Join the discussion
Question 1/663
A maturity model will BEST indicate:
Correct Answer: B
According to Wikipedia1, a maturity model is a framework for measuring an organization's maturity, or that of a business function within an organization, with maturity being defined as a measurement of the ability of an organization for continuous improvement in a particular discipline. A maturity model will best indicate the effectiveness and efficiency of an organization or a business function, as it helps to evaluate how well they achieve their intended objectives with minimum resources, time, and cost. A maturity model also helps to identify and prioritize the areas and opportunities for improvement, and to establish and communicate the standards and best practices for the discipline. References = Wikipedia1
Add Comments
- Other Question (663q)
- Q1. A maturity model will BEST indicate:
- Q2. Which of the following is the PRIMARY purpose of creating and documenting control procedur...
- Q3. Which of the following BEST supports the management of identified risk scenarios?...
- Q4. When collecting information to identify IT-related risk, a risk practitioner should FIRST ...
- Q5. The risk to an organization's reputation due to a recent cybersecurity breach is PRIMARILY...
- Q6. What should a risk practitioner do FIRST when vulnerability assessment results identify a ...
- Q7. When creating a separate IT risk register for a large organization, which of the following...
- Q8. Which of the following should an organization perform to forecast the effects of a disaste...
- Q9. Who is BEST suited to provide information to the risk practitioner about the effectiveness...
- Q10. If concurrent update transactions to an account are not processed properly, which of the f...
- Q11. Which of the following is the BEST key performance indicator (KPI) to measure the effectiv...
- Q12. Prior to selecting key performance indicators (KPIs), itis MOST important to ensure:...
- Q13. Which of the following is MOST important when conducting a post-implementation review as p...
- Q14. Which of the following approaches BEST identifies information systems control deficiencies...
- Q15. A PRIMARY function of the risk register is to provide supporting information for the devel...
- Q16. Which of the following is the MOST important consideration for prioritizing risk treatment...
- Q17. Which of the following BEST mitigates the risk associated with inadvertent data leakage by...
- Q18. Which of the following is the BEST control to detect an advanced persistent threat (APT)?...
- Q19. A data center has recently been migrated to a jurisdiction where heavy fines will be impos...
- Q20. Which of the following risk activities is BEST facilitated by enterprise architecture (EA)...
- Q21. Which of the following is the FIRST step in risk assessment?...
- Q22. Which of the following is a drawback in the use of quantitative risk analysis?...
- Q23. It is MOST important for a risk practitioner to have an awareness of an organization s pro...
- Q24. What information is MOST helpful to asset owners when classifying organizational assets fo...
- Q25. IT management has asked for a consolidated view into the organization's risk profile to en...
- Q26. Which of the following should be the PRIMARY driver for the prioritization of risk respons...
- Q27. Which of the following will BEST ensure that controls adequately support business goals an...
- Q28. Which of the following is the BEST method for determining an enterprise's current appetite...
- Q29. When an organization's business continuity plan (BCP) states that it cannot afford to lose...
- Q30. An organization allows programmers to change production systems in emergency situations. W...
- Q31. Which of the following will BEST help to ensure implementation of corrective action plans?...
- Q32. Which of the following would be MOST useful when measuring the progress of a risk response...
- Q33. Which of the following is MOST important to ensure risk management practices are effective...
- Q34. Read" rights to application files in a controlled server environment should be approved by...
- Q35. Which of the following is the MOST important consideration when selecting digital signatur...
- Q36. Which of the following is the BEST approach to use when creating a comprehensive set of IT...
- Q37. Which of the following is the PRIMARY purpose of periodically reviewing an organization's ...
- Q38. Which of the following is the BEST control for a large organization to implement to effect...
- Q39. Which of the following is an IT business owner's BEST course of action following an unexpe...
- Q40. Which of the following is MOST important for an organization that wants to reduce IT opera...
- Q41. Which of the following is the BEST indicator of the effectiveness of a control monitoring ...
- Q42. The PRIMARY purpose of a maturity model is to compare the:...
- Q43. Which of the following presents the GREATEST security risk associated with Internet of Thi...
- Q44. Which of the following would MOST likely drive the need to review and update key performan...
- Q45. A segregation of duties control was found to be ineffective because it did not account for...
- Q46. Who is PRIMARILY accountable for risk treatment decisions?...
- Q47. An organization has just started accepting credit card payments from customers via the cor...
- Q48. An organization has determined a risk scenario is outside the defined risk tolerance level...
- Q49. A systems interruption has been traced to a personal USB device plugged into the corporate...
- Q50. Which of the following is BEST used to aggregate data from multiple systems to identify ab...
- Q51. Which of the following is the PRIMARY objective for automating controls?...
- Q52. Which of the following poses the GREATEST risk to an organization's operations during a ma...
- Q53. A business unit is updating a risk register with assessment results for a key project. Whi...
- Q54. Following a significant change to a business process, a risk practitioner believes the ass...
- Q55. Which of the following approaches will BEST help to ensure the effectiveness of risk aware...
- Q56. Which of the following should be the FIRST course of action if the risk associated with a ...
- Q57. Which of the following BEST enables the development of a successful IT strategy focused on...
- Q58. During an IT department reorganization, the manager of a risk mitigation action plan was r...
- Q59. The PRIMARY purpose of IT control status reporting is to:...
- Q60. Which of the following emerging technologies is frequently used for botnet distributed den...
- Q61. Which of the following is MOST important when considering risk in an enterprise risk manag...
- Q62. Which of the following should be a risk practitioner's NEXT step upon learning the impact ...
- Q63. Which of the following proposed benefits is MOST likely to influence senior management app...
- Q64. In the three lines of defense model, a PRIMARY objective of the second line is to:...
- Q65. An organization has four different projects competing for funding to reduce overall IT ris...
- Q66. Which of the following is MOST likely to be impacted as a result of a new policy which all...
- Q67. Which of the following actions should a risk practitioner do NEXT when an increased indust...
- Q68. Which of the following is a specific concern related to machine learning algorithms?...
- Q69. Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?...
- Q70. A financial institution has identified high risk of fraud in several business applications...
- Q71. Which of the following would present the GREATEST challenge when assigning accountability ...
- Q72. Which of the following is MOST important when developing key risk indicators (KRIs)?...
- Q73. Which of the following should be the GREATEST concern for an organization that uses open s...
- Q74. An organization is concerned that a change in its market situation may impact the current ...
- Q75. An organization learns of a new ransomware attack affecting organizations worldwide. Which...
- Q76. Which of the following would be a risk practitioner's GREATEST concern related to the moni...
