Which of the following provides the MOST important input for analyzing I&T-related risk?
AInformation about market trends and technology evolution
BInformation about past incidents, frequency, and loss to the organization
CInformation about threats and vulnerabilities
A risk practitioner has been tasked with analyzing new risk events added to the risk register. Which of the following analysis methods would BEST enable the risk practitioner to minimize ambiguity and subjectivity?
AAnnual loss expectancy (ALE)
BDelphi method
CBrainstorming
Which of the following risk analysis methods gathers different types of potential risk ideas to be validated and ranked by an individual or small groups during interviews?
ADelphi technique
BMonte Carlo analysis
CBrainstorming model
Which of the following is a KEY contributing component for determining risk rankings to direct risk response?
ACost of mitigating controls
BSeverity of a vulnerability
CMaturity of risk management processes
Question 6
Risk Monitoring, Reporting and Communication
0
Question 7
Risk Assessment and Analysis
Question 8
Risk Monitoring, Reporting and Communication
Question 9
Risk Monitoring, Reporting and Communication
Question 10
Risk Governance and Management
Question 11
Risk Identification
Question 12
Risk Governance and Management
Question 13
Risk Governance and Management
Question 14
Risk Governance and Management
Question 15
Risk Assessment and Analysis
Question 16
Risk Assessment and Analysis
Question 17
Risk Governance and Management
Question 18
Risk Response
Question 19
Risk Assessment and Analysis
Question 20
Risk Assessment and Analysis
Question 21
Risk Identification
Question 22
Risk Assessment and Analysis
Question 23
Risk Intro and Overview
Question 24
Risk Identification
Question 25
Risk Response
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following is the MAIN reason to include previously overlooked risk in a risk report?
AAssurance is needed that the risk dashboard is complete and comprehensive.
BOverlooked or ignored risk may become relevant in the future.
CThe risk report must contain the current state of all risk.
What is the PRIMARY benefit of using generic technology terms in IT risk assessment reports to management?
AClarity on the proper interpretation of reported risk
BSimplicity in translating risk reports into other languages
CEase of promoting risk awareness with key stakeholders
Risk monitoring is MOST effective when it is conducted:
Athroughout the risk treatment planning process.
Bfollowing changes to the business’s environment.
Cbefore and after completing the risk treatment plan.
Key risk indicators (KRIs) are used for which of the following purposes when developing a project plan?
ADetermining resource allocation
BAssigning risk owners
CPerforming a gap analysis
In the context of enterprise risk management (ERM), what is the overall role of I&T risk management stakeholders?
AStakeholders are accountable for all risk management activities within an enterprise.
BStakeholders set direction and provide support for risk management practices.
CStakeholders are responsible for protecting enterprise assets to achieve business objectives.
Which of the following is considered an exploit event?
AAny event that is verified as a security breach
BThe actual occurrence of an adverse event
CAn attacker takes advantage of a vulnerability
How does an enterprise decide how much risk it is willing to take to meet its business objectives?
ABy conducting research on industry standards for acceptable risk based on similar businesses
BBy identifying the risk conditions of the business and the impact of the loss if these risks materialize
CBy surveying business initiatives to determine what risks would cease their operations
Which of the following is MOST likely to promote ethical and open communication of risk management activities at the executive level?
AIncreasing the frequency of risk status reports
BRecommending risk tolerance levels to the business
CExpressing risk results in financial terms
Of the following, which stakeholder group is MOST often responsible for risk governance?
ABoard of directors
BEnterprise risk management (ERM)
CBusiness units
Which of the following presents the GREATEST risk for the continued existence of an enterprise?
AWhen its risk appetite and tolerance are reviewed annually
BWhen its actual risk eventually exceeds organizational risk appetite
CWhen its risk appetite and actual risk exceed its risk capacity
Which of the following would have the MOST impact on the accuracy and appropriateness of plans associated with business continuity and disaster recovery?
AMaterial updates to the incident response plan
BChanges to the business impact assessment (BIA)
CData backups being moved to the cloud
Which of the following MUST be established in order to manage I&T-related risk throughout the enterprise?
AAn enterprise risk governance committee
BIndustry best practices for risk management
CThe enterprise risk universe
Which risk response option has been adopted when an enterprise outsources disaster recovery activities to leverage the skills and expertise of a third-party provider?
ARisk mitigation
BRisk avoidance
CRisk transfer
As part of an I&T related risk assessment, which of the following should be reviewed to obtain an initial view of overall I&T related risk for the enterprise?
AThreats and vulnerabilities for each risk factor identified
BComponents of the risk register with remediation plans
CComponents of the risk universe at a high level
Risk analysis makes it easier to communicate impact in terms of:
Acriticality of I&T assets.
Blost productivity.
Creputational damage.
Which of the following is a benefit of using a top-down approach when developing risk scenarios?
AFocus at the enterprise level makes it easier to achieve management support.
BThe development process is simplified because it includes only I&T-related events.
CIdentification and assignment of risk ownership for mitigation plans can be done more quickly.
Applying statistical analysis methods to I&T risk scenarios is MOST appropriate when:
Aquantifiable historical data is available for detailed reviews.
Brisk management professionals are unfamiliar with qualitative methods.
Cmembers of senior management have advanced mathematical knowledge.
Which of the following is the MOST important factor to consider when developing effective risk scenarios?
ARisk events that affect both financial and strategic objectives
