ISACA-Certified in Risk and Information Systems Control Set 9

1.

To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

clearly define the project scope perform background checks on the vendor notify network administrators before testing require the vendor to sign a nondisclosure agreement

2.

From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

solution delivery strategic alignment resource utilization performance evaluation

3.

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

An increase in attempted distributed denial of service (DDoS) attacks An increase in attempted website phishing attacks A decrease in remediated web security vulnerabilities A decrease in achievement of service level agreements (SLAs)

4.

Which of the following would be MOST useful when measuring the progress of a risk response action plan?

Resource expenditure against budget An up-to-date risk register Percentage of mitigated risk scenarios Annual loss expectancy (ALE) changes

5.

Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

Risk ownership Best practices Desired risk level Regulatory compliance

6.

Which of the following is the BEST evidence that a user account has been properly authorized?

Notification from human resources that the account is active Formal approval of the account by the user's manager User privileges matching the request form An email from the user accepting the account

7.

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Gather scenarios from senior management Derive scenarios from IT risk policies and standards Benchmark scenarios against industry peers Map scenarios to a recognized risk management framework

8.

An effective control environment is BEST indicated by controls that:

minimize senior management's risk tolerance manage risk within the organization's risk appetite are cost-effective to implement reduce the thresholds of key risk indicators (KRIs)

9.

Which of the following attributes of a key risk indicator (KRI) is MOST important?

Repeatable Qualitative Automated Quantitative

10.

Which of the following statements BEST describes risk appetite?

Acceptable variation between risk thresholds and business objectives The amount of risk an organization is willing to accept The effective management of risk and internal control environments The acceptable variation relative to the achievement of objectives

ISACA-Certified in Risk and Information Systems Control Set 9

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

ISACA-Certified in Risk and Information Systems Control Set 9

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner