{"id":105142,"date":"2025-07-01T07:25:29","date_gmt":"2025-07-01T07:25:29","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=105142"},"modified":"2025-07-01T07:25:29","modified_gmt":"2025-07-01T07:25:29","slug":"achieve-crisc-certification-by-studying-the-most-updated-crisc-dumps-v13-02-choose-dumpsbase-for-crisc-exam-preparation","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/achieve-crisc-certification-by-studying-the-most-updated-crisc-dumps-v13-02-choose-dumpsbase-for-crisc-exam-preparation.html","title":{"rendered":"Achieve CRISC Certification By Studying the Most Updated CRISC Dumps (V13.02): Choose DumpsBase for CRISC Exam Preparation"},"content":{"rendered":"<p>Now, you can achieve the Certified in Risk and Information Systems Control (CRISC) certification by studying the most updated CRISC dumps (V13.02). DumpsBase ensures that you can prepare well with the most current CRISC exam questions. DumpsBase CRISC dumps (V13.02) provide a valuable tool for effective preparation, offering comprehensive coverage, realistic practice, and the flexibility to study at your own pace. By incorporating these dumps into your study regimen and following the strategies outlined above, you can significantly increase your chances of passing the CRISC exam on your first attempt. Invest in your future today by choosing DumpsBase CRISC dumps and take a confident step toward achieving your professional goals in the field of IT risk management.<\/p>\n<h2>You can check the <em><span style=\"background-color: #00ff00;\">CRISC free dumps below<\/span><\/em> to verify the most updated version (V13.02):<\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam9470\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-9470\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-9470\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-379088'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>The PRIMARY reason for a risk practitioner to review business processes is to:<\/div><input type='hidden' name='question_id[]' id='qID_1' value='379088' \/><input type='hidden' id='answerType379088' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379088[]' id='answer-id-1475412' class='answer   answerof-379088 ' value='1475412'   \/><label for='answer-id-1475412' id='answer-label-1475412' class=' answer'><span>Benchmark against peer organizations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379088[]' id='answer-id-1475413' class='answer   answerof-379088 ' value='1475413'   \/><label for='answer-id-1475413' id='answer-label-1475413' class=' answer'><span>Identify appropriate controls within business processes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379088[]' id='answer-id-1475414' class='answer   answerof-379088 ' value='1475414'   \/><label for='answer-id-1475414' id='answer-label-1475414' class=' answer'><span>Assess compliance with global standards.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379088[]' id='answer-id-1475415' class='answer   answerof-379088 ' value='1475415'   \/><label for='answer-id-1475415' id='answer-label-1475415' class=' answer'><span>Identify risk owners related to business processes.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-379089'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>A risk practitioner is MOST likely to use a SWOT analysis to assist with which risk process?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='379089' \/><input type='hidden' id='answerType379089' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379089[]' id='answer-id-1475416' class='answer   answerof-379089 ' value='1475416'   \/><label for='answer-id-1475416' id='answer-label-1475416' class=' answer'><span>Risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379089[]' id='answer-id-1475417' class='answer   answerof-379089 ' value='1475417'   \/><label for='answer-id-1475417' id='answer-label-1475417' class=' answer'><span>Risk reporting<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379089[]' id='answer-id-1475418' class='answer   answerof-379089 ' value='1475418'   \/><label for='answer-id-1475418' id='answer-label-1475418' class=' answer'><span>Risk mitigation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379089[]' id='answer-id-1475419' class='answer   answerof-379089 ' value='1475419'   \/><label for='answer-id-1475419' id='answer-label-1475419' class=' answer'><span>Risk identification<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-379090'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>During which phase of the system development life cycle (SDLC) should information security requirements for the implementation of a new IT system be defined?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='379090' \/><input type='hidden' id='answerType379090' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379090[]' id='answer-id-1475420' class='answer   answerof-379090 ' value='1475420'   \/><label for='answer-id-1475420' id='answer-label-1475420' class=' answer'><span>Monitoring<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379090[]' id='answer-id-1475421' class='answer   answerof-379090 ' value='1475421'   \/><label for='answer-id-1475421' id='answer-label-1475421' class=' answer'><span>Development<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379090[]' id='answer-id-1475422' class='answer   answerof-379090 ' value='1475422'   \/><label for='answer-id-1475422' id='answer-label-1475422' class=' answer'><span>Implementation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379090[]' id='answer-id-1475423' class='answer   answerof-379090 ' value='1475423'   \/><label for='answer-id-1475423' id='answer-label-1475423' class=' answer'><span>Initiation<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-379091'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Real-time monitoring of security cameras implemented within a retail store is an example of which type of control?