- (Exam Topic 2)
The implementation of a risk treatment plan will exceed the resources originally allocated for the risk response. Which of the following should be the risk owner's NEXT action?

1. A. Perform a risk assessment.
2. B. Accept the risk of not implementing.
3. C. Escalate to senior management.
4. D. Update the implementation plan.

Correct Answer: C

- (Exam Topic 2)
Which of the following is the BEST indicator of the effectiveness of a control monitoring program?

1. A. Time between control failure and failure detection
2. B. Number of key controls as a percentage of total control count
3. C. Time spent on internal control assessment reviews
4. D. Number of internal control failures within the measurement period

Correct Answer: A

- (Exam Topic 1)
The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?

1. A. Escalate to senior management
2. B. Require a nondisclosure agreement.
3. C. Sanitize portions of the register
4. D. Determine the purpose of the request

Correct Answer: D

- (Exam Topic 1)
Which of the following is the BEST method for assessing control effectiveness?

1. A. Ad hoc control reporting
2. B. Control self-assessment
3. C. Continuous monitoring
4. D. Predictive analytics

Correct Answer: C

- (Exam Topic 4)
An organization has been experiencing an increasing number of spear phishing attacks Which of the following would be the MOST effective way to mitigate the risk associated with these attacks?

1. A. Update firewall configuration
2. B. Require strong password complexity
3. C. implement a security awareness program
4. D. Implement two-factor authentication

Correct Answer: A