An IT department has organized training sessions to improve user awareness of organizational information security policies. Which of the following is the BEST key performance indicator (KPI) to reflect effectiveness of the training?

• A.Percentage of staff members who complete the training with a passing score
• B.Percentage of attendees versus total staff
• C.Percentage of staff members who attend the training with positive feedback
• D.Number of training sessions completed

Comment: *

Name: *

Email: *

Verification: *

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities.
The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

• A.encryption for data at rest.
• B.two-factor authentication.
• C.encryption for data in motion.
• D.continuous data backup controls.

Comment: *

Name: *

Email: *

Verification: *

Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

• A.Continuous monitoring and alerting
• B.Access controls and active logging
• C.Configuration management
• D.Vulnerability scanning

Comment: *

Name: *

Email: *

Verification: *

An organization has raised the risk appetite for technology risk. The MOST likely result would be:

• A.lower risk management cost.
• B.higher risk management cost
• C.increased inherent risk.
• D.decreased residual risk.

Comment: *

Name: *

Email: *

Verification: *

An organization with a large number of applications wants to establish a security risk assessment program.
Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

• A.Feedback from end users
• B.Recommendations from internal audit
• C.Prioritization from business owners
• D.Results of a benchmark analysis

Comment: *

Name: *

Email: *

Verification: *