A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:

• A.identifying risk mitigation controls
• B.documenting the risk scenarios
• C.validating the risk scenarios
• D.updating the risk register

Comment: *

Name: *

Email: *

Verification: *

Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

• A.Management has not determined a final implementation date.
• B.Management has not secured resources for mitigation activities.
• C.Management has not completed an early mitigation milestone.
• D.Management has not begun the implementation.

Comment: *

Name: *

Email: *

Verification: *

An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.

• A.Information security managers
• B.Internal auditors
• C.Incident response team members
• D.Business managers

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?

• A.Change management audit
• B.Risk assessment
• C.Change control process
• D.Role-specific technical training

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to the integrity of a security log?

• A.Least privilege access
• B.Encryption
• C.Inability to edit
• D.Ability to overwrite

Comment: *

Name: *

Email: *

Verification: *