To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Some new sample questions:
Question:
Which of the following is the MOST important course of action to foster an ethical, risk-aware culture?
A. Implement a fraud detection and prevention framework.
B. Ensure the alignment of the organization’s policies and standards to the defined risk appetite.
C. Establish an enterprise-wide ethics training and awareness program.
D. Perform a comprehensive review of all applicable legislative frameworks and requirements.
Question:
An organization has updated its acceptable use policy to mitigate the risk of employees disclosing confidential information. Which of the following is the BEST way to reinforce the effectiveness of this policy?
A. Communicate sanctions for policy violations to all staff.
B. Obtain signed acceptance of the new policy from employees.
C. Train all staff on relevant information security best practices.
D. Implement data loss prevention (DLP) within the corporate network.
Question:
Which of the following is MOST important to review when evaluating the ongoing effectiveness of the IT risk register?
A. The costs associated with mitigation options
B. The status of identified risk scenarios
C. The cost-benefit analysis of each risk response
D. The timeframes for risk response actions
Question:
An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner’s FIRST course of action?
A. Determine whether the impact is outside the risk appetite.
B. Request a formal acceptance of risk from senior management.
C. Report the ineffective control for inclusion in the next audit report.
D. Deploy a compensating control to address the identified deficiencies.
Question:
Which of the following will MOST likely change as a result of the decrease in risk appetite due to a new privacy regulation?
A. Key risk indicator (KRI) thresholds
B. Risk trends
C. Key performance indicators (KPIs)
D. Risk objectives
……………