- Q77. Management has required information security awareness training to reduce the risk associa...
- Q78. Which of the following is the PRIMARY benefit of integrating risk and security requirement...
- Q79. Which of the following is MOST important to the effective monitoring of key risk indicator...
- Q80. Which of the following BEST informs decision-makers about the value of a notice and consen...
- Q81. A risk practitioner has learned that an effort to implement a risk mitigation action plan ...
- Q82. Which of the following events is MOST likely to trigger the need to conduct a risk assessm...
- Q83. Which of the following should be the starting point when performing a risk analysis for an...
- Q84. Which of the following risk register elements is MOST likely to be updated if the attack s...
- Q85. In order to determining a risk is under-controlled the risk practitioner will need to...
- Q86. Which of the following is the BEST way to ensure adequate resources will be allocated to m...
- Q87. Senior management is deciding whether to share confidential data with the organization's b...
- Q88. Which of the following will be MOST effective in uniquely identifying the originator of el...
- Q89. Which of the following would be a risk practitioner's BEST course of action when a project...
- Q90. Which of the following will BEST help to ensure the continued effectiveness of the IT risk...
- Q91. Which of the following BEST enables an organization to determine whether external emerging...
- Q92. Which of the following should be the PRIMARY focus of an IT risk awareness program?...
- Q93. Who is responsible for IT security controls that are outsourced to an external service pro...
- Q94. Which of the following would BEST help to ensure that identified risk is efficiently manag...
- Q95. Which of the following is the BEST way to determine the potential organizational impact of...
- Q96. Which of the following is the MOST important consideration when implementing ethical remot...
- Q97. Which of the following BEST protects organizational data within a production cloud environ...
- Q98. Which of the following should be the risk practitioner s PRIMARY focus when determining wh...
- Q99. A hospital recently implemented a new technology to allow virtual patient appointments. Wh...
- Q100. Accountability for a particular risk is BEST represented in a:...
- Q101. When of the following 15 MOST important when developing a business case for a proposed sec...
- Q102. Which of the following would be a weakness in procedures for controlling the migration of ...
- Q103. An organization's risk tolerance should be defined and approved by which of the following?...
- Q104. Which of the following would present the GREATEST challenge for a risk practitioner during...
- Q105. A risk practitioner is reviewing accountability assignments for data risk in the risk regi...
- Q106. Which of the following is MOST important for the organization to consider before implement...
- Q107. Which of the following BEST indicates the condition of a risk management program?...
- Q108. Which of the following can be interpreted from a single data point on a risk heat map?...
- Q109. A control owner has completed a year-long project To strengthen existing controls. It is M...
- Q110. Which of The following should be of GREATEST concern for an organization considering the a...
- Q111. Mapping open risk issues to an enterprise risk heat map BEST facilitates:...
- Q112. Which of the following should be of MOST concern to a risk practitioner reviewing the syst...
- Q113. Which of the following is the MOST important benefit of implementing a data classification...
- Q114. A risk practitioner recently discovered that sensitive data from the production environmen...
- Q115. Which of the following would provide the MOST helpful input to develop risk scenarios asso...
- Q116. Which of the following is the MOST important element of a successful risk awareness traini...
- Q117. Which of the following is the BEST way to determine the value of information assets for ri...
- Q118. Which of the following is the PRIMARY reason to establish the root cause of an IT security...
- Q119. Which of the following presents the GREATEST challenge for an IT risk practitioner who wan...
- Q120. Which of the following provides the BEST measurement of an organization's risk management ...
- Q121. An organization has identified the need to implement an asset tiering model to establish t...
- Q122. Which of the following would be the GREATEST concern related to data privacy when implemen...
- Q123. Which of the following will BEST ensure that information security risk factors are mitigat...
- Q124. Which of the following would be MOST beneficial as a key risk indicator (KRI)?...
- Q125. Which of the following is MOST helpful to management when determining the resources needed...
- Q126. An organization has decided to implement an emerging technology and incorporate the new ca...
- Q127. Which of the following is the BEST way to quantify the likelihood of risk materialization?...
- Q128. An organization's IT team has proposed the adoption of cloud computing as a cost-saving me...
- Q129. An organization is participating in an industry benchmarking study that involves providing...
- Q130. In an organization where each division manages risk independently, which of the following ...
- Q131. From a business perspective, which of the following is the MOST important objective of a d...
- Q132. Which of the following BEST enables a proactive approach to minimizing the potential impac...
- Q133. Which of the following BEST prevents control gaps in the Zero Trust model when implementin...
- Q134. Which of the following is MOST important to include when reporting the effectiveness of ri...
- Q135. Which of the following will BEST support management repotting on risk?...
- Q136. Which of the following is the BEST evidence that risk management is driving business decis...
- Q137. What is the BEST approach for determining the inherent risk of a scenario when the actual ...
- Q138. Which of the following is MOST critical to the design of relevant risk scenarios?...
- Q139. To help ensure all applicable risk scenarios are incorporated into the risk register, it i...
- Q140. Which of the following is MOST important for a risk practitioner to confirm once a risk ac...
- Q141. When confirming whether implemented controls are operating effectively, which of the follo...
- Q142. Which of the following will MOST improve stakeholders' understanding of the effect of a po...
- Q143. When of the following provides the MOST tenable evidence that a business process control i...
- Q144. What is the PRIMARY reason an organization should include background checks on roles with ...
- Q145. An organization has engaged a third party to provide an Internet gateway encryption servic...
- Q146. What is the PRIMARY benefit of risk monitoring?...
- Q147. Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk re...
- Q148. An IT license audit has revealed that there are several unlicensed copies of co be to:...
- Q149. An organization's internal audit department is considering the implementation of robotics ...
- Q150. Which of the following BEST contributes to the implementation of an effective risk respons...
- Q151. Which of the following scenarios presents the GREATEST risk for a global organization when...
- Q152. A risk practitioner has collaborated with subject matter experts from the IT department to...
- Q153. Which of the following is the GREATEST concern when using artificial intelligence (AI) lan...
- Q154. The operational risk associated with attacks on a web application should be owned by the i...
- Q155. Which of the following is the PRIMARY consideration when establishing an organization's ri...
- Q156. A bank is experiencing an increasing incidence of customer identity theft. Which of the fo...
- Q157. Which of the following is the MOST important component in a risk treatment plan?...
- Q158. A data processing center operates in a jurisdiction where new regulations have significant...
- Q159. A risk practitioner notices that a particular key risk indicator (KRI) has remained below ...
- Q160. Which of the following is the GREATEST impact of implementing a risk mitigation strategy?...
