An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?

• A.IT security manager
• B.Control owner
• C.Risk owner
• D.IT system owner

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?

• A.Risk appetite
• B.Sensitivity analysis
• C.Level of residual risk
• D.Cost-benefit analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables the identification of trends in risk levels?

• A.Measurements for key risk indicators (KRIs) are repeatable
• B.Qualitative definitions for key risk indicators (KRIs) are used
• C.Quantitative measurements are used for key risk indicators (KRIs)
• D.Correlation between risk levels and key risk indicators (KRIs) is positive

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful when communicating roles associated with the IT risk management process?

• A.Skills matrix
• B.Organizational chart
• C.RACI chart
• D.Job descriptions

Comment: *

Name: *

Email: *

Verification: *

Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

• A.Corrective control
• B.Preventive control
• C.Detective control
• D.Deterrent control

Comment: *

Name: *

Email: *

Verification: *