A penetration test reveals several vulnerabilities in a web-facing application. Which of the following should be the FIRST step in selecting a risk response?

• A.Communicate the vulnerabilities to the risk owner.
• B.Correct the vulnerabilities to mitigate potential risk exposure.
• C.Develop a risk response action plan with key stakeholders.
• D.Assess the level of risk associated with the vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

• A.Reduction in the frequency of a threat
• B.Minimization of inherent risk
• C.Reduction in the impact of a threat
• D.Minimization of residual risk
• E.Explanation:
  The inherent risk of a process is a given and cannot be affected by risk reduction or risk mitigation
  efforts. Hence it should be reduced as far as possible.
• F.is incorrect. The objective of risk reduction is to reduce the residual risk to levels below
  the enterprise's risk tolerance level.
• G.is incorrect. Risk reduction efforts can focus on either avoiding the frequency of the risk
  or reducing the impact of a risk.

Comment: *

Name: *

Email: *

Verification: *

One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

• A.Acceptance
• B.Transference
• C.Enhance
• D.Mitigation

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

• A.Penetration testing
• B.Service level monitoring
• C.Security awareness training
• D.Periodic audits

Comment: *

Name: *

Email: *

Verification: *

A peer review of a risk assessment finds that a relevant threat community was not included. Mitigation of the risk will require substantial changes to a software application. Which of the following is the BEST course of action?

• A.Research the types of attacks the threat can present.
• B.Ask the business to make a budget request to remediate the problem.
• C.Build a business case to remediate the fix.
• D.Determine the impact of the missing threat.

Comment: *

Name: *

Email: *

Verification: *