Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

• A.Risk magnitude
• B.Cost-benefit analysis
• C.Risk appetite
• D.Incident probability

Comment: *

Name: *

Email: *

Verification: *

An organization has completed a project to implement encryption on all databases that host customer data.
Which of the following elements of the risk register should be updated to reflect this change?

• A.Risk tolerance
• B.Inherent risk
• C.Risk appetite
• D.Risk likelihood

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?

• A.Risk register
• B.Cause and effect diagram
• C.Risk indicator
• D.Return on investment
• E.Explanation:
  Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

• A.Internal audit findings
• B.Relevant risk case studies
• C.Risk assessment results
• D.Penetration testing results

Comment: *

Name: *

Email: *

Verification: *

Which of the following attributes of a key risk indicator (KRI) is MOST important?

• A.Repeatable
• B.Qualitative
• C.Automated
• D.Quantitative

Comment: *

Name: *

Email: *

Verification: *