Which of the following would BEST ensure that identified risk scenarios are addressed?

• A.Creating a separate risk register for key business units
• B.Performing regular risk control self-assessments
• C.Reviewing the implementation of the risk response
• D.Performing real-time monitoring of threats

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help minimize the risk associated with social engineering threats?

• A.Reviewing the organization's risk appetite
• B.Enforcing employee sanctions
• C.Enforcing segregation of duties
• D.Conducting phishing exercises

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason, a risk practitioner would be interested in an internal audit report is to:

• A.maintain a risk register based on noncompliances
• B.plan awareness programs for business managers
• C.assist in the development of a risk profile
• D.evaluate maturity of the risk management process

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

• A.A process to remove employee access during the exit interview is implemented.
• B.A list of terminated employees is generated for reconciliation against current IT access.
• C.The human resources (HR) system automatically revokes system access.
• D.Login attempts are reconciled to a list of terminated employees.

Comment: *

Name: *

Email: *

Verification: *

You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e-commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?

• A.US $250,000 loss
• B.US $500,000 loss
• C.US $1 million loss
• D.US $100,000 loss

Comment: *

Name: *

Email: *

Verification: *