An organization must make a choice among multiple options to respond to a risk. The stakeholders cannot agree and decide to postpone the decision. Which of the following risk responses has the organization adopted?
Which of the following should be done FIRST when information is no longer required to support business objectives?
Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?
Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?
A violation of segregation of duties is when the same:
Which of the following is MOST important for a risk practitioner to verify when evaluating the effectiveness of an organization's existing controls?
Participants in a risk workshop have become focused on the financial cost to mitigate risk rather than choosing the most appropriate response. Which of the following is the BEST way to address this type of issue in the long term?
An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?
Which of the following is MOST useful when communicating risk to management?
Which of the following will BEST help in communicating strategic risk priorities?
Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?
An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?
Which of the following trends would cause the GREATEST concern regarding the effectiveness of an organization's user access control processes? An increase in the:
An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?
Which of the following is the BEST indication of a mature organizational risk culture?
Which of the following is the MOST effective control to maintain the integrity of system configuration files?
Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?
An information system for a key business operation is being moved from an in-house application to a Software as a Service (SaaS) vendor. Which of the following will have the GREATEST impact on the ability to monitor risk?
When an organization is having new software implemented under contract, which of the following is key to controlling escalating costs?
Which of the following is the BEST course of action to help reduce the probability of an incident recurring?
When evaluating enterprise IT risk management it is MOST important to:
Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?
Which of the following BEST indicates that additional or improved controls ate needed m the environment?
Which of the following is the BEST way to manage the risk associated with malicious activities performed by database administrators (DBAs)?
Which of the following will BEST support management reporting on risk?
Which of the following is the MOST effective way to integrate risk and compliance management?
Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?
Which of the following is the FIRST step when conducting a business impact analysis (BIA)?
Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:
When reviewing a business continuity plan (BCP). which of the following would be the MOST significant deficiency?
A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the BEST course of action?
Which of the following should be the MOST important consideration for senior management when developing a risk response strategy?
Which of the following is the BEST key control indicator (KCI) for risk related to IT infrastructure failure?
Which of the following is the MOST critical element to maximize the potential for a successful security implementation?
Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?
Which of the following is the BEST source for identifying key control indicators (KCIs)?
While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BES reduce the risk associated with such a data breach?
Which of The following should be of GREATEST concern for an organization considering the adoption of a bring your own device (BYOD) initiative?
The PRIMARY objective for requiring an independent review of an organization's IT risk management process should be to:
Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresholds?
The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning process is to:
Which of the following is the BEST Key control indicator KCO to monitor the effectiveness of patch management?
Which of the following is MOST important when developing risk scenarios?
Which of the following MUST be updated to maintain an IT risk register?
Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?
Which of the following would BEST help to address the risk associated with malicious outsiders modifying application data?
Which of the following is MOST important to compare against the corporate risk profile?
A management team is on an aggressive mission to launch a new product to penetrate new markets and overlooks IT risk factors, threats, and vulnerabilities. This scenario BEST demonstrates an organization's risk:
Which of the following is the MOST important reason to link an effective key control indicator (KCI) to relevant key risk indicators (KRIs)?
An organization has initiated a project to launch an IT-based service to customers and take advantage of being the first to market. Which of the following should be of GREATEST concern to senior management?
PDF + Testing Engine
|
---|
$57.75 |
Testing Engine
|
---|
$43.75 |
PDF (Q&A)
|
---|
$36.75 |
Isaca Free Exams |
---|
![]() |