have been completed is to review:
An organization has built up its cash reserves and has now become financially able to support additional risk while meeting its objectives. What is this change MOST likely to impact?
A risk practitioner's BEST guidance to help an organization develop relevant risk scenarios is to ensure the scenarios are:
Which of the following is the BEST way to protect sensitive data from administrators within a public cloud?
Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise's brand on Internet sites?
Which of the following is MOST important for a multinational organization to consider when developing its security policies and standards?
An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner's FIRST course of action?
Which of the following is MOST important when identifying an organization's risk exposure associated with Internet of Things (loT) devices?
Which of the following is the GREATEST concern related to the monitoring of key risk indicators (KRIs)?
Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?
When creating a separate IT risk register for a large organization, which of the following is MOST important to consider with regard to the existing corporate risk 'register?
Which of the following is the BEST response when a potential IT control deficiency has been identified?
Which of the following BEST prevents control gaps in the Zero Trust model when implementing in the environment?
An organization has established a contract with a vendor that includes penalties for loss of availability. Which risk treatment has been adopted by the organization?
Which of the following BEST enables the development of a successful IT strategy focused on business risk mitigation?
Which of the following is the GREATEST concern associated with the use of artificial intelligence (AI) language models?
An organization's decision to remain noncompliant with certain laws or regulations is MOST likely influenced by:
Which of the following provides the MOST useful input to the development of realistic risk scenarios?
An organization has updated its acceptable use policy to mitigate the risk of employees disclosing confidential information. Which of the following is the BEST way to reinforce the effectiveness of this policy?
An organization has contracted with a cloud service provider to support the deployment of a new product. Of the following, who should own the associated risk?
A risk practitioner learns that a risk owner has been accepting gifts from a supplier of IT products. Some of these IT products are used to implement controls and to mitigate risk to acceptable levels. Which of the following should the risk practitioner do FIRST?
A risk practitioner has been notified of a social engineering attack using artificial intelligence (AI) technology to impersonate senior management personnel. Which of the following would BEST mitigate the impact of such attacks?
If concurrent update transactions to an account are not processed properly, which of the following will MOST likely be affected?
Which of the following outcomes of disaster recovery planning is MOST important to enable the initiation of necessary actions during a disaster?
Which of the following is the MOST important document regarding the treatment of sensitive data?
After conducting a risk assessment for regulatory compliance, an organization has identified only one possible mitigating control. The cost of the control has been determined to be higher than the penalty of noncompliance. Which of the following would be the risk practitioner's BEST recommendation?
Which of the following is MOST important to consider when assessing the likelihood that a recently discovered software vulnerability will be exploited?
Which of the following is the BEST key performance indicator (KPI) to measure the ability to deliver uninterrupted IT services?
What is a risk practitioner's BEST approach to monitor and measure how quickly an exposure to a specific risk can affect the organization?
The percentage of unpatched systems is a:
Where is the FIRST place a risk practitioner should look to identify accountability for a specific risk?
Which of the following is BEST measured by key control indicators (KCIs)?
A large organization recently restructured the IT department and has decided to outsource certain functions. What action should the control owners in the IT department take?
An organization wants to transfer risk by purchasing cyber insurance. Which of the following would be MOST important for the risk practitioner to communicate to senior management for contract negotiation purposes?
PDF + Testing Engine
|
---|
$66 |
Testing Engine
|
---|
$50 |
PDF (Q&A)
|
---|
$42 |
Isaca Free Exams |
---|
![]() |