Computer Lab for Rent
Meeting Room Rental
Training Facility Rental
Exam Testing Center
Purchase Exam Vouchers
Custom Course Development
Who We Are
Work With Us
Step 1 of 17
Risk scenarios are analyzed to determine:
Likelihood and impact.
Scenario root cause.
Current risk profile.
Strength of controls.
It is MOST important that risk appetite is aligned with business objectives to ensure that:
Resources are directed toward areas of low risk tolerance.
IT and business goals are aligned.
Major risk is identified and eliminated.
The risk strategy is adequately communicated.
Which of the following business requirements BEST relates to the need for resilient business and information systems processes?
Deriving the likelihood and impact of risk scenarios through statistical methods is BEST described as:
Quantitative risk analysis.
Risk scenario analysis.
Probabilistic risk assessment.
Qualitative risk analysis.
Which of the following choices should be considered FIRST when designing information system controls?
The present IT budget.
The existing IT environment.
The IT strategic plan.
The organizational strategic plan.
The preparation of a risk register begins in which of the following risk management processes?
Risk monitoring and control.
Risk management strategy planning.
Risk response planning.
Which of the following choices is the BEST measure of the operational effectiveness of risk management process capabilities?
Key performance indicators (KPIs).
Key risk indicators (KRIs).
The MOST important reason to maintain key risk indicators (KRIs) is because:
Complex metrics require fine-tuning.
Risk reports need to be timely.
Threats and vulnerabilities change over time.
They help to avoid risk.
To be effective, risk mitigation MUST:
Reduce the frequency of a threat.
Reduce the impact of a threat.
Minimize the inherent risk.
Minimize the residual risk.
What risk elements MUST be known in order to accurately calculate residual risk?
Compliance risk and reputation.
Inherent risk and control risk.
Risk governance and risk response.
Threats and vulnerabilities.
Which of the following reviews is BEST suited for the review of IT risk analysis results before the results are sent to management for approval and use in decision making?
A risk policy review.
A compliance review.
A peer review.
An internal audit review.
The MOST significant drawback of using quantitative risk analysis instead of qualitative risk analysis if the:
Lower management buy-in.
Higher reliance on skilled personnel.
A poor choice of passwords and transmission over unprotected communication lines are examples of:
An enterprise has implemented a tool that correlates information from multiple systems. This is an example of a monitoring tool that focuses on:
Which of the following methods is the MOST effective way to ensure that outsourced service providers comply with the enterprise's information security policy?
Security awareness training.
Service level monitoring.
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
Outsourcing the related business process to a third party.
Improving staff training in the risk area.
Insuring against the risk.
Updating the IT risk register.