An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An organization allows programmers to change production systems in emergency situations. Which of the following is the BEST control?
Which of the following activities is a responsibility of the second line of defense?
What is the MOST important consideration when selecting key performance indicators (KPIs) for control monitoring?
A poster has been displayed in a data center that reads. "Anyone caught taking photographs in the data center may be subject to disciplinary action." Which of the following control types has been implemented?
Which of the following is the MOST important reason to restrict access to the risk register on a need-to-know basis?
A failure in an organization’s IT system build process has resulted in several computers on the network missing the corporate endpoint detection and response (EDR) software. Which of the following should be the risk practitioner's IMMEDIATE concern?
Which of the following presents the GREATEST privacy risk related to personal data processing for a global organization?
Which of the following is a PRIMARY objective of privacy impact assessments (PIAs)?
A risk practitioner finds that data has been misclassified. Which of the following is the GREATEST concern?
A risk practitioner is performing a risk assessment of recent external advancements in quantum computing. Which of the following would pose the GREATEST concern for the risk practitioner?
When creating a separate IT risk register for a large organization, which of the following is MOST important to consider with regard to the existing corporate risk 'register?
Senior management has requested more information regarding the risk associated with introducing a new application into the environment. Which of the following should be done FIRST?
Which of the following is the PRIMARY advantage of having a single integrated business continuity plan (BCP) rather than each business unit developing its own BCP?
Which of the following is the PRIMARY reason to adopt key control indicators (KCIs) in the risk monitoring and reporting process?
A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?
Which of the following is the MOST critical element to maximize the potential for a successful security implementation?
An IT department has provided a shared drive for personnel to store information to which all employees have access. Which of the following parties is accountable for the risk of potential loss of confidential information?
Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?
The BEST reason to classify IT assets during a risk assessment is to determine the:
An employee lost a personal mobile device that may contain sensitive corporate information. What should be the risk practitioner's recommendation?
Which of the following should be done FIRST when developing a data protection management plan?
Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?
A risk practitioner is preparing a report to communicate changes in the risk and control environment. The BEST way to engage stakeholder attention is to:
Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery test of critical business processes?
A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?
Which of the following will help ensure the elective decision-making of an IT risk management committee?
From a risk management perspective, the PRIMARY objective of using maturity models is to enable:
Who should be PRIMARILY responsible for establishing an organization's IT risk culture?
Which of the following would require updates to an organization's IT risk register?
Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?
Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?
Which of the following is the BEST indicator of an effective IT security awareness program?
Which of the following is the BEST indication of a mature organizational risk culture?
Which of the following is MOST important when considering risk in an enterprise risk management (ERM) process?
An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:
A business unit is implementing a data analytics platform to enhance its customer relationship management (CRM) system primarily to process data that has been provided by its customers. Which of the following presents the GREATEST risk to the organization's reputation?
Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?
When reviewing a report on the performance of control processes, it is MOST important to verify whether the:
Which of the following is MOST important for an organization to update following a change in legislation requiring notification to individuals impacted by data breaches?
Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?
A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?
Which of the following is the BEST way for an organization to enable risk treatment decisions?
Which of the following BEST enforces access control for an organization that uses multiple cloud technologies?
Which of the following will be MOST effective in uniquely identifying the originator of electronic transactions?
Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?
Which of the following is the MOST important consideration for protecting data assets m a Business application system?