- All Exams Instant Download
Potential losses resulting from employee errors and system failures are examples of:
Potential losses resulting from employee errors and system failures are examples of:A . operational risk.B . market risk.C . strategic risk.View AnswerAnswer: A Explanation: Operationelle Risiken umfassen Verluste, die durch unzureichende oder fehlgeschlagene interne Prozesse, Personen und Systeme oder durch externe Ereignisse verursacht werden. Mitarbeiterfehler und Systemausfälle sind typische Beispiele...
Which of the following MUST be established in order to manage l&T-related risk throughout the enterprise?
Which of the following MUST be established in order to manage l&T-related risk throughout the enterprise?A . An enterprise risk governance committeeB . The enterprise risk universeC . Industry best practices for risk managementView AnswerAnswer: A Explanation: To manage IT-related risk throughout the enterprise, it is crucial to establish an...
Which of the following is the PRIMARY concern with vulnerability assessments?
Which of the following is the PRIMARY concern with vulnerability assessments?A . Threat mitigationB . Report sizeC . False positivesView AnswerAnswer: C Explanation: The primary concern with vulnerability assessments is the presence of false positives. Here's why: Threat Mitigation: While vulnerability assessments help in identifying potential vulnerabilities that need to...
Which of the following is an example of an inductive method to gather information?
Which of the following is an example of an inductive method to gather information?A . Vulnerability analysisB . Controls gap analysisC . Penetration testingView AnswerAnswer: C Explanation: Penetration testing is an example of an inductive method to gather information. Here's why: Vulnerability Analysis: This typically involves a deductive approach where...
Which of the following is the BEST way to minimize potential attack vectors on the enterprise network?
Which of the following is the BEST way to minimize potential attack vectors on the enterprise network?A . Implement network log monitoring.B . Disable any unneeded ports.C . Provide annual cybersecurity awareness training.View AnswerAnswer: B Explanation: The best way to minimize potential attack vectors on the enterprise network is to...
To establish an enterprise risk appetite, an organization should:
To establish an enterprise risk appetite, an organization should:A . normalize risk taxonomy across the organization.B . aggregate risk statements for all lines of business.C . establish risk tolerance for each business unit.View AnswerAnswer: C Explanation: To establish an enterprise risk appetite, it is essential for an organization to establish...
What is the purpose of a control objective?
What is the purpose of a control objective?A . To describe the result of protecting an asset for a business processB . To describe the risk of loss to an assetC . To describe the responsibility of stakeholders to protect assetsView AnswerAnswer: A Explanation: A control objective is a specific...
In the context of enterprise risk management (ERM), what is the overall role of l&T risk management stakeholders?
In the context of enterprise risk management (ERM), what is the overall role of l&T risk management stakeholders?A . Stakeholders set direction and provide support for risk management practices.B . Stakeholders are accountable for all risk management activities within an enterprise.C . Stakeholders are responsible for protecting enterprise assets to...
Which of the following would be considered a cyber-risk?
Which of the following would be considered a cyber-risk?A . A system that does not meet the needs of usersB . A change in security technologyC . Unauthorized use of informationView AnswerAnswer: C Explanation: Cyber-Risiken betreffen Bedrohungen und Schwachstellen in IT-Systemen, die durch unbefugten Zugriff oder Missbrauch von Informationen entstehen....
