Which of the following is the MAIN reason to continuously monitor IT-related risk?
Which of the following is the MOST important consideration when developing an organization's risk taxonomy?
Which of the following is the MOST important outcome of reviewing the risk management process?
Which of the following is the MOST important consideration for prioritizing risk treatment plans when faced with budget limitations?
Which of the following will BEST quantify the risk associated with malicious users in an organization?
An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:
Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?
To implement the MOST effective monitoring of key risk indicators (KRIs), which of the following needs to be in place?
A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:
An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:
The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:
Which of the following is the BEST way to identify changes to the risk landscape?
Which of the following would BEST help to ensure that identified risk is efficiently managed?
Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?
A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?
Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?
Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?
Which of the following is the MOST important characteristic of an effective risk management program?
Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?
Which of the following BEST helps to identify significant events that could impact an organization?
Which of the following is the BEST way for a risk practitioner to present an annual risk management update to the board''
An organization has made a decision to purchase a new IT system. During when phase of the system development life cycle (SDLC) will identified risk MOST likely lead to architecture and design trade-offs?
When developing a response plan to address security incidents regarding sensitive data loss, it is MOST important
Senior management wants to increase investment in the organization's cybersecurity program in response to changes in the external threat landscape. Which of the following would BEST help to prioritize investment efforts?
An organization has decided to commit to a business activity with the knowledge that the risk exposure is higher than the risk appetite. Which of the following is the risk practitioner's MOST important action related to this decision?
After the implementation of internal of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?
Which of the following should be the PRIMARY basis for prioritizing risk responses?
Which of the following BEST enables risk-based decision making in support of a business continuity plan (BCP)?
An organization has experienced a cyber-attack that exposed customer personally identifiable information (Pll) and caused extended outages of network services. Which of the following stakeholders are MOST important to include in the cyber response team to determine response actions?
A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within theorganization of the following, who should review the completed list and select the appropriate KRIs for implementation?
An organization's business gap analysis reveals the need for a robust IT risk strategy. Which of the following should be the risk practitioner's PRIMARY consideration when participating in development of the new strategy?
An organization has asked an IT risk practitioner to conduct an operational risk assessment on an initiative to outsource the organization's customer service operations overseas. Which of the following would MOST significantly impact management's decision?
Which stakeholder is MOST important to include when defining a risk profile during me selection process for a new third party application'?
An organization is adopting block chain for a new financial system. Which of the following should be the GREATEST concern for a risk practitioner evaluating the system's production readiness?
The PRIMARY objective of collecting information and reviewing documentation when performing periodic risk analysis should be to:
Which of the following is the BEST way to help ensure risk will be managed properly after a business process has been re-engineered?
Which of the following is a risk practitioner's MOST important responsibility in managing risk acceptance that exceeds risk tolerance?
During a risk assessment, a key external technology supplier refuses to provide control design and effectiveness information, citing confidentiality concerns. What should the risk practitioner do NEXT?
Which of the following BEST balances the costs and benefits of managing IT risk*?
Which of the following BEST enables a risk practitioner to understand management's approach to organizational risk?
A recent vulnerability assessment of a web-facing application revealed several weaknesses. Which of the following should be done NEXT to determine the risk exposure?
Senior management is deciding whether to share confidential data with the organization's business partners. The BEST course of action for a risk practitioner would be to submit a report to senior management containing the:
A risk practitioner has identified that the agreed recovery time objective (RTO) with a Software as a Service (SaaS) provider is longer than the business expectation. Which of the following is the risk practitioner's BEST course of action?
Which of the following is the BEST way to ensure data is properly sanitized while in cloud storage?
Which of the following is the PRIMARY objective of establishing an organization's risk tolerance and appetite?
What should be the PRIMARY consideration related to data privacy protection when there are plans for a business initiative to make use of personal information?
A bank recently incorporated Blockchain technology with the potential to impact known risk within the organization. Which of the following is the risk practitioner’s BEST course of action?