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='379091' \/><input type='hidden' id='answerType379091' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379091[]' id='answer-id-1475424' class='answer   answerof-379091 ' value='1475424'   \/><label for='answer-id-1475424' id='answer-label-1475424' class=' answer'><span>Preventive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379091[]' id='answer-id-1475425' class='answer   answerof-379091 ' value='1475425'   \/><label for='answer-id-1475425' id='answer-label-1475425' class=' answer'><span>Deterrent<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379091[]' id='answer-id-1475426' class='answer   answerof-379091 ' value='1475426'   \/><label for='answer-id-1475426' id='answer-label-1475426' class=' answer'><span>Compensating<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379091[]' id='answer-id-1475427' class='answer   answerof-379091 ' value='1475427'   \/><label for='answer-id-1475427' id='answer-label-1475427' class=' answer'><span>Detective<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-379092'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>Which of the following is the MOST important consideration for prioritizing risk treatment plans when faced with budget limitations?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='379092' \/><input type='hidden' id='answerType379092' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379092[]' id='answer-id-1475428' class='answer   answerof-379092 ' value='1475428'   \/><label for='answer-id-1475428' id='answer-label-1475428' class=' answer'><span>Inherent risk and likelihood<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379092[]' id='answer-id-1475429' class='answer   answerof-379092 ' value='1475429'   \/><label for='answer-id-1475429' id='answer-label-1475429' class=' answer'><span>Management action plans associated with audit findings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379092[]' id='answer-id-1475430' class='answer   answerof-379092 ' value='1475430'   \/><label for='answer-id-1475430' id='answer-label-1475430' class=' answer'><span>Residual risk relative to appetite and tolerance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379092[]' id='answer-id-1475431' class='answer   answerof-379092 ' value='1475431'   \/><label for='answer-id-1475431' id='answer-label-1475431' class=' answer'><span>Key risk indicator (KRI) trends<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-379093'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Which of the following is MOST important to identify when developing generic risk scenarios?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='379093' \/><input type='hidden' id='answerType379093' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379093[]' id='answer-id-1475432' class='answer   answerof-379093 ' value='1475432'   \/><label for='answer-id-1475432' id='answer-label-1475432' class=' answer'><span>The organization\u2019s vision and mission<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379093[]' id='answer-id-1475433' class='answer   answerof-379093 ' value='1475433'   \/><label for='answer-id-1475433' id='answer-label-1475433' class=' answer'><span>Resources required for risk mitigation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379093[]' id='answer-id-1475434' class='answer   answerof-379093 ' value='1475434'   \/><label for='answer-id-1475434' id='answer-label-1475434' class=' answer'><span>Impact to business objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379093[]' id='answer-id-1475435' class='answer   answerof-379093 ' value='1475435'   \/><label for='answer-id-1475435' id='answer-label-1475435' class=' answer'><span>Risk-related trends within the industry<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-379094'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>When an organization's business continuity plan (BCP) states that it cannot afford to lose more than three hours of a critical application's data, the three hours is considered the application\u2019s:<\/div><input type='hidden' name='question_id[]' id='qID_7' value='379094' \/><input type='hidden' id='answerType379094' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379094[]' id='answer-id-1475436' class='answer   answerof-379094 ' value='1475436'   \/><label for='answer-id-1475436' id='answer-label-1475436' class=' answer'><span>Maximum tolerable outage (MTO).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379094[]' id='answer-id-1475437' class='answer   answerof-379094 ' value='1475437'   \/><label for='answer-id-1475437' id='answer-label-1475437' class=' answer'><span>Recovery point objective (RPO).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379094[]' id='answer-id-1475438' class='answer   answerof-379094 ' value='1475438'   \/><label for='answer-id-1475438' id='answer-label-1475438' class=' answer'><span>Mean time to restore (MTTR).