- Home
- ISACA
- Certified in Risk and Information Systems Control
- ISACA.CRISC.v2023-07-03.q743
- Question 661
Valid CRISC Dumps shared by ExamDiscuss.com for Helping Passing CRISC Exam! ExamDiscuss.com now offer the newest CRISC exam dumps, the ExamDiscuss.com CRISC exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CRISC dumps with Test Engine here:
Access CRISC Dumps Premium Version
(1745 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 661/743
Which of the following come under the management class of controls?
Each correct answer represents a complete solution. (Choose two.)
Each correct answer represents a complete solution. (Choose two.)
Correct Answer: A,C
Explanation/Reference:
Explanation:
The Management class of controls includes five families. These families include over 40 individual controls.
Following is a list of each of the families in the Management class:
Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps to
implement a security and assessment program. It includes controls to ensure only authorized systems are allowed on a network. It includes details on important security concepts, such as continuous monitoring and a plan of action and milestones.
Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of Behaviour
for users. Rules of Behaviour are also called an acceptable use policy.
Risk Assessment (RA): This family of controls provides details on risk assessments and vulnerability
scanning.
System and Services Acquisition (SA): The SA family includes any controls related to the purchase of
products and services. It also includes controls related to software usage and user installed software.
Program Management (PM): This family is driven by the Federal Information Security Management Act
(FISMA). It provides controls to ensure compliance with FISMA. These controls complement other controls. They don't replace them.
Incorrect Answers:
B, D: Identification and authentication, and audit and accountability control are technical class of controls.
Explanation:
The Management class of controls includes five families. These families include over 40 individual controls.
Following is a list of each of the families in the Management class:
Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps to
implement a security and assessment program. It includes controls to ensure only authorized systems are allowed on a network. It includes details on important security concepts, such as continuous monitoring and a plan of action and milestones.
Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of Behaviour
for users. Rules of Behaviour are also called an acceptable use policy.
Risk Assessment (RA): This family of controls provides details on risk assessments and vulnerability
scanning.
System and Services Acquisition (SA): The SA family includes any controls related to the purchase of
products and services. It also includes controls related to software usage and user installed software.
Program Management (PM): This family is driven by the Federal Information Security Management Act
(FISMA). It provides controls to ensure compliance with FISMA. These controls complement other controls. They don't replace them.
Incorrect Answers:
B, D: Identification and authentication, and audit and accountability control are technical class of controls.
- Question List (743q)
- Question 1: When reviewing management's IT control self-assessments, a r...
- Question 2: Which of the following is MOST effective against external th...
- Question 3: The maturity of an IT risk management program is MOST influe...
- Question 4: After a risk has been identified, who is in the BEST positio...
- Question 5: Jenny is the project manager for the NBT projects. She is wo...
- Question 6: Which of the following is true for Single loss expectancy (S...
- Question 7: Which of the following controls focuses on operational effic...
- Question 8: You are the project manager for BlueWell Inc. You have notic...
- Question 9: An organization has outsourced its IT security operations to...
- Question 10: Which of the following would provide the MOST comprehensive ...
- Question 11: Management has required information security awareness train...
- Question 12: An organization has procured a managed hosting service and j...
- Question 13: Wendy is about to perform qualitative risk analysis on the i...
- Question 14: Which of the following guidelines should be followed for eff...
- Question 15: While considering entity-based risks, which dimension of the...
- Question 16: Which of the following is the MOST important objective of em...
- Question 17: You are working in an enterprise. Your enterprise is willing...
- Question 18: Which type of cloud computing deployment provides the consum...
- Question 19: Senior management is deciding whether to share confidential ...
- Question 20: A deficient control has been identified which could result i...
- Question 21: An application owner has specified the acceptable downtime i...
- Question 22: When an organization's disaster recovery plan has a reciproc...
- Question 23: A company has located its computer center on a moderate eart...
- Question 24: The FIRST step for a startup company when developing a disas...
- Question 25: Which of the following aspects of an IT risk and control sel...
- Question 26: Which of the following is the MOST important consideration w...
- Question 27: What is the PRIMARY need for effectively assessing controls?...
- Question 28: Which of the following processes is described in the stateme...
- Question 29: When a risk cannot be sufficiently mitigated through manual ...
- Question 30: You are the project manager for your organization to install...
- Question 31: What is the BEST recommendation to reduce the risk associate...
- Question 32: You are the project manager of your enterprise. While perfor...
- Question 33: Implementing which of the following controls would BEST redu...
- Question 34: Which of the following is MOST important information to revi...
- Question 35: Which of the following BEST measures the operational effecti...
- Question 36: Which of the following serve as the authorization for a proj...
- Question 37: When is the BEST to identify risk associated with major proj...
- Question 38: Which of the following is the GREATEST benefit of updating t...
- Question 39: Which of the following is true for risk evaluation?...
- Question 40: Which of the following is the BEST indicator of the effectiv...
- Question 41: FISMA requires federal agencies to protect IT systems and da...
- Question 42: In an organization dependent on data analytics to drive deci...
- Question 43: You are the product manager in your enterprise. You have ide...
- Question 44: The MOST important reason to aggregate results from multiple...
- Question 45: Which of the following are the principles of access controls...
- Question 46: Which of the following BEST indicates the risk appetite and ...
- Question 47: Reviewing results from which of the following is the BEST wa...
- Question 48: Which of the following is the BEST way to mitigate the risk ...
- Question 49: Winch of the following can be concluded by analyzing the lat...
- Question 50: Which of the following IS processes provide indirect informa...
- Question 51: Which of the following would be the BEST justification to in...
- Question 52: You work as a project manager for BlueWell Inc. You are invo...
- Question 53: Which of The following is the MOST relevant information to i...
- Question 54: Which of the following is the BEST Key control indicator KCO...
- Question 55: A risk practitioner learns that the organization s industry ...
- Question 56: Who is at the BEST authority to develop the priorities and i...
- Question 57: Which of the following assets are the examples of intangible...
- Question 58: Which of the following activities would BEST facilitate effe...
- Question 59: Which of the following is the MOST important consideration w...
- Question 60: Which of the following provides an organization with the MOS...
- Question 61: Which of the following is the BEST approach for selecting co...
