Risk maps can help to develop common profiles in order to identify which of the following?

Risk response activities that can be made more efficient

Risk that has clearly identified and assigned ownership

Risk remediation activities that have sufficient budget

Risk response activities that can be made more efficient

Which of the following is MOST important for the determination of I&T-related risk?

The impact on the business services that the IT system supports

The likelihood of occurrence for most relevant risk scenarios

The impact on competitors in the same industry

What is the PRIMARY benefit of using generic technology terms in IT risk assessment reports to management?

Clarity on the proper interpretation of reported risk

Simplicity in translating risk reports into other languages

Clarity on the proper interpretation of reported risk

Ease of promoting risk awareness with key stakeholders

Which of the following is the MAIN reason to include previously overlooked risk in a risk report?

Assurance is needed that the risk dashboard is complete and comprehensive.

Overlooked or ignored risk may become relevant in the future.

The risk report must contain the current state of all risk.

Which of the following is the BEST control to prevent unauthorized user access in a remote work environment?

Monthly user access recertification

Which of the following is an example of a preventive control?

Data management checks on sensitive data processing procedures

File integrity monitoring (FIM) on personal database stores

Air conditioning systems with excess capacity to permit failure of certain components

Data management checks on sensitive data processing procedures

The PRIMARY reason for the implementation of additional security controls is to:

manage risk to acceptable tolerance levels.

avoid the risk of regulatory noncompliance.

adhere to local data protection laws.

manage risk to acceptable tolerance levels.

An enterprise has performed a risk assessment for the risk associated with the theft of sales team laptops while in transit. The results of the assessment concluded that the cost of mitigating the risk is higher than the potential loss. Which of the following is the BEST risk response strategy?

Encrypt the sales team laptops.

What is the FIRST step in the risk response process?

Prioritize responses based on impact.

Which of the following would have the MOST impact on the accuracy and appropriateness of plans associated with business continuity and disaster recovery?

Changes to the business impact assessment (BIA)

Material updates to the incident response plan

Data backups being moved to the cloud

Changes to the business impact assessment (BIA)

A business continuity plan (BCP) is:

a risk-related document that focuses on business impact assessments (BIAs).

a methodical plan detailing the steps of incident response activities.

a document of controls that reduce the risk of losing critical processes.

a risk-related document that focuses on business impact assessments (BIAs).

Which of the following occurs earliest in the risk response process?

Analyzing risk response options

Which of the following is MOST important to include when developing a business case for a specific risk response?

A justification for the expense of the investment

Stakeholders responsible for the risk response plan

Communication and status reporting of the related risk

A justification for the expense of the investment

Risk monitoring is MOST effective when it is conducted:

throughout the risk treatment planning process.

following changes to the business's environment.

before and after completing the risk treatment plan.

throughout the risk treatment planning process.

Which of the following is a valid source or basis for selecting key risk indicators (KRIs)?

Historical enterprise risk metrics

External threat reporting services

When selecting a key risk indicator (KRI), it is MOST important that the KRI:

is a reliable predictor of the risk event.

produces multiple and varied results.

is a reliable predictor of the risk event.

The MOST important reason for developing and monitoring key risk indicators (KRIs) is that they provide:

an early warning of possible risk materialization.

measurable metrics for acceptable risk levels.

information about control compliance.

an early warning of possible risk materialization.

A key risk indicator (KRI) is PRIMARILY used for which of the following purposes?

Facilitating dashboard reporting

Which of the following is the MOST important aspect of key performance indicators (KPIs)?

KPIs identify underperforming assets that may impact the achievement of operational goals.

KPIs provide inputs for monitoring the usage of IT assets to determine return on investment (ROI).

KPIs aid management in monitoring the organization's IT infrastructure capacity.

Which of the following is the PRIMARY reason for an organization to monitor and review l&T-related risk periodically?

To address changes in external and internal risk factors

To ensure risk is managed within acceptable limits

To facilitate the timely identification and replacement of legacy IT assets

As part of the control monitoring process, frequent control exceptions are MOST likely to indicate:

misalignment with business priorities.

excessive costs associated with use of a control.

misalignment with business priorities.

high risk appetite throughout the enterprise.

Organizations monitor control statuses to provide assurance that:

compliance with established standards is achieved.

risk events are being fully mitigated.

return on investment (ROI) objectives are met.

The MOST important reason to monitor implemented controls is to ensure the controls:

are effective and manage risk to the desired level.

enable IT operations to meet agreed service levels.

mitigate risk associated with regulatory noncompliance.

Which of the following statements on an organization's cybersecurity profile is BEST suited for presentation to management?

Security measures are configured to minimize the risk of a cyber attack.

The probability of a cyber attack varies between unlikely and very likely.

Risk management believes the likelihood of a cyber attack is not imminent.

Security measures are configured to minimize the risk of a cyber attack.

Isaca IT Risk Fundamentals Practice Test 2 - Free Online Exam Prep & Questions

When analyzing l&T-related risk, an enterprise defines likelihood and impact on a scale from 1 to 5, and the scale of impact also defines a range expressed in monetary terms. Which of the following risk analysis approaches has been adopted?

Become a Premium Member for full access

Unlock Premium Member

Isaca IT Risk Fundamentals Practice Test 2

Question

Isaca IT Risk Fundamentals Practice Tests

Practice Tests