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379094[]' id='answer-id-1475439' class='answer   answerof-379094 ' value='1475439'   \/><label for='answer-id-1475439' id='answer-label-1475439' class=' answer'><span>Recovery time objective (RTO).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-379095'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>Which of the following is MOST important for effective communication of a risk profile to relevant stakeholders?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='379095' \/><input type='hidden' id='answerType379095' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379095[]' id='answer-id-1475440' class='answer   answerof-379095 ' value='1475440'   \/><label for='answer-id-1475440' id='answer-label-1475440' class=' answer'><span>Emphasizing risk in the risk profile that is related to critical business activities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379095[]' id='answer-id-1475441' class='answer   answerof-379095 ' value='1475441'   \/><label for='answer-id-1475441' id='answer-label-1475441' class=' answer'><span>Customizing the presentation of the risk profile to the intended audience<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379095[]' id='answer-id-1475442' class='answer   answerof-379095 ' value='1475442'   \/><label for='answer-id-1475442' id='answer-label-1475442' class=' answer'><span>Including details of risk with high deviation from the risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379095[]' id='answer-id-1475443' class='answer   answerof-379095 ' value='1475443'   \/><label for='answer-id-1475443' id='answer-label-1475443' class=' answer'><span>Providing information on the efficiency of controls for risk mitigation<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-379096'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Which of the following situations reflects residual risk?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='379096' \/><input type='hidden' id='answerType379096' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379096[]' id='answer-id-1475444' class='answer   answerof-379096 ' value='1475444'   \/><label for='answer-id-1475444' id='answer-label-1475444' class=' answer'><span>Risk that is present before risk acceptance has been finalized<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379096[]' id='answer-id-1475445' class='answer   answerof-379096 ' value='1475445'   \/><label for='answer-id-1475445' id='answer-label-1475445' class=' answer'><span>Risk that is removed after a risk acceptance has been finalized<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379096[]' id='answer-id-1475446' class='answer   answerof-379096 ' value='1475446'   \/><label for='answer-id-1475446' id='answer-label-1475446' class=' answer'><span>Risk that is present before mitigation controls have been applied<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379096[]' id='answer-id-1475447' class='answer   answerof-379096 ' value='1475447'   \/><label for='answer-id-1475447' id='answer-label-1475447' class=' answer'><span>Risk that remains after mitigation controls have been applied<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-379097'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>What is the BEST approach for determining the inherent risk of a scenario when the actual likelihood of the risk is unknown?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='379097' \/><input type='hidden' id='answerType379097' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379097[]' id='answer-id-1475448' class='answer   answerof-379097 ' value='1475448'   \/><label for='answer-id-1475448' id='answer-label-1475448' class=' answer'><span>Use the severity rating to calculate risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379097[]' id='answer-id-1475449' class='answer   answerof-379097 ' value='1475449'   \/><label for='answer-id-1475449' id='answer-label-1475449' class=' answer'><span>Classify the risk scenario as low-probability.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379097[]' id='answer-id-1475450' class='answer   answerof-379097 ' value='1475450'   \/><label for='answer-id-1475450' id='answer-label-1475450' class=' answer'><span>Use the highest likelihood identified by risk management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379097[]' id='answer-id-1475451' class='answer   answerof-379097 ' value='1475451'   \/><label for='answer-id-1475451' id='answer-label-1475451' class=' answer'><span>Rely on range-based estimates provided by subject-matter experts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-379098'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>An organization's senior management is considering whether to acquire cyber insurance. <br \/>\r<br>Which of the following is the BEST way for the risk practitioner to enable management\u2019s decision?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='379098' \/><input type='hidden' id='answerType379098' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379098[]' id='answer-id-1475452' class='answer   answerof-379098 ' value='1475452'   \/><label for='answer-id-1475452' id='answer-label-1475452' class=' answer'><span>Perform a cost-benefit analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379098[]' id='answer-id-1475453' class='answer   answerof-379098 ' value='1475453'   \/><label for='answer-id-1475453' id='answer-label-1475453' class=' answer'><span>Conduct a SWOT analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379098[]' id='answer-id-1475454' class='answer   answerof-379098 ' value='1475454'   \/><label for='answer-id-1475454' id='answer-label-1475454' class=' answer'><span>Provide data on the number of risk events from the last year.