Question 1

The status of IT-related risk should to be communicated to the relevant stakeholders and:

Options :

A : Express risk in a manner that is useful to support business decisions.

B : Never updated

C : Should focus on best-case and least-probable scenarios.

D : Be as concise as possible and as such exclude probabilities of gain and loss.

Answer: A

Question 2

What should be documented in a comprehensive risk assessment report?

Options :

A : Internal factors only

B : Risk response information only

C : Assumptions and unknown factors

D : External factors only

Answer: C

Question 3

What category of control is represented by employing a firewall to obstruct traffic on ports linked to malicious tools?

Options :

A : Detective

B : Preventive

C : Compensating

D : Corrective

Answer: B

Question 4

Who ensures the involvement of the board in major decisions in an enterprise?

Options :

A : CEO

B : CFO

C : Executive committee

D : COO

Answer: C

Question 5

What determines the suitability of risk analysis approaches?

Options :

A : Culture, resources, skills, environment, and risk appetite

B : Potential consequences of a given risk scenario

C : Criticality and sensitivity of IT assets

D : Frequency and magnitude of a given risk scenario

Answer: A