An organization with a large number of applications wants to establish a security risk assessment program. Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

• A.Prioritization from business owners
• B.Recommendations from internal audit
• C.Results of a benchmark analysis
• D.Feedback from end users

Comment: *

Name: *

Email: *

Verification: *

You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request. Where should the declined change request be documented and stored?

• A.Change request log
• B.Project archives
• C.Lessons learned
• D.Project document updates

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help to ensure that suspicious network activity is identified?

• A.Coordinating events with appropriate agencies
• B.Analyzing server logs
• C.Analyzing intrusion detection system (IDS) logs
• D.Using a third-party monitoring provider

Comment: *

Name: *

Email: *

Verification: *

The effectiveness of a control has decreased. What is the MOST likely effect on the associated risk?

• A.The inherent risk changes.
• B.The risk impact changes.
• C.The risk classification changes.
• D.The residual risk changes.

Comment: *

Name: *

Email: *

Verification: *

While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BEST reduce the risk associated with such a data breach?

• A.Engaging a third party to validate operational controls
• B.Using the same cloud vendor as a competitor
• C.Using field-level encryption with a vendor supplied key
• D.Ensuring the vendor does not know the encryption key

Comment: *

Name: *

Email: *

Verification: *