When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

• A.Risk identification
• B.Risk management strategy planning
• C.Risk monitoring and control
• D.Risk response planning

Comment: *

Name: *

Email: *

Verification: *

Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

• A.Independent audit report
• B.Business impact analysis (BIA)
• C.Service level agreement (SLA)
• D.Nondisclosure agreement (NDA)

Comment: *

Name: *

Email: *

Verification: *

An organization is considering outsourcing user administration controls tor a critical system. The potential vendor has offered to perform quarterly sett-audits of its controls instead of having annual independent audits. Which of the following should be of GREATEST concern to me risk practitioner?

• A.The vendor will not ensure against control failure
• B.The vendor will not achieve best practices
• C.The controls may not be properly tested
• D.Lack of a risk-based approach to access control

Comment: *

Name: *

Email: *

Verification: *

Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?

• A.Establishing a risk management committee
• B.Communicating the results of the threat impact analysis
• C.Establishing metrics to assess the effectiveness of the responses
• D.Updating the organization's risk register to reflect the new threat

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST risk associated with an environment that lacks documentation of the architecture?

• A.Legacy technology systems
• B.Overlapping threats
• C.Unknown vulnerabilities
• D.Network isolation

Comment: *

Name: *

Email: *

Verification: *