Isaca IT-RISK-FUNDAMENTALS Online Practice Questions and Exam Preparation

Isaca IT-RISK-FUNDAMENTALS Online Questions & Answers

• Question 81:

  In the context of enterprise risk management (ERM), what is the overall role of landT risk management stakeholders?

  A. Stakeholders set direction and provide support for risk management practices.
  B. Stakeholders are accountable for all risk management activities within an enterprise.
  C. Stakeholders are responsible for protecting enterprise assets to achieve business objectives.
  A. Stakeholders set direction and provide support for risk management practices.

• Question 82:

  Which of the following is of GREATEST concern when aggregating risk information in management reports?

  A. Duplicating details of risk status
  B. Obfuscating the reasons behind risk
  C. Generalizing acceptable risk levels
  B. Obfuscating the reasons behind risk

• Question 83:

  Which of the following is the GREATEST benefit of effective asset valuation?

  A. It protects the enterprise from paying more for protection than the net worth of the asset.
  B. It assures that asset valuation is consistently applied to all assets across the enterprise.
  C. It ensures assets are linked to processes and classified based on business value.
  C. It ensures assets are linked to processes and classified based on business value.

• Question 84:

  A risk practitioner has been tasked with analyzing new risk events added to the risk register. Which of the following analysis methods would BEST enable the risk practitioner to minimize ambiguity and subjectivity?

  A. Annual loss expectancy (ALE)
  B. Delphi method
  C. Brainstorming
  A. Annual loss expectancy (ALE)

• Question 85:

  Which of the following includes potential risk events and the associated impact?

  A. Risk scenario
  B. Risk policy
  C. Risk profile
  A. Risk scenario

• Question 86:

  An enterprise that uses a two-factor authentication login method for accessing sensitive data has implemented which type of control?

  A. Preventive
  B. Corrective
  C. Detective
  A. Preventive

• Question 87:

  An enterprise recently implemented multi-factor authentication. During the most recent risk assessment, it was determined that cybersecurity risk is within the organization's risk appetite threshold. What is the MOST appropriate action for the organization to take regarding the remaining cybersecurity residual risk?

  A. Accept
  B. Mitigate
  C. Transfer
  A. Accept

• Question 88:

  As part of the control monitoring process, frequent control exceptions are MOST likely to indicate:

  A. excessive costs associated with use of a control.
  B. misalignment with business priorities.
  C. high risk appetite throughout the enterprise.
  B. misalignment with business priorities.

• Question 89:

  What is the basis for determining the sensitivity of an IT asset?

  A. Potential damage to the business due to unauthorized disclosure
  B. Cost to replace the asset if lost, damaged, or deemed obsolete
  C. Importance of the asset to the business
  A. Potential damage to the business due to unauthorized disclosure

• Question 90:

  The PRIMARY reason for the implementation of additional security controls is to:

  A. avoid the risk of regulatory noncompliance.
  B. adhere to local data protection laws.
  C. manage risk to acceptable tolerance levels.
  C. manage risk to acceptable tolerance levels.