Question 1

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options :

A : Granting access to information based on information architecture

B : Engaging an audit of logical access controls and related security policies

C : Implementing multi-factor authentication controls

D : Authenticating access to information assets based on roles or business rules

Answer: A

Question 2

After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

Options :

A : Continuous testing of disaster recovery capabilities with implementation of lessons learned

B : Increased training and monitoring for disaster recovery personnel who perform below expectations

C : Annual review and updates to the disaster recovery plan (DRP)

D : Increased outsourcing of disaster recovery capabilities to ensure reliability

Answer: A

Question 3

Which of the following is the GREATEST benefit of using a quantitative risk assessment method?

Options :

A : It uses resources more efficiently

B : It can be used to assess risks against non-tangible assets

C : It reduces subjectivity

D : It helps in prioritizing risk response action plans

Answer: C

Question 4

Within a governance structure for risk management, which of the following activities should be performed by the second line of defense?

Options :

A : Conducting internal and external audits

B : Implementing controls to manage risk

C : Monitoring risk and controls

D : Identifying and assessing risk

Answer: C

Question 5

The MOST appropriate method for evaluating the capability of IT governance is through the use of:

Options :

A : a maturity assessment.

B : benchmarking.

C : a cost-benefit analysis.

D : a risk assessment.

Answer: A