A risk practitioners PRIMARY focus when validating a risk response action plan should be that risk response:

• A.advances business objectives.
• B.aligns with business strategy
• C.quantifies risk impact
• D.reduces risk to an acceptable level

Comment: *

Name: *

Email: *

Verification: *

When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

• A.used for verification within the SLA.
• B.resolved within the SLA.
• C.that result in a full root cause analysis.
• D.that are verified as actual incidents.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the MOST useful information when determining if a specific control should be implemented?

• A.Attribute analysis
• B.Cost-benefit analysis
• C.Root cause analysis
• D.Business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the first MOST step in the risk assessment process?

• A.Identification of assets
• B.Identification of threats
• C.Identification of threat sources
• D.Identification of vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

You are the Risk Official in Bluewell Inc. You have detected much vulnerability during risk assessment process. What you should do next?

• A.Prioritize vulnerabilities for remediation solely based on impact.
• B.Handle vulnerabilities as a risk, even though there is no threat.
• C.Analyze the effectiveness of control on the vulnerabilities' basis.
• D.Evaluate vulnerabilities for threat, impact, and cost of mitigation.

Comment: *

Name: *

Email: *

Verification: *