Which of the following helps ensure compliance with a non-repudiation policy requirement for electronic transactions?

A. Digital signatures
B. Digital certificates
C. One-time passwords
D. Encrypted passwords

A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

A. Risk appetite statement
B. Risk management policies
C. Risk register
D. Enterprise risk management framework

During testing, a risk practitioner finds the IT department’s recovery time objective (RTO) for a key system does not align with the enterprise’s business continuity plan (BCP). Which of the following should be done NEXT?

A. Complete a risk exception form
B. Report the gap to senior management
C. Consult with the business owner to update the BCP
D. Consult with the IT department to update the RTO

Which of the following is MOST helpful in identifying new risk exposures due to changes in the business environment?

A. Industry benchmarking
B. Standard operating procedures
C. Control gap analysis
D. SWOT analysis

Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

A. provide a current reference to stakeholders for risk-based decisions
B. minimize the number of risk scenarios for risk assessment
C. aggregate risk scenarios identified across different business units
D. build a threat profile of the organization for management review

Which of the following can be interpreted from a single data point on a risk heat map?

A. Risk appetite
B. Risk magnitude
C. Risk response
D. Risk tolerance

Who should be accountable for ensuring effective cybersecurity controls are established?

A. Security management function
B. Enterprise risk function
C. Risk owner
D. IT management

Which of the following is the MOST important consideration when developing an organization’s risk taxonomy?

A. IT strategy
B. Leading industry frameworks
C. Business context
D. Regulatory requirements

Which of the following is the MOST cost-effective way to test a business continuity plan?

A. Conduct a tabletop exercise
B. Conduct interviews with key stakeholders
C. Conduct a disaster recovery exercise
D. Conduct a full functional exercise

The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:

A. focus on the business drivers
B. reference best practice
C. benchmark with competitor’s actions
D. align with audit results