- Question 62: Which of the following would be MOST helpful when communicat...
- Question 63: Reviewing historical risk events is MOST useful for which of...
- Question 64: Which of the following processes addresses the risks by thei...
- Question 65: Which of the following approaches would BEST help to identif...
- Question 66: What are the functions of audit and accountability control? ...
- Question 67: Which of the following BEST assists in justifying an investm...
- Question 68: You are the project manager for your organization to install...
- Question 69: Which of the following is the MOST important consideration w...
- Question 70: In which of the following system development life cycle (SDL...
- Question 71: Which of these documents is MOST important to request from a...
- Question 72: You are working in an enterprise. You enterprise is willing ...
- Question 73: You are working in an enterprise. You project deals with imp...
- Question 74: What type of policy would an organization use to forbid its ...
- Question 75: You are the risk professional of your enterprise. You need t...
- Question 76: Which of the following are true for threats? Each correct an...
- Question 77: Mapping open risk issues to an enterprise risk heat map BEST...
- Question 78: What can be determined from the risk scenario chart? (Exhibi...
- Question 79: Which of the following would BEST help secure online financi...
- Question 80: An organization retains footage from its data center securit...
- Question 81: Which of the following BEST describes the role of the IT ris...
- Question 82: Prudent business practice requires that risk appetite not ex...
- Question 83: Which of the following would be a risk practitioners BEST re...
- Question 84: One of the risk events you've identified is classified as fo...
- Question 85: Numerous media reports indicate a recently discovered techni...
- Question 86: You work as the project manager for Bluewell Inc. There has ...
- Question 87: Who should be responsible for implementing and maintaining s...
- Question 88: Jeff works as a Project Manager for www.company.com Inc. He ...
- Question 89: Which of the following is described by the definition given ...
- Question 90: You are the risk official of your enterprise. Your enterpris...
- Question 91: Which of the following is the MOST important reason to maint...
- Question 92: Which of the following risk responses include feedback and g...
- Question 93: Which of the following is NOT true for effective risk commun...
- Question 94: Which of the following is the MOST important reason to link ...
- Question 95: A trusted third party service provider has determined that t...
- Question 96: Which of the following is MOST important when developing ris...
- Question 97: You are the project manager of the NHH Project. You are work...
- Question 98: Which of the following is a PRIMARY benefit of engaging the ...
- Question 99: You are the Risk Official in Bluewell Inc. You have detected...
- Question 100: Which of the following is of GREATEST concern when uncontrol...
- Question 101: An organization is considering modifying its system to enabl...
- Question 102: Which of the following is MOST critical to the design of rel...
- Question 103: Which of the following is MOST important to sustainable deve...
- Question 104: Which of the following is the BEST indication of a mature or...
- Question 105: Which of the following would be an IT business owner's BEST ...
- Question 106: Which of the following BEST describes the role of the IT ris...
- Question 107: Fred is the project manager of a large project in his organi...
- Question 108: Which of the following BEST enables senior management lo com...
- Question 109: A bank has outsourced its statement printing function to an ...
- Question 110: Who should be accountable for ensuring effective cybersecuri...
- Question 111: What is the FIRST phase of IS monitoring and maintenance pro...
- Question 112: An IT risk practitioner has been asked to regularly report o...
- Question 113: The PRIMARY benefit associated with key risk indicators (KRl...
- Question 114: Which of the following practices BEST mitigates risk related...
- Question 115: In order to determining a risk is under-controlled the risk ...
- Question 116: After undertaking a risk assessment of a production system, ...
- Question 117: Which of the following establishes mandatory rules, specific...
- Question 118: An organization has recently hired a large number of part-ti...
- Question 119: What are the responsibilities of the CRO? Each correct answe...
- Question 120: Which of the following is the PRIMARY purpose of periodicall...
- Question 121: During a routine check, a system administrator identifies un...
- Question 122: Which of the following is MOST important for an organization...
- Question 123: What are the functions of audit and accountability control? ...
- Question 124: You are the project manager of the NGQQ Project for your com...
- Question 125: When communicating changes in the IT risk profile, which of ...
- Question 126: Which of the following issues should be of GREATEST concern ...
- Question 127: Which of the following criteria is MOST important when devel...
- Question 128: Which of the following is the MOST important key performance...
- Question 129: Which of the following is the BEST key performance indicator...
- Question 130: Which of the following contributes MOST to the effective imp...
- Question 131: In an organization dependent on data analytics to drive deci...
- Question 132: An organization has asked an IT risk practitioner to conduct...
- Question 133: The risk associated with data loss from a website which cont...
- Question 134: After identifying new risk events during a project, the proj...
- Question 135: A trusted third party service provider has determined that t...
- Question 136: Which of the following would BEST help to ensure that identi...
- Question 137: You are preparing to complete the quantitative risk analysis...
- Question 138: A recent vulnerability assessment of a web-facing applicatio...
- Question 139: Which of The following should be the FIRST step when a compa...
- Question 140: A risk practitioner notices a risk scenario associated with ...
- Question 141: Which of the following is a crucial component of a key risk ...
- Question 142: You work as a project manager for BlueWell Inc. You are invo...
- Question 143: An organization is considering allowing users to access comp...
- Question 144: Which of the following is the MOST important characteristic ...
- Question 145: Which of the following helps ensure compliance with a non-re...
- Question 146: Which of the following is the PRIMARY reason for an organiza...
- Question 147: Jane, the Director of Sales, contacts you and demands that y...
- Question 148: In addition to the risk register, what should a risk practit...
- Question 149: Which of the following are the responsibilities of Enterpris...
- Question 150: Which of the following would BEST facilitate the implementat...
- Question 151: Which of the following control audit is performed to assess ...
- Question 152: You are working in an enterprise. You project deals with imp...
- Question 153: Which of the following is MOST important to compare against ...
- Question 154: While reviewing a contract of a cloud services vendor, it wa...
- Question 155: Which of the following is MOST critical when designing contr...
- Question 156: You work as a project manager for BlueWell Inc. You are prep...
- Question 157: Which of the following would BEST ensure that identified ris...
- Question 158: Which of the following is the MOST appropriate action when a...
