- (Exam Topic 3)
Which of the following will BEST support management reporting on risk?

1. A. Control self-assessment (CSA)
2. B. Risk policy requirements
3. C. A risk register
4. D. Key performance indicators (KPIs)

Correct Answer: C

- (Exam Topic 3)
Which of the following should be the MOST important consideration when performing a vendor risk assessment?

1. A. Results of the last risk assessment of the vendor
2. B. Inherent risk of the business process supported by the vendor
3. C. Risk tolerance of the vendor
4. D. Length of time since the last risk assessment of the vendor

Correct Answer: B

- (Exam Topic 2)
A risk practitioner learns that the organization s industry is experiencing a trend of rising security incidents. Which of the following is the BEST course of action?

1. A. Evaluate the relevance of the evolving threats.
2. B. Review past internal audit results.
3. C. Respond to organizational security threats.
4. D. Research industry published studies.

Correct Answer: A

- (Exam Topic 3)
Which of the following approaches would BEST help to identify relevant risk scenarios?

1. A. Engage line management in risk assessment workshops.
2. B. Escalate the situation to risk leadership.
3. C. Engage internal audit for risk assessment workshops.
4. D. Review system and process documentation.

Correct Answer: A

- (Exam Topic 1)
Who is the MOST appropriate owner for newly identified IT risk?

1. A. The manager responsible for IT operations that will support the risk mitigation efforts
2. B. The individual with authority to commit organizational resources to mitigate the risk
3. C. A project manager capable of prioritizing the risk remediation efforts
4. D. The individual with the most IT risk-related subject matter knowledge

Correct Answer: B