An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan. Which of the following is the risk practitioner's BEST course of action?

• A.Revert the implemented mitigation measures until approval is obtained.
• B.Validate the adequacy of the implemented risk mitigation measures.
• C.Report the observation to the chief risk officer (CRO).
• D.Update the risk register with the implemented risk mitigation actions.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help secure online financial transactions from improper users?

• A.Multi-factor authentication
• B.Periodic review of audit trails
• C.Multi-level authorization
• D.Review of log-in attempts

Comment: *

Name: *

Email: *

Verification: *

Due to a change in business processes, an identified risk scenario no longer requires mitigation. Which of the following is the MOST important reason the risk should remain in the risk register?

• A.To support regulatory requirements
• B.To prevent the risk scenario in the current environment
• C.To monitor for potential changes to the risk scenario
• D.To track historical risk assessment results

Comment: *

Name: *

Email: *

Verification: *

IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would be MOST helpful?

• A.List of key risk indicators
• B.Internal audit reports
• C.IT risk register
• D.List of approved projects

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?

• A.Any of the above
• B.Insuring
• C.Avoiding
• D.Accepting

Comment: *

Name: *

Email: *

Verification: *