- (Exam Topic 1)
An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

1. A. Invoke the disaster recovery plan during an incident.
2. B. Prepare a cost-benefit analysis of alternatives available
3. C. Implement redundant infrastructure for the application.
4. D. Reduce the recovery time by strengthening the response team.

Correct Answer: B

- (Exam Topic 4)
Which of the following is MOST important to ensure when reviewing an organization's risk register?

1. A. Risk ownership is recorded.
2. B. Vulnerabilities have separate entries.
3. C. Control ownership is recorded.
4. D. Residual risk is less than inherent risk.

Correct Answer: A

- (Exam Topic 1)
Who should be accountable for ensuring effective cybersecurity controls are established?

1. A. Risk owner
2. B. Security management function
3. C. IT management
4. D. Enterprise risk function

Correct Answer: B

- (Exam Topic 3)
Which of the following is the FIRST step in risk assessment?

1. A. Review risk governance
2. B. Asset identification
3. C. Identify risk factors
4. D. Inherent risk identification

Correct Answer: B

- (Exam Topic 3)
An organization is implementing internet of Things (loT) technology to control temperature and lighting in its headquarters. Which of the following should be of GREATEST concern?

1. A. Insufficient network isolation
2. B. impact on network performance
3. C. insecure data transmission protocols
4. D. Lack of interoperability between sensors

Correct Answer: D