Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

• A.Design and implement risk response action plans
• B.Align business objectives with risk appetite
• C.Enable risk-based decision making
• D.Update risk responses in the risk register

Comment: *

Name: *

Email: *

Verification: *

When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment options is being applied?

• A.Transfer
• B.Avoidance
• C.Acceptance
• D.Mitigation

Comment: *

Name: *

Email: *

Verification: *

Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?

• A.Risk management
• B.Risk response integration
• C.Risk response implementation
• D.Risk response tracking

Comment: *

Name: *

Email: *

Verification: *

A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

• A.Risk appetite
• B.Inherent risk
• C.Residual risk
• D.Key risk indicators (KRls)

Comment: *

Name: *

Email: *

Verification: *

While reviewing the risk register, a risk practitioner notices that different business units have significant variances in inherent risk for the same risk scenario. Which of the following is the BEST course of action?

• A.Update the risk register to ensure both risk scenarios have the highest residual risk.
• B.Review the assumptions of both risk scenarios to determine whether the variance is reasonable.
• C.Update the risk register with the average of residual risk for both business units.
• D.Request that both business units conduct another review of the risk.

Comment: *

Name: *

Email: *

Verification: *