- Question 159: Which of the following is the BEST recommendation to address...
- Question 160: Which of the following risk responses include feedback and g...
- Question 161: Which of the following guidelines should be followed for eff...
- Question 162: Which of the following will BEST help to ensure key risk ind...
- Question 163: Which of the following is the BEST method for discovering hi...
- Question 164: When prioritizing risk response, management should FIRST:...
- Question 165: Which of the following is prepared by the business and serve...
- Question 166: Which of the following is the MOST important consideration w...
- Question 167: Which of the following is the PRIMARY role of a data custodi...
- Question 168: A PRIMARY function of the risk register is to provide suppor...
- Question 169: The MOST effective way to increase the likelihood that risk ...
- Question 170: Which of the following is MOST important when developing key...
- Question 171: When an organization is having new software implemented unde...
- Question 172: Which of the following is the MAIN benefit of involving stak...
- Question 173: Which of the following role carriers will decide the Key Ris...
- Question 174: Kelly is the project manager of the NNQ Project for her comp...
- Question 175: Which of the following is of GREATEST concern when uncontrol...
- Question 176: Qualitative risk assessment uses which of the following term...
- Question 177: You work as the project manager for Bluewell Inc. There has ...
- Question 178: Which of the following provides the MOST useful information ...
- Question 179: An organization is considering modifying its system to enabl...
- Question 180: You are the project manager for your company and a new chang...
- Question 181: What can be determined from the risk scenario chart? (Exhibi...
- Question 182: Which of the following is the MOST important outcome of revi...
- Question 183: You are the project manager of a large construction project....
- Question 184: Who is at the BEST authority to develop the priorities and i...
- Question 185: What are the functions of the auditor while analyzing risk? ...
- Question 186: Which of the following is the MOST effective way for a large...
- Question 187: To help ensure the success of a major IT project, it is MOST...
- Question 188: During an IT department reorganization, the manager of a ris...
- Question 189: Where are all risks and risk responses documented as the pro...
- Question 190: During a routine check, a system administrator identifies un...
- Question 191: Qualitative risk assessment uses which of the following term...
- Question 192: Which of the following is the way to verify control effectiv...
- Question 193: Out of several risk responses, which of the following risk r...
- Question 194: Which of the following test is BEST to map for confirming th...
- Question 195: When reviewing a report on the performance of control proces...
- Question 196: When updating a risk register with the results of an IT risk...
- Question 197: Adrian is a project manager for a new project using a techno...
- Question 198: Marie has identified a risk event in her project that needs ...
- Question 199: You are the project manager of GHT project. You and your tea...
- Question 200: You are the project manager of a large networking project. D...
- Question 201: Which of the following BEST indicates effective information ...
- Question 202: Which of the following is the GREATEST benefit to an organiz...
- Question 203: You are the risk official in Techmart Inc. You are asked to ...
- Question 204: Which of the following is the MAIN benefit to an organizatio...
- Question 205: Which of the following is the GREATEST benefit of analyzing ...
- Question 206: Which of the following is the GREATEST concern when using a ...
- Question 207: Which of the following is MOST important for an organization...
- Question 208: Which of the following parameters are considered for the sel...
- Question 209: David is the project manager of the HRC Project. He has iden...
- Question 210: Which of the following is a technique that provides a system...
- Question 211: An organization has completed a risk assessment of one of it...
- Question 212: When reviewing a business continuity plan (BCP), which of th...
- Question 213: Ned is the project manager of the HNN project for your compa...
- Question 214: Which of the following is the FIRST step when developing a b...
- Question 215: The BEST control to mitigate the risk associated with projec...
- Question 216: Which of the following is the MOST comprehensive resource fo...
- Question 217: To define the risk management strategy which of the followin...
- Question 218: An organization has opened a subsidiary in a foreign country...
- Question 219: The risk associated with an asset before controls are applie...
- Question 220: Which of the following statements are true for enterprise's ...
- Question 221: Which of the following roles would provide the MOST importan...
- Question 222: Which of the following is the HIGHEST risk of a policy that ...
- Question 223: Employees are repeatedly seen holding the door open for othe...
- Question 224: After a high-profile systems breach at an organization s key...
- Question 225: Which of the following statements describes the relationship...
- Question 226: Which of the following will significantly affect the standar...
- Question 227: Which of the following is true for risk evaluation?...
- Question 228: Once a risk owner has decided to implement a control to miti...
- Question 229: You are the project manager of RFT project. You have identif...
- Question 230: Which of the following provides the MOST useful information ...
- Question 231: Which of the following elements of a risk register is MOST l...
- Question 232: An IT department has organized training sessions to improve ...
- Question 233: Which of the following is MOST important for mitigating ethi...
- Question 234: Risks with low ratings of probability and impact are include...
- Question 235: An application runs a scheduled job that compiles financial ...
- Question 236: A change management process has recently been updated with n...
- Question 237: An organization has granted a vendor access to its data in o...
- Question 238: Which of the following statements are true for risk communic...
- Question 239: Which of the following criteria associated with key risk ind...
- Question 240: From a risk management perspective, the PRIMARY objective of...
- Question 241: Which of the following is the MOST important consideration w...
- Question 242: Which of the following statements BEST describes risk appeti...
- Question 243: A bank is experiencing an increasing incidence of customer i...
- Question 244: You are working in Bluewell Inc. which make advertisement We...
- Question 245: Who is at the BEST authority to develop the priorities and i...
- Question 246: Which of the following establishes mandatory rules, specific...
- Question 247: You are the project manager of GHT project. You have planned...
- Question 248: What is the PRIMARY need for effectively assessing controls?...
- Question 249: Which of the following is the MOST common concern associated...
- Question 250: Which of the following is the MOST effective way to reduce p...
- Question 251: An organization's risk practitioner learns a new third-party...
- Question 252: Which of the following would be the BEST recommendation if t...
- Question 253: Which of the following BEST balances the costs and benefits ...
- Question 254: Which among the following acts as a trigger for risk respons...
- Question 255: After recent updates to the risk register, management has re...
- Question 256: Which of the following data would be used when performing a ...
- Question 257: You are the project manager of GRT project. You discovered t...
- Question 258: A risk assessment has identified that an organization may no...
