An organization has outsourced a critical process involving highly regulated data to a third party with servers located in a foreign country. Who is accountable for the confidentiality of this data?

• A.Data owner
• B.Data custodian
• C.Third-party data custodian
• D.Regional office executive

Comment: *

Name: *

Email: *

Verification: *

The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner's BEST recommendation?

• A.Implement training on coding best practices
• B.Perform a code review
• C.Perform a root cause analysis
• D.Implement version control software

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST enable a risk-based decision when considering the use of an emerging technology for data processing?

• A.Threat assessment
• B.Gap analysis
• C.Resource skills matrix
• D.Data quality assurance plan

Comment: *

Name: *

Email: *

Verification: *

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

• A.Intrusion detection system (IDS) rules
• B.Penetration test reports
• C.Vulnerability assessment reports
• D.Logs and system events

Comment: *

Name: *

Email: *

Verification: *

A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

• A.Approve exception to allow the software to continue operating
• B.Accept the risk and let the vendor run the software as is
• C.Require the software vendor to remediate the vulnerabilities
• D.Monitor the databases for abnormal activity

Comment: *

Name: *

Email: *

Verification: *