- Q161. Which of the following is a risk practitioner's MOST important responsibility in managing ...
- Q162. Which of the following provides the BEST evidence that risk mitigation plans have been imp...
- Q163. Several newly identified risk scenarios are being integrated into an organization's risk r...
- Q164. Which of the following BEST indicates effective information security incident management?...
- Q165. Which of the following roles would provide the MOST important input when identifying IT ri...
- Q166. Which of the following is MOST helpful in aligning IT risk with business objectives?...
- Q167. A risk practitioner has been asked to evaluate the adoption of a third-party blockchain in...
- Q168. A risk register BEST facilitates which of the following risk management functions?...
- Q169. Which of the following would MOST likely cause management to unknowingly accept excessive ...
- Q170. An organization requires a third party for processing customer personal data. Which of the...
- Q171. Which of the following is a PRIMARY benefit of engaging the risk owner during the risk ass...
- Q172. A key risk indicator (KRI) is reported to senior management on a periodic basis as exceedi...
- Q173. Which of the following is the MOST important enabler of effective risk management?...
- Q174. Which of the following is the MOST important criteria for selecting key risk indicators (K...
- Q175. An organization has operations in a location that regularly experiences severe weather eve...
- Q176. A poster has been displayed in a data center that reads. "Anyone caught taking photographs...
- Q177. The BEST metric to monitor the risk associated with changes deployed to production is the ...
- Q178. Which of the following will BEST help an organization select a recovery strategy for criti...
- Q179. Determining if organizational risk is tolerable requires:...
- Q180. The MOST significant benefit of using a consistent risk ranking methodology across an orga...
- Q181. Which of the following BEST enables senior management lo compare the ratings of risk scena...
- Q182. A risk assessment has been completed on an application and reported to the application own...
- Q183. Legal and regulatory risk associated with business conducted over the Internet is driven b...
- Q184. An organization is subject to a new regulation that requires nearly real-time recovery of ...
- Q185. Which of the following is the MOST important objective of an enterprise risk management (E...
- Q186. Which of the following is the GREATEST risk associated with inappropriate classification o...
- Q187. An organization has decided to commit to a business activity with the knowledge that the r...
- Q188. Which of the following is the result of a realized risk scenario?...
- Q189. An organization has made a decision to purchase a new IT system. During when phase of the ...
- Q190. Which of the following is the MOST important reason to link an effective key control indic...
- Q191. An organization wants to grant remote access to a system containing sensitive data to an o...
- Q192. Which of the following is the BEST course of action when an organization wants to reduce l...
- Q193. Which of the following methods would BEST contribute to identifying obscure risk scenarios...
- Q194. Which of the following should be done FIRST when information is no longer required to supp...
- Q195. Which of the following BEST supports the communication of risk assessment results to stake...
- Q196. The PRIMARY benefit associated with key risk indicators (KRls) is that they:...
- Q197. A multinational organization is considering implementing standard background checks to' al...
- Q198. Which of the following will BEST help ensure that risk factors identified during an inform...
- Q199. Which of the following is MOST important when determining risk appetite?...
- Q200. Which of the following BEST facilitates the mitigation of identified gaps between current ...
- Q201. After conducting a risk assessment for regulatory compliance, an organization has identifi...
- Q202. The MOST important reason to aggregate results from multiple risk assessments on interdepe...
- Q203. The PRIMARY reason for establishing various Threshold levels for a set of key risk indicat...
- Q204. The MOST important reason to monitor key risk indicators (KRIs) is to help management:...
- Q205. A control owner identifies that the organization's shared drive contains personally identi...
- Q206. Which of the following scenarios is MOST important to communicate to senior management?...
- Q207. Which of the following is the MOST critical element to maximize the potential for a succes...
- Q208. Which of the following is MOST helpful when determining whether a system security control ...
- Q209. Which of the following is the MOST useful information an organization can obtain from exte...
- Q210. Which of the following is the PRIMARY accountability for a control owner?...
- Q211. Which of the following should management consider when selecting a risk mitigation option?...
- Q212. Which of the following is necessary to enable an IT risk register to be consolidated with ...
- Q213. A risk action plan has been changed during the risk mitigation effort. Which of the follow...
- Q214. Which of the following BEST represents a critical threshold value for a key control indica...
- Q215. Which of the following BEST assists in justifying an investment in automated controls?...
- Q216. The PRIMARY basis for selecting a security control is:...
- Q217. What should be the PRIMARY objective for a risk practitioner performing a post-implementat...
- Q218. Who should be PRIMARILY responsible for establishing an organization's IT risk culture?...
- Q219. Who is the BEST person to the employee personal data?...
- Q220. Which of the following risk register updates is MOST important for senior management to re...
- Q221. A risk practitioner notices a risk scenario associated with data loss at the organization'...
- Q222. Which of the following will BEST mitigate the risk associated with IT and business misalig...
- Q223. Which organization is implementing a project to automate the purchasing process, including...
- Q224. Several network user accounts were recently created without the required management approv...
- Q225. Which of the following provides the BEST assurance of the effectiveness of vendor security...
- Q226. Which of the following practices MOST effectively safeguards the processing of personal da...
- Q227. Which of the following is the PRIMARY reason for logging in a production database environm...
- Q228. A risk owner has identified a risk with high impact and very low likelihood. The potential...
- Q229. The implementation of a risk treatment plan will exceed the resources originally allocated...
- Q230. The percentage of unpatched systems is a:
- Q231. Which of the following should be the PRIMARY goal of developing information security metri...
- Q232. Which of the following is the GREATEST benefit for an organization with a strong risk awar...
- Q233. What are the MOST important criteria to consider when developing a data classification sch...
- Q234. Which component of a software inventory BEST enables the identification and mitigation of ...
- Q235. Which of the following is MOST important to communicate to senior management during the in...
- Q236. An organization recently experienced a cyber attack that resulted in the loss of confident...
- Q237. Which of the following BEST helps to balance the costs and benefits of managing IT risk?...
- Q238. Which of the following is MOST helpful in identifying gaps between the current and desired...
- Q239. To minimize risk in a software development project, when is the BEST time to conduct a ris...
- Q240. Which of the following is the MOST important key performance indicator (KPI) for monitorin...
- Q241. Which of the following is the BEST key performance indicator (KPI) for determining how wel...
- Q242. Print jobs containing confidential information are sent to a shared network printer locate...
- Q243. Which of the following is the BEST approach for selecting controls to minimize risk?...
- Q244. Which of the following outcomes of disaster recovery planning is MOST important to enable ...
- Q245. When assessing the maturity level of an organization's risk management framework, which of...
