When of the following 15 MOST important when developing a business case for a proposed security investment?
The PRIMARY objective of a risk identification process is to:
An organization recently experienced a cyber attack that resulted in the loss of confidential customer data. Which of the following is the risk practitioner's BEST recommendation after recovery steps have been completed?
Recent penetration testing of an organization's software has identified many different types of security risks. Which of the following is the MOST likely root cause for the identified risk?
Who should be responsible (of evaluating the residual risk after a compensating control has been
Owners of technical controls should be PRIMARILY accountable for ensuring the controls are:
Which of the following is MOST important to consider when determining the value of an asset during the risk identification process?
After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be to:
An organization's IT department wants to complete a proof of concept (POC) for a security tool. The project lead has asked for approval to use the production data for testing purposes as it will yield the best results. Which of the following is the risk practitioner's BEST recommendation?
Which of the following is the GREATEST benefit of analyzing logs collected from different systems?
Which of the following is MOST important when identifying an organization's risk exposure associated with Internet of Things (loT) devices?
A risk practitioner notices that a particular key risk indicator (KRI) has remained below its established trigger point for an extended period of time. Which of the following should be done FIRST?
Which of the following BEST protects organizational data within a production cloud environment?
Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?
Which of the following would be MOST useful to management when allocating resources to mitigate risk to the organization?
Which of the following would present the GREATEST challenge for a risk practitioner during a merger of two organizations?
A risk practitioner's BEST guidance to help an organization develop relevant risk scenarios is to ensure the scenarios are:
A risk practitioner has reviewed new international regulations and realizes the new regulations will affect the organization. Which of the following should be the risk practitioner's NEXT course of
action?
Which of the following is the BEST way for a risk practitioner to verify that management has addressed control issues identified during a previous external audit?
Which of the following provides the BEST indication that existing controls are effective?
An internal audit report reveals that a legacy system is no longer supported Which of the following is the risk practitioner's MOST important action before recommending a risk response'
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following control weaknesses could have contributed MOST to this problem?
IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:
Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?
Which of the following is MOST important for mitigating ethical risk when establishing accountability for control ownership?
Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?
An application runs a scheduled job that compiles financial data from multiple business systems and updates the financial reporting system. If this job runs too long, it can delay financial reporting. Which of the following is the risk practitioner's BEST recommendation?
Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?
Which of the following roles would provide the MOST important input when identifying IT risk scenarios?
Which of the following would BEST mitigate an identified risk scenario?
Which of the following is the BEST key performance indicator (KPI) to measure the ability to deliver uninterrupted IT services?
An organization has just started accepting credit card payments from customers via the corporate website. Which of the following is MOST likely to increase as a result of this new initiative?
An organization recently implemented new technologies that enable the use of robotic process automation. Which of the following is MOST important to reassess?
When developing a response plan to address security incidents regarding sensitive data loss, it is MOST important
A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?
An organization becomes aware that IT security failed to detect a coordinated
cyber attack on its data center. Which of the following is the BEST course of
action?
An organization recently received an independent security audit report of its cloud service provider that indicates significant control weaknesses. What should be done NEXT in response to this report?
A business impact analysis (BIA) enables an organization to determine appropriate IT risk mitigation actions by:
An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?
Which organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is lie responsibility of the risk practitioner*?
The cost of maintaining a control has grown to exceed the potential loss. Which of the following BEST describes this situation?
Which of the following offers the SIMPLEST overview of changes in an organization's risk profile?
Which of the following would be of GREATEST concern regarding an organization's asset management?
The PRIMARY benefit of using a maturity model is that it helps to evaluate the:
Which of the following is the BEST indication that key risk indicators (KRIs) should be revised?
Which of the following is the MOST important benefit of reporting risk assessment results to senior management?
Which of the following is the MOST important consideration when determining the appropriate data retention period throughout the data management life cycle?
Which of the following is the GREATEST concern if user acceptance testing (UAT) is not conducted when implementing a new application?
A third-party vendor has offered to perform user access provisioning and termination. Which of the following control accountabilities is BEST retained within the organization?
Which of the following criteria associated with key risk indicators (KRIs) BEST enables effective risk monitoring?