Question 1

A government agency is conducting a risk analysis for its public-facing website. What approach should be taken to determine the likelihood and consequences of a website defacement attack?

Options :

A : Analyzing the number of website visitors and the potential for increased traffic following a defacement incident.

B : Assessing the technical complexity of the website and the cost of potential reputational damage.

C : Considering the frequency of website updates and the financial implications of restoring the website.

D : Evaluating the website-s security measures and the impact of defacement on public trust and service availability.

Answer: D

Question 2

A multinational corporation is looking to maintain the agility of its information security risk management program in a rapidly changing global business environment. The risk manager is selecting tools to support this goal. Which tool would best support the agility of the risk management program?

Options :

A : A set of predefined, unchangeable risk management templates.

B : An internal survey tool used once every few years.

C : A static annual risk report.

D : A project management tool that integrates risk management activities with overall business processes.

Answer: D

Question 3

A company's main website is hosted on an external cloud server. In terms of primary and supporting assets, how should the website and the cloud server be classified?

Options :

A : The cloud server as a primary asset; the website as a supporting asset.

B : Both the website and the cloud server as supporting assets.

C : Both the website and the cloud server as primary assets.

D : The website as a primary asset; the cloud server as a supporting asset.

Answer: D

Question 4

An e-commerce company has identified risks related to customer data privacy. As part of the risk treatment plan, the risk manager has recommended encrypting sensitive customer data. What factor is crucial for the successful implementation of this corrective action?

Options :

A : The impact of data encryption on system performance and the balance between security and usability.

B : Implementing data encryption as a one-time activity without future reviews or updates.

C : The encryption method-s popularity among other e-commerce companies.

D : Choosing encryption software based solely on the lowest cost option.

Answer: A

Question 5

A multinational corporation is facing risks associated with data breaches across its global offices. The risk manager is tasked with establishing effective internal and external communication channels to address these risks. What approach should be prioritized for internal communication within the organization?

Options :

A : Sending a standardized email to all employees globally without customization.

B : Limiting risk communication to the IT department to reduce complexity.

C : Utilizing external media channels for all communications to ensure broad coverage.

D : Developing tailored communication strategies for different regions and departments based on their specific risk profiles and needs.

Answer: D