Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls MOST likely failed?

• A.Awareness training
• B.User access
• C.Policy management
• D.Background checks

Comment: *

Name: *

Email: *

Verification: *

A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?

• A.Action plans to address risk scenarios requiring treatment
• B.The team that performed the risk assessment
• C.An assigned risk manager to provide oversight
• D.The methodology used to perform the risk assessment

Comment: *

Name: *

Email: *

Verification: *

The MAIN purpose of reviewing a control after implementation is to validate that the control:

• A.meets regulatory requirements.
• B.is being monitored.
• C.operates as intended.
• D.operates efficiently.

Comment: *

Name: *

Email: *

Verification: *

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

• A.Redundant compensating controls are in place.
• B.Asset custodians are responsible for defining controls instead of asset owners.
• C.A high number of approved exceptions exist with compensating controls.
• D.Successive assessments have the same recurring vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

• A.communication
• B.identification.
• C.assessment.
• D.treatment.

Comment: *

Name: *

Email: *

Verification: *