- Question 259: Which of the following is MOST helpful in aligning IT risk w...
- Question 260: Which of the following is the STRONGEST indication an organi...
- Question 261: Malicious code protection is which type control?...
- Question 262: A failed IT system upgrade project has resulted in the corru...
- Question 263: Which of the following would MOST likely drive the need to r...
- Question 264: Which of the following provides the BEST evidence that a sel...
- Question 265: Which of the following would be MOST important for a risk pr...
- Question 266: Which of the following should be the PRIMARY goal of develop...
- Question 267: Which of the following roles would provide the MOST importan...
- Question 268: Which of the following should be the PRIMARY focus of an IT ...
- Question 269: An organization uses a vendor to destroy hard drives. Which ...
- Question 270: After the review of a risk record, internal audit questioned...
- Question 271: Which of the following statements are true for enterprise's ...
- Question 272: Marie has identified a risk event in her project that needs ...
- Question 273: Which of the following is a PRIMARY benefit of engaging the ...
- Question 274: Which of the following are true for quantitative analysis? E...
- Question 275: When determining which control deficiencies are most signifi...
- Question 276: The PRIMARY benefit of maintaining an up-to-date risk regist...
- Question 277: Using which of the following one can produce comprehensive r...
- Question 278: You are the program manager for your organization and you ar...
- Question 279: Which of the following BEST enables the risk profile to serv...
- Question 280: Which of the following laws applies to organizations handlin...
- Question 281: The PRIMARY objective for selecting risk response options is...
- Question 282: You are the project manager of RFT project. You have identif...
- Question 283: The acceptance of control costs that exceed risk exposure is...
- Question 284: The BEST way to test the operational effectiveness of a data...
- Question 285: When prioritizing risk response, management should FIRST:...
- Question 286: After identifying new risk events during a project, the proj...
- Question 287: Which of the following is MOST influential when management m...
- Question 288: Which of the following is MOST important to understand when ...
- Question 289: Which of the following business requirements MOST relates to...
- Question 290: Which of the following would BEST mitigate the ongoing risk ...
- Question 291: You are the project manager of HJT project. Important confid...
- Question 292: Which of the following is the most accurate definition of a ...
- Question 293: Which of the following would present the GREATEST challenge ...
- Question 294: David is the project manager of HRC project. He concluded wh...
- Question 295: What should be the PRIMARY driver for periodically reviewing...
- Question 296: Which of the following is MOST important to understand when ...
- Question 297: Which of the following is MOST important to determine when a...
- Question 298: Who should have the authority to approve an exception to a c...
- Question 299: You work as a Project Manager for Company Inc. You have to c...
- Question 300: You are the project manager of GFT project. Your project inv...
- Question 301: Which of the following is the BEST method of creating risk a...
- Question 302: Which among the following is the MOST crucial part of risk m...
- Question 303: Which of the following is the MOST important aspect to ensur...
- Question 304: Which of the following will be MOST effective to mitigate th...
- Question 305: John is the project manager of the NHQ Project for his compa...
- Question 306: Capability maturity models are the models that are used by t...
- Question 307: Which of the following BEST facilitates the mitigation of id...
- Question 308: The PRIMARY goal of a risk management program is to:...
- Question 309: Which of the following are the principles of risk management...
- Question 310: An organization has four different projects competing for fu...
- Question 311: Which of the following will be the GREATEST concern when ass...
- Question 312: You are the project manager of GRT project. You discovered t...
- Question 313: To effectively support business decisions, an IT risk regist...
- Question 314: An organization wants to grant remote access to a system con...
- Question 315: Which of the following is the way to verify control effectiv...
- Question 316: An organization is planning to acquire a new financial syste...
- Question 317: After a high-profile systems breach at an organization s key...
- Question 318: Which of the following tools is MOST helpful when mapping IT...
- Question 319: What is the MAIN purpose of designing risk management progra...
- Question 320: Which of the following nodes of the decision tree analysis r...
- Question 321: Which of the following BEST provides an early warning that n...
- Question 322: Which of the following BEST enables a risk practitioner to u...
- Question 323: During a risk treatment plan review, a risk practitioner fin...
- Question 324: NIST SP 800-53 identifies controls in three primary classes....
- Question 325: The effectiveness of a control has decreased. What is the MO...
- Question 326: Mapping open risk issues to an enterprise risk heat map BEST...
- Question 327: Which of the following is the BEST indication of an effectiv...
- Question 328: Which of the following should be management's PRIMARY focus ...
- Question 329: You work as a project manager for BlueWell Inc. Your project...
- Question 330: What are the responsibilities of the CRO? Each correct answe...
- Question 331: Which among the following acts as a trigger for risk respons...
- Question 332: A zero-day vulnerability has been discovered in a globally u...
- Question 333: David is the project manager of the HRC Project. He has iden...
- Question 334: Which of the following is MOST helpful in identifying gaps b...
- Question 335: A maturity model is MOST useful to an organization when it:...
- Question 336: Which of the following is the BEST method to mitigate the ri...
- Question 337: Which of the following is the GREATEST benefit of identifyin...
- Question 338: An organization recently received an independent security au...
- Question 339: Which of the following would MOST effectively reduce risk as...
- Question 340: The PRIMARY reason, a risk practitioner would be interested ...
- Question 341: Which of the following is the MOST important responsibility ...
- Question 342: Which of the following is a detective control?...
- Question 343: Which of the following is the PRIMARY reason to establish ro...
- Question 344: The PRIMARY benefit of using a maturity model is that it hel...
- Question 345: Risk management strategies are PRIMARILY adopted to:...
- Question 346: The best way to test the operational effectiveness of a data...
- Question 347: An IT risk practitioner is evaluating an organization's chan...
- Question 348: The MOST important reason for implementing change control pr...
- Question 349: A risk practitioner is developing a set of bottom-up IT risk...
- Question 350: Which of the following are parts of SWOT Analysis? Each corr...
- Question 351: You are the project manager of your project. You have to ana...
- Question 352: Which of the following would be of GREATEST assistance when ...
- Question 353: Which element of an organization's risk register is MOST imp...
- Question 354: What are the functions of audit and accountability control? ...
