A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

A. Ensuring the inclusion of all computing resources as log sources
B. Ensuring time synchronization of log sources
C. Ensuring read-write access to all log sources
D. Ensuring the inclusion of external threat intelligence log sources

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

A. treatment
B. identification
C. communication
D. assessment

Which of the following provides the BEST evidence of the effectiveness of an organization’s account provisioning process?

A. User provisioning
B. Security log monitoring
C. Entitlement reviews
D. Role-based access controls

Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

A. Closed management action plans from the previous audit
B. Annual risk assessment results
C. An updated vulnerability management report
D. A list of identified generic risk scenarios

Which of the following would prompt changes in key risk indicator (KRI) thresholds?

A. Changes in risk appetite or tolerance
B. Modification to risk categories
C. Knowledge of new and emerging threats
D. Changes to the risk register

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

A. Control self-assessment (CSA)
B. Vulnerability and threat analysis
C. User acceptance testing (UAT)
D. Control remediation planning

A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner’s BEST course of action?

A. Implement a process improvement and replace the old risk register
B. Outsource the process for updating the risk register
C. Identify changes in risk factors and initiate risk reviews
D. Engage an external consultant to redesign the risk management process

After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:

A. inform the IT manager of the concerns and propose measures to reduce them
B. inform the process owner of the concerns and propose measures to reduce them
C. inform the development team of the concerns, and together formulate risk reduction measures
D. recommend a program that minimizes the concerns of that production system

Which of the following tools is MOST effective in identifying trends in the IT risk profile?

A. Risk dashboard
B. Risk register
C. Risk self-assessment
D. Risk map

Which of the following would be considered a vulnerability?

A. Delayed removal of employee access
B. Corruption of files due to malware
C. Authorized administrative access to HR files
D. Server downtime due to a denial of service (DoS) attack