- (Exam Topic 1)
Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?

1. A. Percentage of systems included in recovery processes
2. B. Number of key systems hosted
3. C. Average response time to resolve system incidents
4. D. Percentage of system availability

Correct Answer: C

- (Exam Topic 3)
Which of the following is the GREATEST benefit of identifying appropriate risk owners?

1. A. Accountability is established for risk treatment decisions
2. B. Stakeholders are consulted about risk treatment options
3. C. Risk owners are informed of risk treatment options
4. D. Responsibility is established for risk treatment decisions.

Correct Answer: A

- (Exam Topic 2)
When communicating changes in the IT risk profile, which of the following should be included to BEST enable stakeholder decision making?

1. A. List of recent incidents affecting industry peers
2. B. Results of external attacks and related compensating controls
3. C. Gaps between current and desired states of the control environment
4. D. Review of leading IT risk management practices within the industry

Correct Answer: C

- (Exam Topic 1)
A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

1. A. The network security policy
2. B. Potential business impact
3. C. The WiFi access point configuration
4. D. Planned remediation actions

Correct Answer: B

- (Exam Topic 1)
IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would
be MOST helpful?

1. A. IT risk register
2. B. List of key risk indicators
3. C. Internal audit reports
4. D. List of approved projects

Correct Answer: A