- Question 355: John works as a project manager for BlueWell Inc. He is dete...
- Question 356: The PRIMARY reason for tracking the status of risk mitigatio...
- Question 357: John is the project manager of the HGH Project for her compa...
- Question 358: IT disaster recovery point objectives (RPOs) should be based...
- Question 359: You are the risk official of your enterprise. You have just ...
- Question 360: The MAIN purpose of selecting a risk response is to....
- Question 361: A systems interruption has been traced to a personal USB dev...
- Question 362: An organization is planning to acquire a new financial syste...
- Question 363: Which of the following would be a risk practitioner's GREATE...
- Question 364: Which of the following role carriers will decide the Key Ris...
- Question 365: Which of the following is the GREATEST benefit of incorporat...
- Question 366: You are the project manager of the GHY Project for your comp...
- Question 367: You work as a Project Manager for Company Inc. You are incor...
- Question 368: Your project is an agricultural-based project that deals wit...
- Question 369: Which of the following statements BEST describes policy?...
- Question 370: The MAIN reason for creating and maintaining a risk register...
- Question 371: You are the project manager of the HGT project in Bluewell I...
- Question 372: Which of the following control detects problem before it can...
- Question 373: Which of the following elements of a risk register is MOST l...
- Question 374: Which of the following is the BEST approach to use when crea...
- Question 375: A risk practitioner is organizing risk awareness training fo...
- Question 376: Which of the following describes the relationship between Ke...
- Question 377: Which of the following is the BEST way to confirm whether ap...
- Question 378: When of the following provides the MOST tenable evidence tha...
- Question 379: You work as the project manager for Bluewell Inc. Your proje...
- Question 380: You are the risk professional of your enterprise. Your enter...
- Question 381: Which of the following would BEST mitigate the risk associat...
- Question 382: Which of the following is the GREATEST benefit of a three li...
- Question 383: Which of the following is the BEST course of action to reduc...
- Question 384: Accountability for a particular risk is BEST represented in ...
- Question 385: Which of the following should be PRIMARILY considered while ...
- Question 386: Your project team has completed the quantitative risk analys...
- Question 387: Which of the following is the MOST important factor affectin...
- Question 388: A risk practitioner observes that the fraud detection contro...
- Question 389: Which of the following considerations should be taken into a...
- Question 390: Billy is the project manager of the HAR Project and is in mo...
- Question 391: The BEST way to determine the likelihood of a system availab...
- Question 392: Henry is the project sponsor of the JQ Project and Nancy is ...
- Question 393: The acceptance of control costs that exceed risk exposure MO...
- Question 394: The Identify Risk process determines the risks that affect t...
- Question 395: Which of the following is MOST important for a risk practiti...
- Question 396: Which of the following management action will MOST likely ch...
- Question 397: The BEST criteria when selecting a risk response is the:...
- Question 398: The PRIMARY advantage of involving end users in continuity p...
- Question 399: Which of the following are true for threats? Each correct an...
- Question 400: Which of the following BEST helps to balance the costs and b...
- Question 401: Which of the following is the FIRST step in managing the sec...
- Question 402: You work as a project manager for BlueWell Inc. You are abou...
- Question 403: You work as a project manager for BlueWell Inc. You are abou...
- Question 404: A key risk indicator (KRI) indicates a reduction in the perc...
- Question 405: Which of the following serve as the authorization for a proj...
- Question 406: Which of the following would BEST enable a risk practitioner...
- Question 407: Which of the following approaches would BEST help to identif...
- Question 408: What are the functions of audit and accountability control? ...
- Question 409: In which of the following risk management capability maturit...
- Question 410: A risk practitioner is reviewing the status of an action pla...
- Question 411: Which of the following roles would be MOST helpful in provid...
- Question 412: An organization has four different projects competing for fu...
- Question 413: What type of policy would an organization use to forbid its ...
- Question 414: John is the project manager of the HGH Project for her compa...
- Question 415: You are the project manager of GHT project. You identified a...
- Question 416: Which of the following is the MOST effective control to main...
- Question 417: Which key performance efficiency IKPI) BEST measures the eff...
- Question 418: Which of The following should be of GREATEST concern for an ...
- Question 419: Which of the following BEST indicates the condition of a ris...
- Question 420: Which of the following is a risk practitioner's BEST course ...
- Question 421: Wendy has identified a risk event in her project that has an...
- Question 422: Which of the following should be considered to ensure that r...
- Question 423: You are the project manager of GHT project. You have initiat...
- Question 424: Which of the following is the BEST way of managing risk inhe...
- Question 425: Which of the following approaches will BEST help to ensure t...
- Question 426: David is the project manager of HRC project. He concluded wh...
- Question 427: Which of the following is the MOST important enabler of effe...
- Question 428: Which of the following is NOT true for risk governance?...
- Question 429: In the project initiation phase of System Development Life C...
- Question 430: Which of the following would provide the MOST reliable evide...
- Question 431: Which of the following control is used to ensure that users ...
- Question 432: An enterprise has identified risk events in a project. While...
- Question 433: Which of the following poses the GREATEST risk to an organiz...
- Question 434: Which of the following approaches BEST identifies informatio...
- Question 435: An IT control gap has been identified in a key process. Who ...
- Question 436: A risk assessment has identified that departments have insta...
- Question 437: Which of the following is the BEST way of managing risk inhe...
- Question 438: Risks to an organization's image are referred to as what kin...
- Question 439: You are the project manager of project for a client. The cli...
- Question 440: A risk practitioner has just learned about new done FIRST?...
- Question 441: Which of the following will BEST support management reportin...
- Question 442: Which of the following is MOST important to have in place to...
- Question 443: What should be the PRIMARY objective for a risk practitioner...
- Question 444: Which of the following is the MAIN benefit of involving stak...
- Question 445: Which of the following is an acceptable method for handling ...
- Question 446: An organization practices the principle of least privilege. ...
- Question 447: A software developer has administrative access to a producti...
- Question 448: Which of the following would provide the BEST guidance when ...
- Question 449: Billy is the project manager of the HAR Project and is in mo...
- Question 450: Which of the following observations would be GREATEST concer...
- Question 451: A risk practitioner has determined that a key control does n...
