Which of the following is the PRIMARY reason for a risk practitioner to report changes and trends in the IT risk profile to senior management?
Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise's brand on Internet sites?
A bank has outsourced its statement printing function to an external service provider. Which of the following is the MOST critical requirement to include in the contract?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST indication of the effectiveness of a business continuity program?
Which of the following is the MOST important element of a successful risk awareness training program?
Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?
What should a risk practitioner do FIRST when vulnerability assessment results identify a weakness in an application?
A risk practitioner is reporting on an increasing trend of ransomware attacks in the industry. Which of the following information is MOST important to include to enable an informed response decision by key stakeholders?
Which of the following will BEST help an organization select a recovery strategy for critical systems?
Which of the following criteria is MOST important when developing a response to an attack that would compromise data?
An organization has implemented a system capable of comprehensive employee monitoring. Which of the following should direct how the system is used?
A risk practitioner notices a trend of noncompliance with an IT-related control. Which of the following would BEST assist in making a recommendation to management?
Which of the following should be included in a risk assessment report to BEST facilitate senior management's understanding of the results?
A software developer has administrative access to a production application. Which of the following should be of GREATEST concern to a risk practitioner?
Which of the following is the MOST important consideration when sharing risk management updates with executive management?
What should a risk practitioner do FIRST upon learning a risk treatment owner has implemented a different control than what was specified in the IT risk action plan?
The BEST key performance indicator (KPI) to measure the effectiveness of a vendor risk management program is the percentage of:
Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?
Which of the following BEST helps to identify significant events that could impact an organization?
Vulnerability analysis
An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?
Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?
Which of the following provides the BEST assurance of the effectiveness of vendor security controls?
Which of the following would be the result of a significant increase in the motivation of a malicious threat actor?
The BEST key performance indicator (KPI) to measure the effectiveness of the security patching process is the percentage of patches installed:
Which of the following provides the MOST comprehensive information when developing a risk profile for a system?
When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:
A financial institution has identified high risk of fraud in several business applications. Which of the following controls will BEST help reduce the risk of fraudulent internal transactions?
While reviewing the risk register, a risk practitioner notices that different business units have significant variances in inherent risk for the same risk scenario. Which of the following is the BEST course of action?
Which of the following should be the GREATEST concern for an organization that uses open source software applications?
An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?
An organization planning to transfer and store its customer data with an offshore cloud service provider should be PRIMARILY concerned with:
Which of the following is MOST important to compare against the corporate risk profile?
A service provider is managing a client’s servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue. The service provider’s MOST appropriate action would be to:
Which of the following BEST mitigates the risk of sensitive personal data leakage from a software development environment?
Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?
An organization outsources the processing of us payroll data A risk practitioner identifies a control weakness at the third party trial exposes the payroll data. Who should own this risk?
Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?
When developing risk treatment alternatives for a Business case, it is MOST helpful to show risk reduction based on:
Employees are repeatedly seen holding the door open for others, so that trailing employees do not have to stop and swipe their own ID badges. This behavior BEST represents:
Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?
Which of the following controls BEST helps to ensure that transaction data reaches its destination?