- All Exams Instant Download
Which of the following is an example of an inductive method to gather information?
Which of the following is an example of an inductive method to gather information?A . Vulnerability analysisB . Controls gap analysisC . Penetration testingView AnswerAnswer: C Explanation: Penetration testing is an example of an inductive method to gather information. Here's why: Vulnerability Analysis: This typically involves a deductive approach where...
Which of the following is the BEST way to minimize potential attack vectors on the enterprise network?
Which of the following is the BEST way to minimize potential attack vectors on the enterprise network?A . Implement network log monitoring.B . Disable any unneeded ports.C . Provide annual cybersecurity awareness training.View AnswerAnswer: B Explanation: The best way to minimize potential attack vectors on the enterprise network is to...
To establish an enterprise risk appetite, an organization should:
To establish an enterprise risk appetite, an organization should:A . normalize risk taxonomy across the organization.B . aggregate risk statements for all lines of business.C . establish risk tolerance for each business unit.View AnswerAnswer: C Explanation: To establish an enterprise risk appetite, it is essential for an organization to establish...
What is the purpose of a control objective?
What is the purpose of a control objective?A . To describe the result of protecting an asset for a business processB . To describe the risk of loss to an assetC . To describe the responsibility of stakeholders to protect assetsView AnswerAnswer: A Explanation: A control objective is a specific...
In the context of enterprise risk management (ERM), what is the overall role of l&T risk management stakeholders?
In the context of enterprise risk management (ERM), what is the overall role of l&T risk management stakeholders?A . Stakeholders set direction and provide support for risk management practices.B . Stakeholders are accountable for all risk management activities within an enterprise.C . Stakeholders are responsible for protecting enterprise assets to...
Which of the following would be considered a cyber-risk?
Which of the following would be considered a cyber-risk?A . A system that does not meet the needs of usersB . A change in security technologyC . Unauthorized use of informationView AnswerAnswer: C Explanation: Cyber-Risiken betreffen Bedrohungen und Schwachstellen in IT-Systemen, die durch unbefugten Zugriff oder Missbrauch von Informationen entstehen....