- Question 452: An organization learns of a new ransomware attack affecting ...
- Question 453: Which of the following is the MOST effective inhibitor of re...
- Question 454: Which of the following vulnerability assessment software can...
- Question 455: Beth is a project team member on the JHG Project. Beth has a...
- Question 456: Which of the following actions assures management that the o...
- Question 457: Which of the following vulnerability assessment software can...
- Question 458: You are the risk official at Bluewell Inc. There are some ri...
- Question 459: Mary is a project manager in her organization. On her curren...
- Question 460: The BEST control to mitigate the risk associated with projec...
- Question 461: An organization is implementing internet of Things (loT) tec...
- Question 462: When developing IT risk scenarios, it is CRITICAL to involve...
- Question 463: You are the project manager of the PFO project. You are work...
- Question 464: A bank recently incorporated Blockchain technology with the ...
- Question 465: You are working in an enterprise. Your enterprise owned vari...
- Question 466: Which of the following documents is described in the stateme...
- Question 467: The following is the snapshot of a recently approved IT risk...
- Question 468: Which of the following risks is the risk that happen with an...
- Question 469: Which of the following IT key risk indicators (KRIs) provide...
- Question 470: A management team is on an aggressive mission to launch a ne...
- Question 471: What are the requirements for creating risk scenarios? Each ...
- Question 472: Which of the following would provide executive management wi...
- Question 473: Which of the following is the MOST important data attribute ...
- Question 474: IT risk assessments can BEST be used by management:...
- Question 475: Which of the following is the PRIMARY purpose of analyzing l...
- Question 476: Which of the following activities BEST facilitates effective...
- Question 477: Which of the following is the MOST important use of KRIs?...
- Question 478: David is the project manager of HRC project. He concluded wh...
- Question 479: When updating the risk register after a risk assessment, whi...
- Question 480: Which of the following BEST facilitates the development of e...
- Question 481: An organization's chief technology officer (CTO) has decided...
- Question 482: Senior management wants to increase investment in the organi...
- Question 483: Which of the following come under the management class of co...
- Question 484: Which of the following is the MOST important concern when as...
- Question 485: Which of the following should be the PRIMARY objective of pr...
- Question 486: An organization has operations in a location that regularly ...
- Question 487: Prior to selecting key performance indicators (KPIs), it is ...
- Question 488: The PRIMARY reason to have risk owners assigned to entries i...
- Question 489: Senior management has asked a risk practitioner to develop t...
- Question 490: You are the project manager of HFD project. You have identif...
- Question 491: Which of the following BEST enables a proactive approach to ...
- Question 492: A risk practitioner recently discovered that personal inform...
- Question 493: Which of the following is MOST important for an organization...
- Question 494: An application runs a scheduled job that compiles financial ...
- Question 495: What is the MAIN purpose of designing risk management progra...
- Question 496: What should be PRIMARILY responsible for establishing an org...
- Question 497: To help ensure the success of a major IT project, it is MOST...
- Question 498: What are the responsibilities of the CRO? Each correct answe...
- Question 499: A risk assessment indicates the residual risk associated wit...
- Question 500: You work as a project manager for Bluewell Inc. You have ide...
- Question 501: Risk appetite should be PRIMARILY driven by which of the fol...
- Question 502: When evaluating enterprise IT risk management, it is MOST im...
- Question 503: An organization's IT infrastructure is running end-of-life s...
- Question 504: You are the project manager of the NHH Project. You are work...
- Question 505: What are the MOST essential attributes of an effective Key c...
- Question 506: Which of the following role carriers is accounted for analyz...
- Question 507: Which of the following processes is described in the stateme...
- Question 508: Which of the following are the common mistakes while impleme...
- Question 509: After the review of a risk record, internal audit questioned...
- Question 510: You are the risk professional in Bluewell Inc. A risk is ide...
- Question 511: Which of the following test is BEST to map for confirming th...
- Question 512: An organization is planning to engage a cloud-based service ...
- Question 513: The only output of qualitative risk analysis is risk registe...
- Question 514: UESTION NO: The PRIMARY benefit associated with key risk ind...
- Question 515: An IT operations team implements disaster recovery controls ...
- Question 516: You are the project manager of your enterprise. You have ide...
- Question 517: Which of the following is the GREATEST risk associated with ...
- Question 518: Which of the following is the BEST way to ensure that outsou...
- Question 519: You are the project manager for BlueWell Inc. Your current p...
- Question 520: Which of the following processes is described in the stateme...
- Question 521: A web-based service provider with a low risk appetite for sy...
- Question 522: It is MOST appropriate for changes to be promoted to product...
- Question 523: An organization is considering outsourcing user administrati...
- Question 524: Which of the following provides the MOST useful information ...
- Question 525: FISMA requires federal agencies to protect IT systems and da...
- Question 526: Which of the following is MOST essential for an effective ch...
- Question 527: You work as a project manager for BlueWell Inc. Management h...
- Question 528: When developing risk scenario using a list of generic scenar...
- Question 529: An organization has engaged a third party to provide an Inte...
- Question 530: Which of the following is the GREATEST benefit to an organiz...
- Question 531: An organization has used generic risk scenarios to populate ...
- Question 532: In which of the following risk management capability maturit...
- Question 533: Which of the following is the process of numerically analyzi...
- Question 534: You are the project manager of GHT project. You and your tea...
- Question 535: Which of the following should be the PRIMARY focus of an ind...
- Question 536: Which of the following components ensures that risks are exa...
- Question 537: Which of the following observations from a third-party servi...
- Question 538: Which of the following type of risk could result in bankrupt...
- Question 539: Within the three lines of defense model, the accountability ...
- Question 540: Which of the following is the MOST critical security conside...
- Question 541: The MAIN goal of the risk analysis process is to determine t...
- Question 542: Which of the following events refer to loss of integrity? Ea...
- Question 543: Which of the following is the BEST indicator of the effectiv...
- Question 544: Which of the following are the MOST important risk component...
- Question 545: Which of the following provides the BEST evidence that risk ...
- Question 546: Which of the following is NOT true for Key Risk Indicators?...
- Question 547: Which of the following is MOST helpful in identifying loss m...
