Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

A. Reviewing database access rights
B. Reviewing changes to edit checks
C. Comparing data to input records
D. Reviewing database activity logs

Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

A. Comparison against best practice
B. Relevance to the business process
C. Regulatory compliance requirements
D. Cost-benefit analysis

Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?

A. Monitoring key access control performance indicators
B. Updating multi-factor authentication
C. Analyzing access control logs for suspicious activity
D. Revising the service level agreement (SLA)

A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?

A. Business process owner
B. Chief financial officer
C. Chief risk officer
D. IT system owner

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an anti-virus program?

A. Frequency of anti-virus software updates
B. Number of alerts generated by the anti-virus software
C. Percentage of IT assets with current malware definitions
D. Number of false positives detected over a period of time

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

A. Control owner
B. Risk owner
C. Data owner
D. System owner

A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

A. obtain management approval for policy exception
B. continue the implementation with no changes
C. develop an improved password software routine
D. select another application with strong password controls

Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?

A. A quantitative presentation of risk assessment results
B. A qualitative presentation of risk assessment results
C. A comparison of risk assessment results to the desired state
D. An assessment of organizational maturity levels and readiness

Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?

A. A control self-assessment
B. Benchmarking against peers
C. Transaction logging
D. Continuous monitoring

A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

A. no action is required as there was no impact
B. a root cause analysis is required
C. hardware needs to be upgraded
D. controls are effective for ensuring continuity