An organization is considering adopting artificial intelligence (AI). Which of the following is the risk practitioner's MOST important course of action?

• A.Identify the organization's critical data.
• B.Ensure sufficient pre-implementation testing.
• C.Develop key risk indicators (KRIs).
• D.Identify applicable risk scenarios.

Comment: *

Name: *

Email: *

Verification: *

What activity should be done for effective post-implementation reviews during the project?

• A.Establish the business measurements up front
• B.Allow a sufficient number of business cycles to be executed in the new system
• C.Identify the information collected during each stage of the project
• D.Identify the information to be reviewed
• E.Explanation:
  For effective post-implementation review the business measurements up front is established during the project.

Comment: *

Name: *

Email: *

Verification: *

An organization with a large number of applications wants to establish a security risk assessment program. Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

• A.Results of a benchmark analysis
• B.Prioritization from business owners
• C.Recommendations from internal audit
• D.Feedback from end users

Comment: *

Name: *

Email: *

Verification: *

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

• A.User acceptance testing (UAT)
• B.Vulnerability and threat analysis
• C.Control self-assessment (CSA)
• D.Control remediation planning

Comment: *

Name: *

Email: *

Verification: *

NIST SP 800-53 identifies controls in three primary classes. What are they?

• A.Technical, Administrative, and Environmental
• B.Preventative, Detective, and Corrective
• C.Technical, Operational, and Management
• D.Administrative, Technical, and Operational

Comment: *

Name: *

Email: *

Verification: *