Which of the following is the MAIN reason to continuously monitor IT-related risk?

A. To ensure risk levels are within acceptable limits of the organization’s risk appetite and risk tolerance
B. To redefine the risk appetite and risk tolerance levels based on changes in risk factors
C. To help identify root causes of incidents and recommend suitable long-term solutions
D. To update the risk register to reflect changes in levels of identified and new IT-related risk

The MOST effective approach to prioritize risk scenarios is by:

A. assessing impact to the strategic plan
B. soliciting input from risk management experts
C. aligning with industry best practices
D. evaluating the cost of risk response

Which of the following would BEST ensure that identified risk scenarios are addressed?

A. Performing real-time monitoring of threats
B. Creating a separate risk register for key business units
C. Performing regular risk control self-assessments
D. Reviewing the implementation of the risk response

Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

A. Conduct an awareness program for data owners and users
B. Maintain and review the classified data inventory
C. Implement mandatory encryption on data
D. Define and implement a data classification policy

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

A. Frequency of failure of control
B. Contingency plan for residual risk
C. Cost-benefit analysis of automation
D. Impact due to failure of control

While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

A. control is ineffective and should be strengthened
B. risk is inefficiently controlled
C. risk is efficiently controlled
D. control is weak and should be removed

A risk practitioner is assisting with the preparation of a report on the organization’s disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile?

A. The percentage of systems meeting recovery target times has increased
B. The number of systems requiring a recovery plan has increased
C. The number of systems tested in the last year has increased
D. The percentage of systems with long recovery target times has decreased

Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?

A. To continuously improve risk management processes
B. To build an organizational risk-aware culture
C. To comply with legal and regulatory requirements
D. To identify gaps in risk management practices

Which of the following risk register updates is MOST important for senior management to review?

A. Avoiding a risk that was previously accepted
B. Extending the date of a future action plan by two months
C. Retiring a risk scenario no longer used
D. Changing a risk owner

Which of the following is the PRIMARY purpose of periodically reviewing an organization’s risk profile?

A. Design and implement risk response action plans
B. Align business objectives with risk appetite
C. Enable risk-based decision making
D. Update risk responses in the risk register