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379098[]' id='answer-id-1475455' class='answer   answerof-379098 ' value='1475455'   \/><label for='answer-id-1475455' id='answer-label-1475455' class=' answer'><span>Report on recent losses experienced by industry peers.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-379099'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>After several security incidents resulting in significant financial losses, IT management has decided to outsource the security function to a third party that provides 24\/7 security operation services. <br \/>\r<br>Which risk response option has management implemented?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='379099' \/><input type='hidden' id='answerType379099' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379099[]' id='answer-id-1475456' class='answer   answerof-379099 ' value='1475456'   \/><label for='answer-id-1475456' id='answer-label-1475456' class=' answer'><span>Risk mitigation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379099[]' id='answer-id-1475457' class='answer   answerof-379099 ' value='1475457'   \/><label for='answer-id-1475457' id='answer-label-1475457' class=' answer'><span>Risk avoidance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379099[]' id='answer-id-1475458' class='answer   answerof-379099 ' value='1475458'   \/><label for='answer-id-1475458' id='answer-label-1475458' class=' answer'><span>Risk acceptance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379099[]' id='answer-id-1475459' class='answer   answerof-379099 ' value='1475459'   \/><label for='answer-id-1475459' id='answer-label-1475459' class=' answer'><span>Risk transfer<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-379100'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Which of the following is the MOST important benefit of implementing a data classification program?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='379100' \/><input type='hidden' id='answerType379100' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379100[]' id='answer-id-1475460' class='answer   answerof-379100 ' value='1475460'   \/><label for='answer-id-1475460' id='answer-label-1475460' class=' answer'><span>Reduction in data complexity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379100[]' id='answer-id-1475461' class='answer   answerof-379100 ' value='1475461'   \/><label for='answer-id-1475461' id='answer-label-1475461' class=' answer'><span>Reduction in processing times<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379100[]' id='answer-id-1475462' class='answer   answerof-379100 ' value='1475462'   \/><label for='answer-id-1475462' id='answer-label-1475462' class=' answer'><span>Identification of appropriate ownership<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379100[]' id='answer-id-1475463' class='answer   answerof-379100 ' value='1475463'   \/><label for='answer-id-1475463' id='answer-label-1475463' class=' answer'><span>Identification of appropriate controls<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-379101'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>Which of the following is the MOST effective way to help ensure future risk levels do not exceed the organization's risk appetite?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='379101' \/><input type='hidden' id='answerType379101' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379101[]' id='answer-id-1475464' class='answer   answerof-379101 ' value='1475464'   \/><label for='answer-id-1475464' id='answer-label-1475464' class=' answer'><span>Developing contingency plans for key processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379101[]' id='answer-id-1475465' class='answer   answerof-379101 ' value='1475465'   \/><label for='answer-id-1475465' id='answer-label-1475465' class=' answer'><span>Implementing key performance indicators (KPIs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379101[]' id='answer-id-1475466' class='answer   answerof-379101 ' value='1475466'   \/><label for='answer-id-1475466' id='answer-label-1475466' class=' answer'><span>Adding risk triggers to entries in the risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379101[]' id='answer-id-1475467' class='answer   answerof-379101 ' value='1475467'   \/><label for='answer-id-1475467' id='answer-label-1475467' class=' answer'><span>Establishing a series of key risk indicators (KRIs)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-379102'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>Which of the following controls would BEST reduce the risk of account compromise?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='379102' \/><input type='hidden' id='answerType379102' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379102[]' id='answer-id-1475468' class='answer   answerof-379102 ' value='1475468'   \/><label for='answer-id-1475468' id='answer-label-1475468' class=' answer'><span>Enforce password changes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379102[]' id='answer-id-1475469' class='answer   answerof-379102 ' value='1475469'   \/><label for='answer-id-1475469' id='answer-label-1475469' class=' answer'><span>Enforce multi-factor authentication (MFA).