Page 1 out of 72. Viewing questions 1-15 out of 1089
Question 1
Topic 4
Topic 4 The PRIMARY reason for prioritizing risk scenarios is to:
A. facilitate risk response decisions.
B. support risk response tracking.
C. assign risk ownership.
D. provide an enterprise-wide view of risk.
Answer:
A
User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Topic 4
Topic 4 A third-party vendor has offered to perform user access provisioning and termination. Which of the following control accountabilities is BEST retained within the organization?
A. Reviewing access control lists
B. Performing user access recertification
C. Authorizing user access requests
D. Terminating inactive user access
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 3
Topic 4
Topic 4 In order to determine if a risk is under-controlled, the risk practitioner will need to:
A. determine the sufficiency of the IT risk budget
B. monitor and evaluate IT performance
C. identify risk management best practices
D. understand the risk tolerance
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 4
Topic 4
Topic 4 Which of the following is the BEST way to quantify the likelihood of risk materialization?
A. Balanced scorecard
B. Business impact analysis (BIA)
C. Threat and vulnerability assessment
D. Compliance assessments
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 5
Topic 4
Topic 4 Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
A. Ensuring that risk and control assessments consider fraud
B. Implementing processes to detect and deter fraud
C. Providing oversight of risk management processes
D. Monitoring the results of actions taken to mitigate fraud
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Topic 4
Topic 4 Which of the following is MOST important for an organization to update following a change in legislation requiring notification to individuals impacted by data breaches?
A. Security awareness training
B. Policies and standards
C. Risk appetite and tolerance
D. Insurance coverage
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 7
Topic 4
Topic 4 An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:
A. a tool for monitoring critical activities and controls
B. procedures to monitor the operation of controls
C. real-time monitoring of risk events and control exceptions
D. monitoring activities for all critical assets.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Topic 4
Topic 4 Which of the following is MOST helpful to understand the consequences of an IT risk event?
A. Fault tree analysis
B. Root cause analysis
C. Business impact analysis (BIA)
D. Historical trend analysis
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 9
Topic 4
Topic 4 What information related to a system vulnerability would be MOST useful to management in making an effective risk-based decision?
A. Consequences if the vulnerability is exploited
B. Availability of patches to mitigate the vulnerability
C. Vulnerability scanning tools currently in place
D. Risk mitigation plans for the vulnerability
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Topic 4
Topic 4 Which of the following risk-related information is MOST valuable to senior management when formulating an IT strategic plan?
A. Risk mitigation plans
B. IT risk appetite statement
C. Emerging IT risk scenarios
D. Key risk indicators (KRIs)
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Topic 4
Topic 4 Before assigning sensitivity levels to information, it is MOST important to:
A. define the information classification policy.
B. conduct a sensitivity analysis.
C. identify information custodians.
D. define recovery time objectives (RTOs).
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Topic 4
Topic 4 Within the three lines of defense model, the accountability for the system of internal controls resides with:
A. enterprise risk management.
B. the risk practitioner.
C. the chief information officer (CIO).
D. the board of directors.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Topic 4
Topic 4 The PRIMARY purpose of using a framework for risk analysis is to:
A. help define risk tolerance
B. help develop risk scenarios
C. improve consistency
D. improve accountability.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Topic 4
Topic 4 Which of the following will BEST help to ensure the continued effectiveness of the IT risk management function within an organization experiencing high employee turnover?
A. Change and release management
B. Well documented policies and procedures
C. Risk and issue tracking
D. An IT strategy committee
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Topic 4
Topic 4 Which of the following is MOST important to review when determining whether a potential IT service providers control environment is effective?