Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?
#1231
Answer: A✅ Correct❌ Incorrect
Which of the following is MOST likely to result in a major change to the overall risk profile of the organization?
#1232
Answer: C✅ Correct❌ Incorrect
Which of the following is the ULTIMATE objective of utilizing key control indicators (KCIs) in the risk management process?
#1233
Answer: B✅ Correct❌ Incorrect
An organization requires a third-party attestation report annually from all service providers. One service provider is unable to provide the required report due to recent changes in ownership. Which of the following is the BEST course of action for the risk practitioner?
#1234
Answer: D✅ Correct❌ Incorrect
Which of the following processes BEST enables a risk practitioner to gather evidence about the threat environment for further analysis?
#1235
Answer: B✅ Correct❌ Incorrect
Which of the following BEST enables a risk practitioner to determine the appropriate risk treatment for a materialized event?
#1236
Answer: D✅ Correct❌ Incorrect
To drive effective risk management, it is MOST important that an organization’s policy framework is:
#1237
Answer: C✅ Correct❌ Incorrect
Which of the following is the MOST important risk management activity during project initiation?
#1238
Answer: B✅ Correct❌ Incorrect
Which of the following provides a risk practitioner with the MOST reliable evidence of a third-party’s ability to protect the confidentiality of sensitive corporate information?
#1239
Answer: A✅ Correct❌ Incorrect
An insurance company handling sensitive and personal information from its customers receives a large volume of telephone requests and electronic communications daily. Which of the following is MOST important to include in a risk awareness training session for the customer service department?
#1240
Answer: A✅ Correct❌ Incorrect
Which of the following is the BEST approach to resolve a disagreement between stakeholders regarding the impact of a potential risk scenario?
#1241
Answer: C✅ Correct❌ Incorrect
Which of the following is the BEST indication of a potential threat?
#1242
Answer: A✅ Correct❌ Incorrect
Which of the following is the MOST effective in mitigating the risk of rogue Internet of Things (IoT) devices in an organization’s network?
#1243
Answer: B✅ Correct❌ Incorrect
An organization is outsourcing data processing to a third-party data center facility to reduce costs. Who is responsible for the performance of data retention controls?
#1244
Answer: A✅ Correct❌ Incorrect
An organization has recently corrected its machine-learning model that had been producing automated decisions that had adverse impact on its customers. Which of the following is the BEST course of action?
#1245
Answer: D✅ Correct❌ Incorrect
Which of the following is the MOST effective way to help ensure senior management is informed about the organization's risk environment?
#1246
Answer: D✅ Correct❌ Incorrect
Which of the following presents the GREATEST risk to an organization with a large number of Internet of Things (IoT) devices within its network?
#1247
Answer: C✅ Correct❌ Incorrect
An organization's IT department wants to complete a proof of concept (POC) for a security tool. The project lead has asked for approval to use the production data for testing purposes as it will yield the best results. Which of the following is the risk practitioner's BEST recommendation?
#1248
Answer: D✅ Correct❌ Incorrect
An organization has purchased insurance coverage against potential unauthorized disclosure of personal data. What should be expected as a result of this risk response?
#1249
Answer: A✅ Correct❌ Incorrect
Who is ULTIMATELY accountable for the confidentiality of data in the event of a data breach within a Software as a Service (SaaS) environment?
#1250
Answer: C✅ Correct❌ Incorrect
Which of the following is the GREATEST benefit of a risk-aware culture?
#1251
Answer: D✅ Correct❌ Incorrect
An organization has outsourced its backup and recovery procedures to a cloud service provider. The provider's controls are inadequate for the organization's level of risk tolerance. As a result, the organization has internally implemented additional backup and recovery controls. Which risk response has been adopted?
#1252
Answer: D✅ Correct❌ Incorrect
Which of the following presents the GREATEST risk associated with the use of emerging technologies?
#1253
Answer: D✅ Correct❌ Incorrect
Which of the following would be MOST helpful to review when prioritizing the implementation of multiple IT-related initiatives?
#1254
Answer: C✅ Correct❌ Incorrect
Which of the following attributes of data provided to an automated log analysis tool is MOST important for effective risk monitoring?
#1255
Answer: C✅ Correct❌ Incorrect
A control owner has decided to implement a compensating control instead of the control selected in the risk action plan. Which of the following is the risk practitioner's MOST important action after reassessing the risk?
#1256
Answer: B✅ Correct❌ Incorrect
Which of the following is a PRIMARY benefit to an organization adopting a three lines of defense model?
#1257
Answer: C✅ Correct❌ Incorrect
Which of the following would be the MOST effective mitigating control when a legacy application does not have the capability to appropriately enforce separation of duties?
#1258
Answer: C✅ Correct❌ Incorrect
Risk mitigation is MOST effective when which of the following is optimized?
#1259
Answer: B✅ Correct❌ Incorrect
Which of the following is the BEST way to assess the effectiveness of an access management process?