- (Exam Topic 1)
Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

1. A. Login attempts are reconciled to a list of terminated employees.
2. B. A list of terminated employees is generated for reconciliation against current IT access.
3. C. A process to remove employee access during the exit interview is implemented.
4. D. The human resources (HR) system automatically revokes system access.

Correct Answer: D

- (Exam Topic 3)
A risk practitioner has received an updated enterprise risk management (ERM) report showing that residual risk is now within the organization's defined appetite and tolerance levels. Which of the following is the risk practitioner's BEST course of action?

1. A. Identify new risk entries to include in ERM.
2. B. Remove the risk entries from the ERM register.
3. C. Re-perform the risk assessment to confirm results.
4. D. Verify the adequacy of risk monitoring plans.

Correct Answer: D

- (Exam Topic 2)
Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?

1. A. Enhance the security awareness program.
2. B. Increase the frequency of incident reporting.
3. C. Purchase cyber insurance from a third party.
4. D. Conduct a control assessment.

Correct Answer: D

- (Exam Topic 1)
Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

1. A. Performing a benchmark analysis and evaluating gaps
2. B. Conducting risk assessments and implementing controls
3. C. Communicating components of risk and their acceptable levels
4. D. Participating in peer reviews and implementing best practices

Correct Answer: C

- (Exam Topic 2)
An organization with a large number of applications wants to establish a security risk assessment program. Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

1. A. Feedback from end users
2. B. Results of a benchmark analysis
3. C. Recommendations from internal audit
4. D. Prioritization from business owners

Correct Answer: D