- Q246. An organization has restructured its business processes, and the business continuity plan ...
- Q247. When classifying and prioritizing risk responses, the areas to address FIRST are those wit...
- Q248. The BEST way to mitigate the high cost of retrieving electronic evidence associated with p...
- Q249. Which of the following would present the MOST significant risk to an organization when upd...
- Q250. Which of the following can be used to assign a monetary value to risk?...
- Q251. A company has located its computer center on a moderate earthquake fault. Which of the fol...
- Q252. The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:...
- Q253. For a large software development project, risk assessments are MOST effective when perform...
- Q254. Which of the following is the BEST way to determine whether new controls mitigate security...
- Q255. Which of the following BEST enables risk-based decision making in support of a business co...
- Q256. A global organization is considering the acquisition of a competitor. Senior management ha...
- Q257. Which of the following is the STRONGEST indication an organization has ethics management i...
- Q258. The MAIN purpose of having a documented risk profile is to:...
- Q259. Which of the following is the MOST important consideration when selecting key risk indicat...
- Q260. A control owner responsible for the access management process has developed a machine lear...
- Q261. Which of the following IT controls is MOST useful in mitigating the risk associated with i...
- Q262. Which of the following is the BEST way to promote adherence to the risk tolerance level se...
- Q263. An organization has outsourced its billing function to an external service provider. Who s...
- Q264. Which of the following is MOST important to include in a risk assessment of an emerging te...
- Q265. The objective of aligning mitigating controls to risk appetite is to ensure that:...
- Q266. Which of the following MUST be assessed before considering risk treatment options for a sc...
- Q267. After several security incidents resulting in significant financial losses, IT management ...
- Q268. Sensitive data has been lost after an employee inadvertently removed a file from the premi...
- Q269. The PRIMARY advantage of involving end users in continuity planning is that they:...
- Q270. An identified high probability risk scenario involving a critical, proprietary business fu...
- Q271. A MAJOR advantage of using key risk indicators (KRis) is that (hey...
- Q272. Which of the following is the BEST course of action to reduce risk impact?...
- Q273. Who should be responsible for approving the cost of controls to be implemented for mitigat...
- Q274. Which of the following attributes of a key risk indicator (KRI) is MOST important?...
- Q275. Which of the following is MOST important to review when evaluating the ongoing effectivene...
- Q276. Which of the following is the MOST cost-effective way to test a business continuity plan?...
- Q277. Which of the following is MOST important to ensure when continuously monitoring the perfor...
- Q278. What is the GREATEST concern with maintaining decentralized risk registers instead of a co...
- Q279. Where is the FIRST place a risk practitioner should look to identify accountability for a ...
- Q280. Which of the following BEST enables effective risk-based decision making?...
- Q281. Which of the following is a detective control?...
- Q282. Which of the following would provide executive management with the BEST information to mak...
- Q283. Which of the following controls will BEST detect unauthorized modification of data by a da...
- Q284. During testing, a risk practitioner finds the IT department's recovery time objective (RTO...
- Q285. The BEST way to improve a risk register is to ensure the register:...
- Q286. A monthly payment report is generated from the enterprise resource planning (ERP) software...
- Q287. Which of We following is the MOST effective control to address the risk associated with co...
- Q288. During the control evaluation phase of a risk assessment, it is noted that multiple contro...
- Q289. Which of the following is the BEST method to maintain a common view of IT risk within an o...
- Q290. Which of the following methods is an example of risk mitigation?...
- Q291. When reporting to senior management on changes in trends related to IT risk, which of the ...
- Q292. Which of the following is the BEST method to identify unnecessary controls?...
- Q293. An organization has opened a subsidiary in a foreign country. Which of the following would...
- Q294. Which of the following criteria is MOST important when developing a response to an attack ...
- Q295. Which of the following is the MOST important course of action for a risk practitioner when...
- Q296. An information system for a key business operation is being moved from an in-house applica...
- Q297. Which of the following BEST mitigates the risk of violating privacy laws when transferring...
- Q298. Which of the following is the BEST way to determine software license compliance?...
- Q299. Which of the following provides the MOST useful information for developing key risk indica...
- Q300. A review of an organization s controls has determined its data loss prevention {DLP) syste...
- Q301. Which of the following would be the BEST way to help ensure the effectiveness of a data lo...
- Q302. When using a third party to perform penetration testing, which of the following is the MOS...
- Q303. Which of the following is the BEST recommendation to address recent IT risk trends that in...
- Q304. Whose risk tolerance matters MOST when making a risk decision?...
- Q305. An organization with a large number of applications wants to establish a security risk ass...
- Q306. An organization operates in an environment where reduced time-to-market for new software p...
- Q307. Quantifying the value of a single asset helps the organization to understand the:...
- Q308. Which of the following would be a risk practitioners' BEST recommendation for preventing c...
- Q309. Which of the following is the BEST way to reduce the likelihood of an individual performin...
- Q310. The PRIMARY benefit of classifying information assets is that it helps to:...
- Q311. Which of the following is the MOST essential characteristic of a good IT risk scenario?...
- Q312. Which of the following risk impacts should be the PRIMARY consideration for determining re...
- Q313. Which of the following provides the MOST important information to facilitate a risk respon...
- Q314. Which of me following is MOST helpful to mitigate the risk associated with an application ...
- Q315. A risk assessment indicates the residual risk associated with a new bring your own device ...
- Q316. Which of the following is the FIRST step when developing a business case to drive the adop...
- Q317. Analyzing trends in key control indicators (KCIs) BEST enables a risk practitioner to proa...
- Q318. Which of the following is the PRIMARY reason for an organization to include an acceptable ...
- Q319. Which of the following observations from a third-party service provider review would be of...
- Q320. Which of the following is MOST important to the effectiveness of key performance indicator...
- Q321. The purpose of requiring source code escrow in a contractual agreement is to:...
- Q322. Upon learning that the number of failed back-up attempts continually exceeds the current r...
- Q323. Which of the following provides the MOST helpful information in identifying risk in an org...
- Q324. Which of the following should be the PRIMARY input to determine risk tolerance?...
- Q325. A global organization is planning to collect customer behavior data through social media a...
- Q326. Who should be responsible for determining which stakeholders need to be involved in the de...
- Q327. Which of the following is the BEST key control indicator (KCI) for a vulnerability managem...
- Q328. Which of the following is the BEST way to help ensure risk will be managed properly after ...
- Q329. Which of the following is a KEY responsibility of the second line of defense?...
- Q330. An organization has experienced a cyber-attack that exposed customer personally identifiab...
- Q331. Which of the following is the BEST course of action to help reduce the probability of an i...
