IT Risk Fundamentals exam

Which of the following is MOST likely to promote ethical and open communication of risk management activities at the executive level?A . Recommending risk tolerance levels to the businessB . Expressing risk results in financial termsC . Increasing the frequency of risk status reportsView AnswerAnswer: B Explanation: Expressing risk results...

An enterprise’s risk policy should be aligned with its:A . current risk.B . risk capacity.C . risk appetite.View AnswerAnswer: C Explanation: An enterprise’s risk policy should be aligned with its risk appetite, which defines the amount and type of risk the organization is willing to accept in pursuit of its...

Which of the following is the MAIN objective of governance?A . Creating controls throughout the entire organizationB . Creating risk awareness at all levels of the organizationC . Creating value through investments for the organizationView AnswerAnswer: C Explanation: Governance is primarily concerned with ensuring that an organization achieves its objectives,...

Which of the following are control conditions that exist in IT systems and may be exploited by an attacker?A . Cybersecurity risk scenariosB . VulnerabilitiesC . ThreatsView AnswerAnswer: B Explanation: Control conditions that exist in IT systems and may be exploited by an attacker are known as vulnerabilities. Here's the...

Which of the following is the BEST reason for an enterprise to avoid an absolute prohibition on risk?A . It may not be understood by executive management.B . It may lead to ineffective use of resources.C . It may not provide adequate support for budget increases.View AnswerAnswer: B Explanation: An...

Which of the following is considered an exploit event?A . An attacker takes advantage of a vulnerabilityB . Any event that is verified as a security breachC . The actual occurrence of an adverse eventView AnswerAnswer: A Explanation: Ein Exploit-Ereignis tritt auf, wenn ein Angreifer eine Schwachstelle ausnutzt, um unbefugten...

Publishing l&T risk-related policies and procedures BEST enables an enterprise to:A . set the overall expectations for risk management.B . hold management accountable for risk loss events.C . ensure regulatory compliance and adherence to risk standards.View AnswerAnswer: A Explanation: Publishing IT risk-related policies and procedures sets the overall expectations for...

Which of the following is the PRIMARY outcome of a risk scoping activity?A . Identification of major risk factors to be benchmarked against industry competitorsB . Identification of potential high-impact risk areas throughout the enterpriseC . Identification of risk scenarios related to emerging technologiesView AnswerAnswer: B Explanation: Risk scoping is...

What is the basis for determining the sensitivity of an IT asset?A . Potential damage to the business due to unauthorized disclosureB . Cost to replace the asset if lost, damaged, or deemed obsoleteC . Importance of the asset to the businessView AnswerAnswer: A Explanation: The sensitivity of an IT...

Which of the following is the BEST indication of a good risk culture?A . The enterprise learns from negative outcomes and treats the root cause.B . The enterprise enables discussions of risk and facts within the risk management functions.C . The enterprise places a strong emphasis on the positive and...