IT Risk Fundamentals exam

Which of the following is the BEST indication of a good risk culture?A . The enterprise learns from negative outcomes and treats the root cause.B . The enterprise enables discussions of risk and facts within the risk management functions.C . The enterprise places a strong emphasis on the positive and...

Which of the following is the GREATEST benefit of effective asset valuation?A . It protects the enterprise from paying more for protection than the net worth of the asset.B . It assures that asset valuation is consistently applied to all assets across the enterprise.C . It ensures assets are linked...

Which of the following is the BEST way to interpret enterprise standards?A . A means of implementing policyB . An approved code of practiceC . Documented high-level principlesView AnswerAnswer: A Explanation: Unternehmensstandards dienen als Mittel zur Umsetzung von Richtlinien. Sie legen spezifische Anforderungen und Verfahren fest, die sicherstellen, dass die...

Which type of assessment evaluates the changes in technical or operating environments that could result in adverse consequences to an enterprise?A . Vulnerability assessmentB . Threat assessmentC . Control self-assessmentView AnswerAnswer: B Explanation: A Threat Assessment evaluates changes in the technical or operating environments that could result in adverse consequences...

One of the PRIMARY purposes of threat intelligence is to understand:A . zero-day threats.B . breach likelihood.C . asset vulnerabilities.View AnswerAnswer: B Explanation: One of the PRIMARY purposes of threat intelligence is to understand breach likelihood. Threat intelligence involves gathering, analyzing, and interpreting data about potential or existing threats to...

Which of the following represents a vulnerability associated with legacy systems using older technology?A . Lost opportunity to capitalize on emerging technologiesB . Rising costs associated with system maintenanceC . Inability to patch or apply system updatesView AnswerAnswer: C Explanation: Legacy systems using older technology often suffer from the inability...

Which of the following is MOST likely to expose an organization to adverse threats?A . Complex enterprise architectureB . Improperly configured network devicesC . Incomplete cybersecurity training recordsView AnswerAnswer: B Explanation: The MOST likely factor to expose an organization to adverse threats is improperly configured network devices. Here’s why: Complex...

Potential losses resulting from employee errors and system failures are examples of:A . operational risk.B . market risk.C . strategic risk.View AnswerAnswer: A Explanation: Operationelle Risiken umfassen Verluste, die durch unzureichende oder fehlgeschlagene interne Prozesse, Personen und Systeme oder durch externe Ereignisse verursacht werden. Mitarbeiterfehler und Systemausfälle sind typische Beispiele...

Which of the following MUST be established in order to manage l&T-related risk throughout the enterprise?A . An enterprise risk governance committeeB . The enterprise risk universeC . Industry best practices for risk managementView AnswerAnswer: A Explanation: To manage IT-related risk throughout the enterprise, it is crucial to establish an...

Which of the following is the PRIMARY concern with vulnerability assessments?A . Threat mitigationB . Report sizeC . False positivesView AnswerAnswer: C Explanation: The primary concern with vulnerability assessments is the presence of false positives. Here's why: Threat Mitigation: While vulnerability assessments help in identifying potential vulnerabilities that need to...