- (Exam Topic 2)
To minimize risk in a software development project, when is the BEST time to conduct a risk analysis?

1. A. During the business requirement definitions phase
2. B. Before periodic steering committee meetings
3. C. At each stage of the development life cycle
4. D. During the business case development

Correct Answer: A

- (Exam Topic 2)
An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:

1. A. mitigation.
2. B. avoidance.
3. C. transfer.
4. D. acceptance.

Correct Answer: A

- (Exam Topic 3)
Which type of indicators should be developed to measure the effectiveness of an organization's firewall rule set?

1. A. Key risk indicators (KRIs)
2. B. Key management indicators (KMIs)
3. C. Key performance indicators (KPIs)
4. D. Key control indicators (KCIs)

Correct Answer: D

- (Exam Topic 2)
Which of The following is the MOST relevant information to include in a risk management strategy?

1. A. Quantified risk triggers
2. B. Cost of controls
3. C. Regulatory requirements
4. D. Organizational goals

Correct Answer: D

- (Exam Topic 3)
A financial institution has identified high risk of fraud in several business applications. Which of the following controls will BEST help reduce the risk of fraudulent internal transactions?

1. A. Periodic user privileges review
2. B. Log monitoring
3. C. Periodic internal audits
4. D. Segregation of duties

Correct Answer: B