Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

• A.Conduct a comprehensive compliance review.
• B.Declare a security breach and Inform management.
• C.Investigate the root cause of noncompliance.
• D.Develop incident response procedures for noncompliance.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?

• A.Any of the above
• B.Insuring
• C.Avoiding
• D.Accepting

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates the effectiveness of anti-malware software?

• A.Number of staff hours lost due to malware attacks
• B.Number of successful attacks by malicious software
• C.Number of downtime hours in business critical servers
• D.Number of patches made to anti-malware software

Comment: *

Name: *

Email: *

Verification: *

When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?

• A.Updating the IT risk registry
• B.Insuring against the risk
• C.Outsourcing the related business process to a third party
• D.Improving staff-training in the risk area

Comment: *

Name: *

Email: *

Verification: *

While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

• A.control is ineffective and should be strengthened
• B.risk is inefficiently controlled
• C.risk is efficiently controlled
• D.control is weak and should be removed

Comment: *

Name: *

Email: *

Verification: *