- Question 548: Which of the following is the BEST indicator of the effectiv...
- Question 549: Which of the following is the BEST way to validate the resul...
- Question 550: Which of the following is NOT true for risk management capab...
- Question 551: You are the project manager of GHT project. You are performi...
- Question 552: Which of the following control is used to ensure that users ...
- Question 553: You work as a Project Manager for Company Inc. You have to c...
- Question 554: You are the project manager for the NHH project. You are wor...
- Question 555: An organization has outsourced a critical process involving ...
- Question 556: Which of the following components of risk scenarios has the ...
- Question 557: A risk assessment has identified that an organization may no...
- Question 558: You work as a Project Manager for Company Inc. You have to c...
- Question 559: An IT license audit has revealed that there are several unli...
- Question 560: You are preparing to complete the quantitative risk analysis...
- Question 561: "Read" rights to application files in a controlled server en...
- Question 562: You are completing the qualitative risk analysis process wit...
- Question 563: Which of the following is the MOST effective way 10 identify...
- Question 564: A risk practitioner shares the results of a vulnerability as...
- Question 565: Which of the following laws applies to organizations handlin...
- Question 566: Risk aggregation in a complex organization will be MOST succ...
- Question 567: Which of the following BEST enables the identification of tr...
- Question 568: While defining the risk management strategies, what are the ...
- Question 569: Which of the following methods involves the use of predictiv...
- Question 570: An organization is considering acquiring a new line of busin...
- Question 571: The PRIMARY purpose of IT control status reporting is to:...
- Question 572: Which of the following should be the FIRST consideration whe...
- Question 573: You are the project manager of your enterprise. You have int...
- Question 574: To mitigate the risk of using a spreadsheet to analyze finan...
- Question 575: Assessing the probability and consequences of identified ris...
- Question 576: Which of the following processes is described in the stateme...
- Question 577: You are the project manager of GHT project. During the data ...
- Question 578: An organization has decided to outsource a web application, ...
- Question 579: Which of the following is the BEST way to identify changes i...
- Question 580: Which of the following would BEST help to ensure that identi...
- Question 581: During the control evaluation phase of a risk assessment, it...
- Question 582: Which of the following is an output of risk assessment proce...
- Question 583: Which of the following is the way to verify control effectiv...
- Question 584: You are working on a project in an enterprise. Some part of ...
- Question 585: Which of the following is the BEST control to detect an adva...
- Question 586: Which of the following is the FIRST step when conducting a b...
- Question 587: You have identified several risks in your project. You have ...
- Question 588: To which level the risk should be reduced to accomplish the ...
- Question 589: You are the project manager of GHT project. A risk event has...
- Question 590: Which of the following is the best reason for performing ris...
- Question 591: Jeff works as a Project Manager for www.company.com Inc. He ...
- Question 592: It is MOST important for a risk practitioner to have an awar...
- Question 593: A company has located its computer center on a moderate eart...
- Question 594: There are four inputs to the Monitoring and Controlling Proj...
- Question 595: Which of the following would be MOST useful when measuring t...
- Question 596: Vulnerabilities have been detected on an organization's syst...
- Question 597: Which of the following is the MAIN reason for analyzing risk...
- Question 598: You work as a Project Manager for Company Inc. You have to c...
- Question 599: Which of the following is the MOST important consideration w...
- Question 600: Which of the following is MOST important to understand when ...
- Question 601: Numerous media reports indicate a recently discovered techni...
- Question 602: A PRIMARY function of the risk register is to provide suppor...
- Question 603: The number of tickets to rework application code has signifi...
- Question 604: Which of the following is MOST important to the integrity of...
- Question 605: You are the project manager of a SGT project. You have been ...
- Question 606: Which of the following provides the MOST comprehensive infor...
- Question 607: Which of the following represents a vulnerability?...
- Question 608: An organization has experienced several incidents of extende...
- Question 609: Which of the following is the MOST important information to ...
- Question 610: Which of the following roles would be MOST helpful in provid...
- Question 611: You are the project manager of your enterprise. You have ide...
- Question 612: Which of the following should be a risk practitioner's NEXT ...
- Question 613: Which of The following is the BEST way to confirm whether ap...
- Question 614: Participants in a risk workshop have become focused on the f...
- Question 615: Before assigning sensitivity levels to information it is MOS...
- Question 616: You are working in Bluewell Inc. which make advertisement We...
- Question 617: Suppose you are working in Techmart Inc. which sells various...
- Question 618: The BEST key performance indicator (KPI) to measure the effe...
- Question 619: When does the Identify Risks process take place in a project...
- Question 620: You are the project manager of GHT project. Your hardware ve...
- Question 621: Your project team has completed the quantitative risk analys...
- Question 622: Which of the following is the MOST important objective of th...
- Question 623: Which of the following is true for risk management framework...
- Question 624: Who is responsible for IT security controls that are outsour...
- Question 625: Which of the following decision tree nodes have probability ...
- Question 626: You are the project manager for the NHH project. You are wor...
- Question 627: You are the risk official of your enterprise. Your enterpris...
- Question 628: Which of the following techniques would be used during a ris...
- Question 629: Which of the following presents the GREATEST challenge to ma...
- Question 630: Which of the following would qualify as a key performance in...
- Question 631: Numerous media reports indicate a recently discovered techni...
- Question 632: You are the project manager of the GHY project for your comp...
- Question 633: The PRIMARY benefit associated with key risk indicators (KRI...
- Question 634: Print jobs containing confidential information are sent to a...
- Question 635: Which of the following is a risk practitioner's BEST course ...
- Question 636: Which negative risk response usually has a contractual agree...
- Question 637: What should a risk practitioner do FIRST when vulnerability ...
- Question 638: You are the project manager for BlueWell Inc. You have notic...
- Question 639: When confirming whether implemented controls are operating e...
- Question 640: Which of the following is the GREATEST advantage of implemen...
- Question 641: An organization has outsourced its lease payment process to ...
- Question 642: The BEST metric to monitor the risk associated with changes ...
- Question 643: Which of the following are risk components of the COSO ERM f...
- Question 644: Which of the following would provide the MOST helpful input ...
- Question 645: Which of the following would BEST enable a risk-based decisi...
