Computer Lab for Rent
Meeting Room Rental
Training Facility Rental
Exam Testing Center
Purchase Exam Vouchers
Custom Course Development
Who We Are
Work With Us
Step 1 of 17
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
Updating the IT risk register.
Outsourcing the related business process to a third party.
Insuring against the risk.
Improving staff training in the risk area.
Which of the following methods is the MOST effective way to ensure that outsourced service providers comply with the enterprise's information security policy?
Security awareness training.
Service level monitoring.
To be effective, risk mitigation MUST:
Minimize the residual risk.
Reduce the frequency of a threat.
Minimize the inherent risk.
Reduce the impact of a threat.
The MOST important reason to maintain key risk indicators (KRIs) is because:
Complex metrics require fine-tuning.
Risk reports need to be timely.
Threats and vulnerabilities change over time.
They help to avoid risk.
Which of the following choices is the BEST measure of the operational effectiveness of risk management process capabilities?
Key performance indicators (KPIs).
Key risk indicators (KRIs).
The MOST significant drawback of using quantitative risk analysis instead of qualitative risk analysis if the:
Higher reliance on skilled personnel.
Lower management buy-in.
Which of the following business requirements BEST relates to the need for resilient business and information systems processes?
An enterprise has implemented a tool that correlates information from multiple systems. This is an example of a monitoring tool that focuses on:
The preparation of a risk register begins in which of the following risk management processes?
Risk management strategy planning.
Risk monitoring and control.
Risk response planning.
A poor choice of passwords and transmission over unprotected communication lines are examples of:
Deriving the likelihood and impact of risk scenarios through statistical methods is BEST described as:
Risk scenario analysis.
Quantitative risk analysis.
Qualitative risk analysis.
Probabilistic risk assessment.
Which of the following reviews is BEST suited for the review of IT risk analysis results before the results are sent to management for approval and use in decision making?
A risk policy review.
A peer review.
A compliance review.
An internal audit review.
It is MOST important that risk appetite is aligned with business objectives to ensure that:
Resources are directed toward areas of low risk tolerance.
The risk strategy is adequately communicated.
IT and business goals are aligned.
Major risk is identified and eliminated.
Risk scenarios are analyzed to determine:
Current risk profile.
Scenario root cause.
Strength of controls.
Likelihood and impact.
Which of the following choices should be considered FIRST when designing information system controls?
The existing IT environment.
The organizational strategic plan.
The present IT budget.
The IT strategic plan.
What risk elements MUST be known in order to accurately calculate residual risk?
Compliance risk and reputation.
Inherent risk and control risk.
Threats and vulnerabilities.
Risk governance and risk response.