An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

• A.mitigated.
• B.avoided.
• C.transferred.
• D.accepted.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST appropriate action when a tolerance threshold is exceeded?

• A.Increase human resources to respond in the interim.
• B.Research the root cause of similar incidents.
• C.Communicate potential impact to decision makers.
• D.Verify the response plan is adequate.

Comment: *

Name: *

Email: *

Verification: *

Which of the following comes under phases of risk management?

• A.Assessing risk
• B.Prioritization of risk
• C.Identify risk
• D.Monitoring risk
• E.Developing risk

Correct Answer: A,B,C,D

Risk management provides an approach for individuals and groups to make a decision on how to
deal with potentially harmful situations.
Following are the four phases involved in risk management:
1.Risk identification :The first thing we must do in risk management is to identify the areas of the
project where the risks can occur.
This is termed as risk identification. Listing all the possible risks is proved to be very productive for
the enterprise as we can cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them. 2.Risk Assessment and Evaluation :Risk assessment use quantitative and qualitative analysis approaches to evaluate each significant risk identified. 3.Risk Prioritization and Response :As many risks are being identified in an enterprise, it is best to give each risk a score based on its likelihood and significance in form of ranking. This concludes whether the risk with high likelihood and high significance must be given greater attention as compared to similar risk with low likelihood and low significance. Hence, risks can be prioritized and appropriate responses to those risks are created. 4.Risk Monitoring :Risk monitoring is an activity which oversees the changes in risk assessment. Over time, the likelihood or significance originally attributed to a risk may change. This is especially true when certain responses, such as mitigation, have been made.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the final step in the policy development process?

• A.Management approval
• B.Continued awareness activities
• C.Communication to employees
• D.Maintenance and review

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for assessing control effectiveness against technical vulnerabilities that could be exploited to compromise an information system?

• A.Vulnerability scanning
• B.Penetration testing
• C.Systems log correlation analysis
• D.Monitoring of intrusion detection system (IDS) alerts

Comment: *

Name: *

Email: *

Verification: *