- Q332. Which of the following provides the MOST useful information to trace the impact of aggrega...
- Q333. An organization has outsourced its IT security operations to a third party. Who is ULTIMAT...
- Q334. Which of the following will BEST communicate the importance of risk mitigation initiatives...
- Q335. Which of the following is the PRIMARY benefit of consistently recording risk assessment re...
- Q336. Which of the following is the BEST indication that key risk indicators (KRIs) should be re...
- Q337. To communicate the risk associated with IT in business terms, which of the following MUST ...
- Q338. The MOST important objective of information security controls is to:...
- Q339. Which of the following is the MOST useful input when developing risk scenarios?...
- Q340. When documenting a risk response, which of the following provides the STRONGEST evidence t...
- Q341. An enterprise has taken delivery of software patches that address vulnerabilities in its c...
- Q342. A risk practitioner is organizing risk awareness training for senior management. Which of ...
- Q343. Which of The following is the MOST comprehensive input to the risk assessment process spec...
- Q344. Which of the following situations presents the GREATEST challenge to creating a comprehens...
- Q345. A risk practitioner is preparing a report to communicate changes in the risk and control e...
- Q346. A risk practitioner is reviewing a vendor contract and finds there is no clause to control...
- Q347. A recent vulnerability assessment of a web-facing application revealed several weaknesses....
- Q348. Which of the following is MOST important to the successful development of IT risk scenario...
- Q349. A deficient control has been identified which could result in great harm to an organizatio...
- Q350. Which of the following controls would BEST reduce the risk of account compromise?...
- Q351. Which of the following methods is the BEST way to measure the effectiveness of automated i...
- Q352. Which of the following is a risk practitioner's BEST course of action after identifying ri...
- Q353. An organization is making significant changes to an application. At what point should the ...
- Q354. The BEST way for management to validate whether risk response activities have been complet...
- Q355. A risk practitioner is summarizing the results of a high-profile risk assessment sponsored...
- Q356. During the control evaluation phase of a risk assessment, it is noted that multiple contro...
- Q357. Which of the following BEST enables an organization to address new risk associated with an...
- Q358. Which of the following is the FIRST step in managing the risk associated with the leakage ...
- Q359. Which of the following is MOST important to identify when developing generic risk scenario...
- Q360. Which of the following provides the MOST reliable evidence of a control's effectiveness?...
- Q361. Which of the following should a risk practitioner do FIRST when an organization decides to...
- Q362. Which of the following is the BEST metric to demonstrate the effectiveness of an organizat...
- Q363. Which of the following is the BEST way to protect sensitive data from administrators withi...
- Q364. The following is the snapshot of a recently approved IT risk register maintained by an org...
- Q365. Which of the following should a risk practitioner recommend FIRST when an increasing trend...
- Q366. An organization recently implemented a cybersecurity awareness program that includes phish...
- Q367. Which of the following would be of MOST concern to a risk practitioner reviewing risk acti...
- Q368. The BEST key performance indicator (KPI) to measure the effectiveness of a backup process ...
- Q369. An unauthorized individual has socially engineered entry into an organization's secured ph...
- Q370. Which of the following scenarios is MOST likely to cause a risk practitioner to request a ...
- Q371. An organization has been experiencing an increasing number of spear phishing attacks Which...
- Q372. An audit reveals that there are changes in the environment that are not reflected in the r...
- Q373. Which of the following is MOST important for an organization to update following a change ...
- Q374. Which of the following BEST facilities the alignment of IT risk management with enterprise...
- Q375. During an acquisition, which of the following would provide the MOST useful input to the p...
- Q376. Which of the following is MOST important to understand when determining an appropriate ris...
- Q377. An organization is moving its critical assets to the cloud. Which of the following is the ...
- Q378. Who should be responsible for strategic decisions on risk management?...
- Q379. Which of the following is the BEST reason to use qualitative measures to express residual ...
- Q380. After the announcement of a new IT regulatory requirement, it is MOST important for a risk...
- Q381. Which of the following is MOST essential for an effective change control environment?...
- Q382. An organization has provided legal text explaining the rights and expected behavior of use...
- Q383. A risk practitioner has observed that there is an increasing trend of users sending sensit...
- Q384. Which of the following is the PRIMARY reason to use key control indicators (KCIs) to evalu...
- Q385. An organizational policy requires critical security patches to be deployed in production w...
- Q386. Which of the following is the MOST important data attribute of key risk indicators (KRIs)?...
- Q387. Which of the following is the BEST key control indicator (KCI) for risk related to IT infr...
- Q388. Which of the following provides the MOST useful information to determine risk exposure fol...
- Q389. Which of the following would BEST help secure online financial transactions from improper ...
- Q390. The BEST indicator of the risk appetite of an organization is the...
- Q391. The MOST important measure of the effectiveness of risk management in project implementati...
- Q392. Which of the following is MOST important for mitigating ethical risk when establishing acc...
- Q393. Reviewing which of the following BEST helps an organization gam insight into its overall r...
- Q394. Which of the following is the BEST way to assess the effectiveness of an access management...
- Q395. The PRIMARY reason a risk practitioner would be interested in an internal audit report is ...
- Q396. Which of the following approaches to bring your own device (BYOD) service delivery provide...
- Q397. Which of the following stakeholders are typically included as part of a line of defense wi...
- Q398. An organization has outsourced a critical process involving highly regulated data to a thi...
- Q399. An IT risk practitioner is evaluating an organization's change management controls over th...
- Q400. An organization's business gap analysis reveals the need for a robust IT risk strategy. Wh...
- Q401. An organization wants to transfer risk by purchasing cyber insurance. Which of the followi...
- Q402. When reviewing a business continuity plan (BCP). which of the following would be the MOST ...
- Q403. Which of the following would BEST facilitate the implementation of data classification req...
- Q404. Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresh...
- Q405. An organization has detected unauthorized logins to its client database servers. Which of ...
- Q406. Key control indicators (KCls) help to assess the effectiveness of the internal control env...
- Q407. A risk practitioner is MOST likely to use a SWOT analysis to assist with which risk proces...
- Q408. Which of the following is MOST important when discussing risk within an organization?...
- Q409. In which of the following system development life cycle (SDLC) phases should controls be i...
- Q410. During implementation of an intrusion detection system (IDS) to monitor network traffic, a...
- Q411. Which of the following describes the relationship between risk appetite and risk tolerance...
- Q412. Which of the following should be of GREATEST concern when reviewing the results of an inde...
- Q413. An IT control gap has been identified in a key process. Who would be the MOST appropriate ...
