An organization has opened a subsidiary in a foreign country. Which of the following would be the BEST way to measure the effectiveness of the subsidiary's IT systems controls?

• A.Review design documentation of IT systems.
• B.Evaluate compliance with legal and regulatory requirements.
• C.Implement IT systems in alignment with business objectives.
• D.Review metrics and key performance indicators (KPIs).

Comment: *

Name: *

Email: *

Verification: *

An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

• A.Identify systems that are vulnerable to being exploited by the attack.
• B.Verify the data backup process and confirm which backups are the most recent ones available.
• C.Confirm with the antivirus solution vendor whether the next update will detect the attack.
• D.Obtain approval for funding to purchase a cyber insurance plan.

Comment: *

Name: *

Email: *

Verification: *

A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

• A.develop an improved password software routine.
• B.obtain management approval for policy exception.
• C.continue the implementation with no changes.
• D.select another application with strong password controls.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

• A.Ensuring time synchronization of log sources.
• B.Ensuring the inclusion of all computing resources as log sources.
• C.Ensuring the inclusion of external threat intelligence log sources.
• D.Ensuring read-write access to all log sources

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner has been asked by executives to explain how existing risk treatment plans would affect risk posture at the end of the year. Which of the following is MOST helpful in responding to this request?

• A.Assessing risk with no controls in place
• B.Providing peer benchmarking results
• C.Assessing risk with current controls in place
• D.Showing projected residual risk

Comment: *

Name: *

Email: *

Verification: *