Which of the following can be used to assign a monetary value to risk?

• A.Cost-benefit analysis
• B.Annual loss expectancy (ALE)
• C.Business impact analysis
• D.Inherent vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

• A.Identify an owner for the new control.
• B.Modify the action plan in the risk register.
• C.Communicate the decision to the risk owner for approval
• D.Seek approval from the previous action plan manager.

Comment: *

Name: *

Email: *

Verification: *

What are the functions of audit and accountability control?
Each correct answer represents a complete solution. Choose all that apply.

• A.Provides details on how to protect the audit logs
• B.Implement effective access control
• C.Implement an effective audit program
• D.Provides details on how to determine what to audit

Comment: *

Name: *

Email: *

Verification: *

A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management, the risk practitioner should explain:

• A.the current level of risk is within tolerance.
• B.mitigation plans for threat events should be prepared in the current planning period.
• C.an increase in threat events could cause a loss sooner than anticipated.
• D.this risk scenario is equivalent to more frequent, but lower impact risk scenarios.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST defense against successful phishing attacks?

• A.Intrusion detection system
• B.Application hardening
• C.End-user awareness
• D.Spam filters

Comment: *

Name: *

Email: *

Verification: *