Question 1

A multinational corporation is facing risks associated with data breaches across its global offices. The risk manager is tasked with establishing effective internal and external communication channels to address these risks. What approach should be prioritized for internal communication within the organization?

Options :

A : Sending a standardized email to all employees globally without customization.

B : Limiting risk communication to the IT department to reduce complexity.

C : Utilizing external media channels for all communications to ensure broad coverage.

D : Developing tailored communication strategies for different regions and departments based on their specific risk profiles and needs.

Answer: D

Question 2

A manufacturing company identifies a high risk of equipment failure. After applying maintenance and monitoring controls, the risk is reassessed. What type of risk rating does this reassessment represent?

Options :

A : Transferred risk, as it considers the outsourcing of equipment maintenance.

B : Residual risk, as it reflects the risk level after applying controls.

C : Target risk, as it indicates the risk level the company aims for.

D : Inherent risk, as it is the initial risk level.

Answer: B

Question 3

An e-commerce company is establishing risk acceptance criteria. What is an important factor to consider when defining these criteria?

Options :

A : Copying risk acceptance criteria from a different industry without modification.

B : Defining criteria based on the company-s risk appetite and the potential impact on its online business operations.

C : Setting criteria that accept all risks to expedite the decision-making process.

D : Basing criteria solely on the personal preferences of the risk manager.

Answer: B

Question 4

An educational institution is implementing MEHARI to assess risks to its learning management system (LMS). The team is in the process of risk treatment decision-making. What approach should be taken in this stage according to MEHARI, and why is it important for the institution's risk management?

Options :

A : Automatically opting for the most advanced technological solutions for all identified risks.

B : Choosing risk treatment options by considering their effectiveness in reducing risk levels and their alignment with the institution-s objectives and risk appetite.

C : Selecting risk treatment options based solely on their cost-effectiveness.

D : Delegating risk treatment decisions to the LMS vendor without internal analysis.

Answer: B

Question 5

A financial institution is updating its risk management framework in response to emerging cyber threats. The risk manager is tasked with documenting the results of the updated risk assessment. What should be the focus of this documentation to enhance its usefulness for ongoing risk management?

Options :

A : Detailed financial statements of the institution.

B : Current cyber threat landscape, identified risks, risk ratings, and recommended controls.

C : Biographies of the risk management team members.

D : Marketing strategies for promoting the institution-s cybersecurity measures.

Answer: B