Which of the following is the MOST important input when developing risk scenarios?

• A.The organization's risk framework
• B.Risk appetite
• C.Business objectives
• D.Key performance indicators

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

• A.Penetration testing
• B.Service level monitoring
• C.Security awareness training
• D.Periodic audits

Comment: *

Name: *

Email: *

Verification: *

Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

• A.Communicating components of risk and their acceptable levels
• B.Performing a benchmark analysis and evaluating gaps
• C.Participating in peer reviews and implementing best practices
• D.Conducting risk assessments and implementing controls

Comment: *

Name: *

Email: *

Verification: *

An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?

• A.Perform a risk assessment
• B.Disable user access
• C.Perform root cause analysis
• D.Develop an access control policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables the identification of trends in risk levels?

• A.Quantitative measurements are used for key risk indicators (KRIs).
• B.Qualitative definitions for key risk indicators (KRIs) are used.
• C.Correlation between risk levels and key risk indicators (KRIs) is positive.
• D.Measurements for key risk indicators (KRIs) are repeatable

Comment: *

Name: *

Email: *

Verification: *