NEW QUESTION 1
- (Exam Topic 3)
Which of the following would be a risk practitioner's BEST course of action when a project team has accepted a risk
... [Show More] outside the established risk appetite?
A. Reject the risk acceptance and require mitigating controls.
B. Monitor the residual risk level of the accepted risk.
C. Escalate the risk decision to the project sponsor for review.
D. Document the risk decision in the project risk register.
NEW QUESTION 2
- (Exam Topic 3)
Which of the following controls BEST enables an organization to ensure a complete and accurate IT asset inventory?
A. Prohibiting the use of personal devices for business
B. Performing network scanning for unknown devices
C. Requesting an asset list from business owners
D. Documenting asset configuration baselines
NEW QUESTION 3
- (Exam Topic 3)
When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:
A. information risk assessments with enterprise risk assessments.
B. key risk indicators (KRIs) with risk appetite of the business.
C. the control key performance indicators (KPIs) with audit findings.
D. control performance with risk tolerance of business owners.
NEW QUESTION 4
- (Exam Topic 3)
The PRIMARY objective for requiring an independent review of an organization's IT risk management process should be to:
A. assess gaps in IT risk management operations and strategic focus.
B. confirm that IT risk assessment results are expressed as business impact.
C. verify implemented controls to reduce the likelihood of threat materialization.
D. ensure IT risk management is focused on mitigating potential risk.
NEW QUESTION 5
- (Exam Topic 3)
Which of the following BEST enables an organization to determine whether external emerging risk factors will impact the organization's risk profile?
A. Control identification and mitigation
B. Adoption of a compliance-based approach
C. Prevention and detection techniques
D. Scenario analysis and stress testing
NEW QUESTION 6
- (Exam Topic 3)
Which of the following is the MAIN purpose of monitoring risk?
A. Communication
B. Risk analysis
C. Decision support
D. Benchmarking
NEW QUESTION 7
- (Exam Topic 3)
Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?
A. Internal and external information security incidents
B. The risk department's roles and responsibilities
C. Policy compliance requirements and exceptions process
D. The organization's information security risk profile [Show Less]