The acceptance of control costs that exceed risk exposure is MOST likely an example of:

• A.corporate culture alignment
• B.corporate culture misalignment.
• C.low risk tolerance.
• D.high risk tolerance.

Comment: *

Name: *

Email: *

Verification: *

When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?

• A.Recommend management accept the low risk scenarios.
• B.Assess management's risk tolerance.
• C.Re-evaluate the risk scenarios associated with the control
• D.Propose mitigating controls

Comment: *

Name: *

Email: *

Verification: *

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

• A.Risk transfer
• B.Risk acceptance
• C.Risk avoidance
• D.Risk mitigation
• E.Explanation:
  Risk transfer is the practice of passing risk from one entity to another entity. In other words, if a company is covered under a liability insurance policy providing various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc., it means it has transferred its security risks to the insurance company.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way to mitigate identified risk scenarios?

• A.areas Document the risk tolerance of the organization.
• B.Perform periodic audits on identified risk.
• C.Provide awareness in early detection of risk.
• D.Assign ownership of the risk response plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

• A.independent from the business operations.
• B.authorized to select risk mitigation options.
• C.members of senior management.
• D.accountable for the affected processes.

Comment: *

Name: *

Email: *

Verification: *