- Question 646: An organization maintains independent departmental risk regi...
- Question 647: An organization has used generic risk scenarios to populate ...
- Question 648: Which of the following is MOST important to review when dete...
- Question 649: Which of the following is the MOST important benefit of key ...
- Question 650: Your project is an agricultural-based project that deals wit...
- Question 651: Which of the following is MOST important when developing ris...
- Question 652: Which of the following would provide executive management wi...
- Question 653: Which of the following statements is true for risk analysis?...
- Question 654: Which of the following risk register updates is MOST importa...
- Question 655: An organization delegates its data processing to the interna...
- Question 656: Which of the following is a risk practitioner's BEST recomme...
- Question 657: Performing a background check on a new employee candidate be...
- Question 658: Which of the following is the PRIMARY reason for a risk prac...
- Question 659: An organization is considering allowing users to access comp...
- Question 660: Which of the following BEST helps to identify significant ev...
- Question 661: Which of the following come under the management class of co...
- Question 662: Which of the following is the GREATEST benefit of having a m...
- Question 663: The BEST key performance indicator (KPI) to measure the effe...
- Question 664: In response to the threat of ransomware, an organization has...
- Question 665: An organization has determined a risk scenario is outside th...
- Question 666: You are the project manager of your enterprise. While perfor...
- Question 667: Which of the following is the BEST way to identify changes t...
- Question 668: Which of the following is the MOST effective method for indi...
- Question 669: When testing the security of an IT system, il is MOST import...
- Question 670: When a risk cannot be sufficiently mitigated through manual ...
- Question 671: Which of the following is the BEST approach to use when crea...
- Question 672: Which of the following is the MOST effective method for indi...
- Question 673: An IT control gap has been identified in a key process. Who ...
- Question 674: Which of the following BEST measures the operational effecti...
- Question 675: Which of the following is the BEST course of action when an ...
- Question 676: A risk practitioner has learned that an effort to implement ...
- Question 677: As part of an overall IT risk management plan, an IT risk re...
- Question 678: A risk practitioner is assisting with the preparation of a r...
- Question 679: Which of the following decision tree nodes have probability ...
- Question 680: Which of the following role carriers has to account for coll...
- Question 681: What are the PRIMARY requirements for developing risk scenar...
- Question 682: Which of the following would provide the MOST objective asse...
- Question 683: Which of the following should be the PRIMARY basis for prior...
- Question 684: You are the IT manager in Bluewell Inc. You identify a new r...
- Question 685: Improvements in the design and implementation of a control w...
- Question 686: When developing a risk awareness training program, which of ...
- Question 687: As pan of business continuity planning, which of the followi...
- Question 688: Using key risk indicators (KRIs) to illustrate changes in th...
- Question 689: You are the risk professional of your enterprise. You need t...
- Question 690: Which of the following BEST indicates that an organization h...
- Question 691: Which of the following should be the MAIN consideration when...
- Question 692: What is the process for selecting and implementing measures ...
- Question 693: An organization maintains independent departmental risk regi...
- Question 694: Which of the following is true for risk management framework...
- Question 695: Harry is the project manager of HDW project. He has identifi...
- Question 696: Which of the following is the greatest risk to reporting?...
- Question 697: A risk practitioner has determined that a key control does n...
- Question 698: You are the project manager of GHT project. You have identif...
- Question 699: What should be PRIMARILY responsible for establishing an org...
- Question 700: The BEST key performance indicator (KPI) for monitoring adhe...
- Question 701: Which of the following would present the GREATEST challenge ...
- Question 702: Suppose you are working in Techmart Inc. which sells various...
- Question 703: Which of the following is the MOST important course of actio...
- Question 704: Of the following, who should be responsible for determining ...
- Question 705: Which of the following are parts of SWOT Analysis? Each corr...
- Question 706: A risk practitioner discovers several key documents detailin...
- Question 707: Suppose you are working in Company Inc. and you are using ri...
- Question 708: Which of the following should be the MOST important consider...
- Question 709: Mary is the project manager for the BLB project. She has ins...
- Question 710: Which of the following is the PRIMARY reason to perform peri...
- Question 711: Which of the following is true for Single loss expectancy (S...
- Question 712: Which of the following is MOST likely to cause a key risk in...
- Question 713: In an organization dependent on data analytics to drive deci...
- Question 714: Which of the following is necessary to enable an IT risk reg...
- Question 715: Which of the following are the security plans adopted by the...
- Question 716: Which of the following facilitates a completely independent ...
- Question 717: The annualized loss expectancy (ALE) method of risk analysis...
- Question 718: You are the project manager of RFT project. You have identif...
- Question 719: A risk practitioners PRIMARY focus when validating a risk re...
- Question 720: Which of the following control is used to ensure that users ...
- Question 721: Which of the following is a detective control?...
- Question 722: Which of the following is the BEST approach when a risk prac...
- Question 723: Which of the following would be of MOST concern to a risk pr...
- Question 724: A risk practitioner is reviewing a vendor contract and finds...
- Question 725: Which of the following are risk components of the COSO ERM f...
- Question 726: Which of the following is the MOST important responsibility ...
- Question 727: Which of The following would offer the MOST insight with reg...
- Question 728: Which of the following would BEST help to ensure that suspic...
- Question 729: You are the project manager of GHT project. You have applied...
- Question 730: Which of the following laws applies to organizations handlin...
- Question 731: Which of the following would be the BEST recommendation if t...
- Question 732: Which of the following is the PRIMARY objective for automati...
- Question 733: Which of the following is MOST helpful to ensure effective s...
- Question 734: Which of the following key risk indicators (KRIs) is MOST ef...
- Question 735: The PRIMARY reason for periodic penetration testing of Inter...
- Question 736: What are the requirements of effectively communicating risk ...
- Question 737: Which of the following should be considered to ensure that r...
- Question 738: Which of the following aspect of monitoring tool ensures tha...
- Question 739: Which of the following is the BEST key performance indicator...
- Question 740: Which of the following will BEST mitigate the risk associate...
- Question 741: Which of the following is the greatest risk to reporting?...
- Question 742: Which of the following risks is associated with not receivin...
- Question 743: Which of the following should be management's PRIMARY consid...
