- (Exam Topic 1)
Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

1. A. Risk tolerance is decreased.
2. B. Residual risk is increased.
3. C. Inherent risk is increased.
4. D. Risk appetite is decreased

Correct Answer: D

- (Exam Topic 3)
Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

1. A. Regulatory compliance
2. B. Risk ownership
3. C. Best practices
4. D. Desired risk level

Correct Answer: D

- (Exam Topic 2)
Which of the following should be the MAIN consideration when validating an organization's risk appetite?

1. A. Comparison against regulations
2. B. Maturity of the risk culture
3. C. Capacity to withstand loss
4. D. Cost of risk mitigation options

Correct Answer: B

- (Exam Topic 2)
Which of the following is the BEST method for identifying vulnerabilities?

1. A. Batch job failure monitoring
2. B. Periodic network scanning
3. C. Annual penetration testing
4. D. Risk assessments

Correct Answer: C

- (Exam Topic 3)
Which of the following facilitates a completely independent review of test results for evaluating control effectiveness?

1. A. Segregation of duties
2. B. Three lines of defense
3. C. Compliance review
4. D. Quality assurance review

Correct Answer: B