- Q414. Which of the following, who should be PRIMARILY responsible for performing user entitlemen...
- Q415. Which of the following would be of GREATEST assistance when justifying investment in risk ...
- Q416. Which of the following would BEST help an enterprise prioritize risk scenarios?...
- Q417. An organization striving to be on the leading edge in regard to risk monitoring would MOST...
- Q418. Of the following, whose input is ESSENTIAL when developing risk scenarios for the implemen...
- Q419. Which of the following provides the MOST reliable evidence to support conclusions after co...
- Q420. Which of the following is the PRIMARY objective of aggregating the impact of IT risk scena...
- Q421. Which of the following will BEST support management reporting on risk?...
- Q422. Which of the following is the GREATEST concern associated with business end users developi...
- Q423. Which of the following is the MOST important step to ensure regulatory requirements are ad...
- Q424. The risk associated with inadvertent disclosure of database records from a public cloud se...
- Q425. Whether the results of risk analyses should be presented in quantitative or qualitative te...
- Q426. Which of the following is the GREATEST benefit when enterprise risk management (ERM) provi...
- Q427. Which of the following should be the risk practitioner s FIRST course of action when an or...
- Q428. Which of the following is MOST important to consider when determining the value of an asse...
- Q429. A risk practitioner's BEST guidance to help an organization develop relevant risk scenario...
- Q430. Which of the following is MOST important to review when an organization needs to transitio...
- Q431. Which of the following is the MOST appropriate action when a tolerance threshold is exceed...
- Q432. Which of the following is the GREATEST concern when using a generic set of IT risk scenari...
- Q433. During a risk assessment, the risk practitioner finds a new risk scenario without controls...
- Q434. Which of the following should be the GREATEST concern to a risk practitioner when process ...
- Q435. An organization has been made aware of a newly discovered critical vulnerability in a regu...
- Q436. When developing a risk awareness training program, which of the following training topics ...
- Q437. What would be MOST helpful to ensuring the effective implementation of a new cybersecurity...
- Q438. What should be the PRIMARY consideration related to data privacy protection when there are...
- Q439. Mitigating technology risk to acceptable levels should be based PRIMARILY upon:...
- Q440. A large organization is replacing its enterprise resource planning (ERP) system and has de...
- Q441. For no apparent reason, the time required to complete daily processing for a legacy applic...
- Q442. Which of the following is the MOST important update for keeping the risk register current?...
- Q443. An organization is implementing robotic process automation (RPA) to streamline business pr...
- Q444. Which of the following practices BEST mitigates risk related to enterprise-wide ethical de...
- Q445. An organization has established a contract with a vendor that includes penalties for loss ...
- Q446. Which of the following is the MOST effective way for a large and diversified organization ...
- Q447. An organization uses one centralized single sign-on (SSO) control to cover many applicatio...
- Q448. A risk practitioner has identified that the organization's secondary data center does not ...
- Q449. Which of the following is the GREATEST concern related to the monitoring of key risk indic...
- Q450. The BEST way to validate that a risk treatment plan has been implemented effectively is by...
- Q451. The maturity of an IT risk management program is MOST influenced by:...
- Q452. Which of the following issues found during the review of a newly created disaster recovery...
- Q453. A newly incorporated enterprise needs to secure its information assets From a governance p...
- Q454. Which of the following is the MOST important consideration when prioritizing risk response...
- Q455. An information security audit identified a risk resulting from the failure of an automated...
- Q456. A risk assessment has revealed that the probability of a successful cybersecurity attack i...
- Q457. Which of the following management actions will MOST likely change the likelihood rating of...
- Q458. Which of the following BEST indicates whether security awareness training is effective?...
- Q459. Management has noticed storage costs have increased exponentially over the last 10 years b...
- Q460. Which of the following provides the MOST useful information when developing a risk profile...
- Q461. Which of the following controls would BEST reduce the likelihood of a successful network a...
- Q462. Following an acquisition, the acquiring company's risk practitioner has been asked to upda...
- Q463. Which of the following is the PRIMARY reason to ensure policies and standards are properly...
- Q464. Which of the following would MOST effectively reduce risk associated with an increase of o...
- Q465. During a risk treatment plan review, a risk practitioner finds the approved risk action pl...
- Q466. Before assigning sensitivity levels to information it is MOST important to:...
- Q467. The PRIMARY objective of the board of directors periodically reviewing the risk profile is...
- Q468. Which of the following should be management's PRIMARY consideration when approving risk re...
- Q469. Which of the following would be the BEST justification to invest in the development of a g...
- Q470. An organization's decision to remain noncompliant with certain laws or regulations is MOST...
- Q471. Which of the following is the PRIMARY objective of a risk awareness program?...
- Q472. Which of the following is the MOST important consideration when determining whether to acc...
- Q473. Which of the following criteria for assigning owners to IT risk scenarios provides the GRE...
- Q474. Which of the following is the PRIMARY factor in determining a recovery time objective (RTO...
- Q475. When determining the accuracy of a key risk indicator (KRI), it is MOST important that the...
- Q476. Which of the following is MOST important for developing effective key risk indicators (KRI...
- Q477. After a risk has been identified, who is in the BEST position to select the appropriate ri...
- Q478. Which of the following is MOST important for a risk practitioner to verify when evaluating...
- Q479. Which of the following is the GREATEST concern when an organization uses a managed securit...
- Q480. An organization has decided to postpone the assessment and treatment of several risk scena...
- Q481. An organization has built up its cash reserves and has now become financially able to supp...
- Q482. An incentive program is MOST likely implemented to manage the risk associated with loss of...
- Q483. Which of the following is the MOST important consideration for the board and senior leader...
- Q484. The PRIMARY objective of collecting information and reviewing documentation when performin...
- Q485. An internal audit report reveals that not all IT application databases have encryption in ...
- Q486. Which of the following is the MOST important information to cover a business continuity aw...
- Q487. Which of the following should be the PRIMARY focus of a disaster recovery management (DRM)...
- Q488. Which of the following techniques would be used during a risk assessment to demonstrate to...
- Q489. The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:...
- Q490. Which of the following is the BEST source for identifying key control indicators (KCIs)?...
- Q491. Which of the following provides The MOST useful information when determining a risk manage...
- Q492. Which of the following findings of a security awareness program assessment would cause the...
- Q493. Which of the following is the MOST effective control to maintain the integrity of system c...
- Q494. Which of the following is MOST useful for measuring the existing risk management process a...
- Q495. Which of the following should be accountable for ensuring that media containing financial ...
- Q496. Which of the following would BEST enable mitigation of newly identified risk factors relat...
