Computer Lab for Rent
Meeting Room Rental
Training Facility Rental
Exam Testing Center
Purchase Exam Vouchers
Custom Course Development
Who We Are
Work With Us
Step 1 of 17
The preparation of a risk register begins in which of the following risk management processes?
Risk monitoring and control.
Risk response planning.
Risk management strategy planning.
A poor choice of passwords and transmission over unprotected communication lines are examples of:
The MOST significant drawback of using quantitative risk analysis instead of qualitative risk analysis if the:
Higher reliance on skilled personnel.
Lower management buy-in.
To be effective, risk mitigation MUST:
Minimize the residual risk.
Reduce the impact of a threat.
Minimize the inherent risk.
Reduce the frequency of a threat.
Which of the following business requirements BEST relates to the need for resilient business and information systems processes?
Risk scenarios are analyzed to determine:
Likelihood and impact.
Strength of controls.
Scenario root cause.
Current risk profile.
The MOST important reason to maintain key risk indicators (KRIs) is because:
Threats and vulnerabilities change over time.
Risk reports need to be timely.
They help to avoid risk.
Complex metrics require fine-tuning.
Which of the following reviews is BEST suited for the review of IT risk analysis results before the results are sent to management for approval and use in decision making?
A peer review.
A compliance review.
An internal audit review.
A risk policy review.
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
Outsourcing the related business process to a third party.
Improving staff training in the risk area.
Updating the IT risk register.
Insuring against the risk.
It is MOST important that risk appetite is aligned with business objectives to ensure that:
Resources are directed toward areas of low risk tolerance.
The risk strategy is adequately communicated.
IT and business goals are aligned.
Major risk is identified and eliminated.
Deriving the likelihood and impact of risk scenarios through statistical methods is BEST described as:
Qualitative risk analysis.
Probabilistic risk assessment.
Quantitative risk analysis.
Risk scenario analysis.
Which of the following choices should be considered FIRST when designing information system controls?
The IT strategic plan.
The existing IT environment.
The organizational strategic plan.
The present IT budget.
What risk elements MUST be known in order to accurately calculate residual risk?
Compliance risk and reputation.
Inherent risk and control risk.
Threats and vulnerabilities.
Risk governance and risk response.
An enterprise has implemented a tool that correlates information from multiple systems. This is an example of a monitoring tool that focuses on:
Which of the following methods is the MOST effective way to ensure that outsourced service providers comply with the enterprise's information security policy?
Security awareness training.
Service level monitoring.
Which of the following choices is the BEST measure of the operational effectiveness of risk management process capabilities?
Key risk indicators (KRIs).
Key performance indicators (KPIs).