- Email support@dumps4free.com
Topic 1 : Pool A
Which of the following is the BEST indication of an effective risk management program?
A.
Risk action plans are approved by senior management.
B.
Residual risk is within the organizational risk appetite
C.
Mitigating controls are designed and implemented.
D.
Risk is recorded and tracked in the risk register
Residual risk is within the organizational risk appetite
Which of the following BEST helps to balance the costs and benefits of managing IT risk?
A.
Prioritizing risk responses
B.
Evaluating risk based on frequency and probability
C.
Considering risk factors that can be quantified
D.
Managing the risk by using controls
Prioritizing risk responses
During the risk assessment of an organization that processes credit cards, a number of existing controls have
been found to be ineffective and do not meet industry standards. The overall control environment may still be
effective if:
A.
compensating controls are in place.
B.
a control mitigation plan is in place.
C.
risk management is effective.
D.
residual risk is accepted.
compensating controls are in place.
Which of the following would BEST help identify the owner for each risk scenario in a risk register?
A.
Determining which departments contribute most to risk
B.
Allocating responsibility for risk factors equally to asset owners
C.
Mapping identified risk factors to specific business processes
D.
Determining resource dependency of assets
Mapping identified risk factors to specific business processes
In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities.
The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:
A.
two-factor authentication.
B.
continuous data backup controls.
C.
encryption for data at rest.
D.
encryption for data in motion
continuous data backup controls.
| Page 34 out of 193 Pages |
| Previous |