- Q497. Which of the following is the MOST important consideration for protecting data assets m a ...
- Q498. Risk acceptance of an exception to a security control would MOST likely be justified when:...
- Q499. Which of the following should be the PRIMARY basis for deciding whether to disclose inform...
- Q500. Which of the following is a crucial component of a key risk indicator (KRI) to ensure appr...
- Q501. Which of the following would BEST help minimize the risk associated with social engineerin...
- Q502. An organization's Internet-facing server was successfully attacked because the server did ...
- Q503. Which of the following is the MOST effective way to help ensure accountability for managin...
- Q504. Which of the following should be the PRIMARY consideration when implementing controls for ...
- Q505. An organization is implementing encryption for data at rest to reduce the risk associated ...
- Q506. An organization has established a single enterprise-wide risk register that records high-l...
- Q507. A recent regulatory requirement has the potential to affect an organization's use of a thi...
- Q508. Which of the following is the MOST important consideration when developing risk strategies...
- Q509. Within the three lines of defense model, the PRIMARY responsibility for ensuring risk miti...
- Q510. Which of the following should be of MOST concern to a risk practitioner reviewing an organ...
- Q511. Which of the following would BEST mitigate the ongoing risk associated with operating syst...
- Q512. Which of the following is the PRIMARY reason for a risk practitioner to review an organiza...
- Q513. Which of the following is the MOST important objective of establishing an enterprise risk ...
- Q514. Which of the following is MOST appropriate to prevent unauthorized retrieval of confidenti...
- Q515. A department allows multiple users to perform maintenance on a system using a single set o...
- Q516. Which of the following is performed after a risk assessment is completed?...
- Q517. A risk practitioner shares the results of a vulnerability assessment for a critical busine...
- Q518. A bank recently incorporated Blockchain technology with the potential to impact known risk...
- Q519. Which of the following observations would be GREATEST concern to a risk practitioner revie...
- Q520. Which of the following is the GREATEST benefit of updating the risk register to include ou...
- Q521. Which of the following would be the BEST way for a risk practitioner to validate the effec...
- Q522. Which of the following is the MOST likely reason an organization would engage an independe...
- Q523. Which of the following IT key risk indicators (KRIs) provides management with the BEST fee...
- Q524. Which of the following is the GREATEST risk associated with the transition of a sensitive ...
- Q525. Which of the following is the MOST effective way to integrate risk and compliance manageme...
- Q526. Risk mitigation is MOST effective when which of the following is optimized?...
- Q527. Which of the following would provide the MOST objective assessment of the effectiveness of...
- Q528. An organization moved its payroll system to a Software as a Service (SaaS) application. A ...
- Q529. Which of the following is the MOST important factor affecting risk management in an organi...
- Q530. Which of the following would be the GREATEST concern for an IT risk practitioner when an e...
- Q531. Of the following, who should be responsible for determining the inherent risk rating of an...
- Q532. Which of the following is MOST important to sustainable development of secure IT services?...
- Q533. Which of the following is MOST important to update when an organization's risk appetite ch...
- Q534. Which of the following provides the MOST comprehensive information when developing a risk ...
- Q535. An organization has agreed to a 99% availability for its online services and will not acce...
- Q536. Which of the following is the MOST effective way to reduce potential losses due to ongoing...
- Q537. Which of the following is the MOST important success factor when introducing risk manageme...
- Q538. An organization's board of directors is concerned about recent data breaches in the news a...
- Q539. Which of the following resources is MOST helpful when creating a manageable set of IT risk...
- Q540. Which of the following is the MOST important consideration when selecting either a qualita...
- Q541. Which of the following trends would cause the GREATEST concern regarding the effectiveness...
- Q542. Which of the following tools is MOST effective in identifying trends in the IT risk profil...
- Q543. Which of the following is the BEST indicator of executive management's support for IT risk...
- Q544. Well-developed, data-driven risk measurements should be:...
- Q545. Which of the following will BEST help to ensure key risk indicators (KRIs) provide value t...
- Q546. A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the r...
- Q547. A risk practitioner observes that the fraud detection controls in an online payment system...
- Q548. An organization is planning to acquire a new financial system. Which of the following stak...
- Q549. Which of the following is the MOST important topic to cover in a risk awareness training p...
- Q550. Which of the following is the PRIMARY reason to perform periodic vendor risk assessments?...
- Q551. The BEST metric to demonstrate that servers are configured securely is the total number of...
- Q552. An organization has recently hired a large number of part-time employees. During the annua...
- Q553. Which of the following is the PRIMARY purpose for ensuring senior management understands t...
- Q554. The PRIMARY reason to have risk owners assigned to entries in the risk register is to ensu...
- Q555. IT stakeholders have asked a risk practitioner for IT risk profile reports associated with...
- Q556. Which of the following BEST indicates the risk appetite and tolerance level (or the risk a...
- Q557. An organization is implementing internet of Things (loT) technology to control temperature...
- Q558. The effectiveness of a control has decreased. What is the MOST likely effect on the associ...
- Q559. Which of the following should be the FIRST step when a company is made aware of new regula...
- Q560. When performing a risk assessment of a new service to support a ewe Business process. whic...
- Q561. An organization plans to migrate sensitive information to a public cloud infrastructure. W...
- Q562. The PRIMARY benefit of conducting continuous monitoring of access controls is the ability ...
- Q563. Which of the following statements in an organization's current risk profile report is caus...
- Q564. While conducting an organization-wide risk assessment, it is noted that many of the inform...
- Q565. Which of the following is the MOST effective way to integrate business risk management wit...
- Q566. Which of the following is the BEST indicator of the effectiveness of IT risk management pr...
- Q567. The acceptance of control costs that exceed risk exposure is MOST likely an example of:...
- Q568. From a risk management perspective, which of the following is the PRIMARY benefit of using...
- Q569. Which of the following provides the BEST evidence of the effectiveness of an organization'...
- Q570. Who is ULTIMATELY accountable for risk treatment?...
- Q571. Which of the following deficiencies identified during a review of an organization's cybers...
- Q572. An application runs a scheduled job that compiles financial data from multiple business sy...
- Q573. An organization must make a choice among multiple options to respond to a risk. The stakeh...
- Q574. An organization has identified that terminated employee accounts are not disabled or delet...
- Q575. An organization's senior management is considering whether to acquire cyber insurance. Whi...
- Q576. Which of the following is the PRIMARY reason for a risk practitioner to report changes and...
- Q577. Which of the following should be the PRIMARY input when designing IT controls?...
- Q578. An organization has experienced several incidents of extended network outages that have ex...
- Q579. A risk practitioner recently discovered that personal information from the production envi...
- Q580. When developing a response plan to address security incidents regarding sensitive data los...
- Q581. Which of the following is the MOST important benefit of reporting risk assessment results ...
- Q582. Which of the following provides the BEST evidence that a selected risk treatment plan is e...
- Q583. The software version of an enterprise's critical business application has reached end-of-l...
- Q584. Which of the following data would be used when performing a business impact analysis (BIA)...
- Q585. The BEST way to obtain senior management support for investment in a control implementatio...
- Q586. Which of the following is the MOST important responsibility of a risk owner?...
- Q587. Which of the following is the PRIMARY reason to update a risk register with risk assessmen...
- Q588. Which of the following would MOST likely cause a risk practitioner to change the likelihoo...
- Q589. Which organizational role should be accountable for ensuring information assets are approp...
- Q590. Vulnerabilities have been detected on an organization's systems. Applications installed on...
- Q591. The design of procedures to prevent fraudulent transactions within an enterprise resource ...
- Q592. Which of the following is a risk practitioner's BEST recommendation to address an organiza...
- Q593. Which of the following is MOST important for a risk practitioner to consider when determin...
- Q594. Reviewing which of the following would provide the MOST useful information when preparing ...
- Q595. Which of the following facilitates a completely independent review of test results for eva...
- Q596. To minimize the risk of a potential acquisition being exposed externally, an organization ...
- Q597. Which of the following roles should be assigned accountability for monitoring risk levels?...
- Q598. Which of the following is the BEST method for assessing control effectiveness against tech...
- Q599. Which of the following should be the PRIMARY consideration when assessing the risk of usin...
- Q600. Which of the following is the MOST effective way to incorporate stakeholder concerns when ...
- Q601. Which of the following statements BEST illustrates the relationship between key performanc...
- Q602. The PRIMARY reason for communicating risk assessment results to data owners is to enable t...
- Q603. Which of the following will BEST help to ensure that information system controls are effec...
- Q604. Which of the following would MOST likely result in updates to an IT risk appetite statemen...
- Q605. Which of the following is the BEST recommendation to senior management when the results of...
- Q606. During the risk assessment of an organization that processes credit cards, a number of exi...
- Q607. Which of the following is the GREATEST risk associated with an environment that lacks docu...
- Q608. Which of the following is the PRIMARY reason for sharing risk assessment reports with seni...
- Q609. Which of the following would provide the BEST guidance when selecting an appropriate risk ...
- Q610. During a post-implementation review for a new system, users voiced concerns about missing ...
- Q611. Which of the following is the MOST important input when developing risk scenarios?...
- Q612. An IT operations team implements disaster recovery controls based on decisions from applic...
- Q613. An internal audit report reveals that a legacy system is no longer supported Which of the ...
- Q614. A business impact analysis (BIA) has documented the duration of maximum allowable outage f...
- Q615. Risk management strategies are PRIMARILY adopted to:...
- Q616. Who is the BEST person to an application system used to process employee personal data?...
- Q617. Which of the following is the MOST important consideration when sharing risk management up...
- Q618. An organization has outsourced its backup and recovery procedures to a third-party cloud p...
- Q619. Which of the following is the MOST common concern associated with outsourcing to a service...
- Q620. Which of the following should be the MAIN consideration when validating an organization's ...
- Q621. Which of the following is the GREATEST benefit of identifying appropriate risk owners?...
- Q622. Which of the following is the BEST response when a potential IT control deficiency has bee...
- Q623. A newly hired risk practitioner finds that the risk register has not been updated in the p...
- Q624. An organization's risk register contains a large volume of risk scenarios that senior mana...
- Q625. An organization planning to transfer and store its customer data with an offshore cloud se...
- Q626. After the review of a risk record, internal audit questioned why the risk was lowered from...
- Q627. Which of the following is the BEST key performance indicator (KPI) for a server patch mana...
- Q628. Which of the following is MOST important to promoting a risk-aware culture?...
- Q629. When establishing an enterprise IT risk management program, it is MOST important to:...
- Q630. Which of the following is the MOST important objective from a cost perspective for conside...
- Q631. Which of the following should a risk practitioner do NEXT after learning that Internet of ...
- Q632. A risk practitioner has determined that a key control does not meet design expectations. W...
- Q633. Which of the following is the MOST important consideration when developing an organization...
- Q634. Which of the following risk management practices BEST facilitates the incorporation of IT ...
- Q635. Which of the following is the MOST important data source for monitoring key risk indicator...
- Q636. What is senior management's role in the RACI model when tasked with reviewing monthly stat...
- Q637. A recent risk workshop has identified risk owners and responses for newly identified risk ...
- Q638. A risk practitioner has just learned about new done FIRST?...
- Q639. Which of the following should be the PRIMARY objective of a risk awareness training progra...
- Q640. A risk practitioner has identified that the agreed recovery time objective (RTO) with a So...
- Q641. Senior management has requested more information regarding the risk associated with introd...
- Q642. Which of the following is MOST important to update following a change in organizational ri...
- Q643. Which of the following is the BEST indicator of an effective IT security awareness program...
- Q644. The MAIN purpose of reviewing a control after implementation is to validate that the contr...
- Q645. Which of the following will help ensure the elective decision-making of an IT risk managem...
- Q646. Which of the following should be determined FIRST when a new security vulnerability is mad...
- Q647. Which of the following is the MOST important requirement for monitoring key risk indicator...
- Q648. Which of the following is BEST measured by key control indicators (KCIs)?...
- Q649. Which of the following should be of GREATEST concern lo a risk practitioner reviewing the ...
- Q650. Which of the following is the MOST important reason to validate that risk responses have b...
- Q651. Which of the following is the BEST way for a risk practitioner to present an annual risk m...
- Q652. An organization is considering adopting artificial intelligence (AI). Which of the followi...
- Q653. The GREATEST concern when maintaining a risk register is that:...
- Q654. Which of the following is MOST important when developing risk scenarios?...
- Q655. After migrating a key financial system to a new provider, it was discovered that a develop...
- Q656. The BEST use of key risk indicators (KRIs) is to provide:...
- Q657. Which of the following is the BEST indication that key risk indicators (KRls) should be re...
- Q658. All business units within an organization have the same risk response plan for creating lo...
- Q659. A risk practitioner discovers several key documents detailing the design of a product curr...
- Q660. Performing a background check on a new employee candidate before hiring is an example of w...
- Q661. Business areas within an organization have engaged various cloud service providers directl...
- Q662. An organization is considering allowing users to access company data from their personal d...
- Q663. An external security audit has reported multiple findings related to control noncompliance...