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379102[]' id='answer-id-1475470' class='answer   answerof-379102 ' value='1475470'   \/><label for='answer-id-1475470' id='answer-label-1475470' class=' answer'><span>Enforce role-based authentication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379102[]' id='answer-id-1475471' class='answer   answerof-379102 ' value='1475471'   \/><label for='answer-id-1475471' id='answer-label-1475471' class=' answer'><span>Enforce password encryption.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-379103'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>Which of the following should be a risk practitioner's NEXT step upon learning the impact of an organization's noncompliance with a specific legal regulation?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='379103' \/><input type='hidden' id='answerType379103' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379103[]' id='answer-id-1475472' class='answer   answerof-379103 ' value='1475472'   \/><label for='answer-id-1475472' id='answer-label-1475472' class=' answer'><span>Identify risk response options.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379103[]' id='answer-id-1475473' class='answer   answerof-379103 ' value='1475473'   \/><label for='answer-id-1475473' id='answer-label-1475473' class=' answer'><span>Implement compensating controls.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379103[]' id='answer-id-1475474' class='answer   answerof-379103 ' value='1475474'   \/><label for='answer-id-1475474' id='answer-label-1475474' class=' answer'><span>Invoke the incident response plan.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379103[]' id='answer-id-1475475' class='answer   answerof-379103 ' value='1475475'   \/><label for='answer-id-1475475' id='answer-label-1475475' class=' answer'><span>Document the penalties for noncompliance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-379104'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Which of the following is a specific concern related to machine learning algorithms?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='379104' \/><input type='hidden' id='answerType379104' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379104[]' id='answer-id-1475476' class='answer   answerof-379104 ' value='1475476'   \/><label for='answer-id-1475476' id='answer-label-1475476' class=' answer'><span>Low software quality<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379104[]' id='answer-id-1475477' class='answer   answerof-379104 ' value='1475477'   \/><label for='answer-id-1475477' id='answer-label-1475477' class=' answer'><span>Lack of access controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379104[]' id='answer-id-1475478' class='answer   answerof-379104 ' value='1475478'   \/><label for='answer-id-1475478' id='answer-label-1475478' class=' answer'><span>Data breaches<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379104[]' id='answer-id-1475479' class='answer   answerof-379104 ' value='1475479'   \/><label for='answer-id-1475479' id='answer-label-1475479' class=' answer'><span>Data bias<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-379105'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which of the following BEST enables effective risk-based decision making?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='379105' \/><input type='hidden' id='answerType379105' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379105[]' id='answer-id-1475480' class='answer   answerof-379105 ' value='1475480'   \/><label for='answer-id-1475480' id='answer-label-1475480' class=' answer'><span>Performing threat modeling to understand the threat landscape<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379105[]' id='answer-id-1475481' class='answer   answerof-379105 ' value='1475481'   \/><label for='answer-id-1475481' id='answer-label-1475481' class=' answer'><span>Minimizing the number of risk scenarios for risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379105[]' id='answer-id-1475482' class='answer   answerof-379105 ' value='1475482'   \/><label for='answer-id-1475482' id='answer-label-1475482' class=' answer'><span>Aggregating risk scenarios across a key business unit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379105[]' id='answer-id-1475483' class='answer   answerof-379105 ' value='1475483'   \/><label for='answer-id-1475483' id='answer-label-1475483' class=' answer'><span>Ensuring the risk register is updated to reflect changes in risk factors<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-379106'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>When a high number of approved exceptions are observed during a review of a control procedure, an organization should FIRST initiate a review of the:<\/div><input type='hidden' name='question_id[]' id='qID_19' value='379106' \/><input type='hidden' id='answerType379106' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379106[]' id='answer-id-1475484' class='answer   answerof-379106 ' value='1475484'   \/><label for='answer-id-1475484' id='answer-label-1475484' class=' answer'><span>Relevant policies.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379106[]' id='answer-id-1475485' class='answer   answerof-379106 ' value='1475485'   \/><label for='answer-id-1475485' id='answer-label-1475485' class=' answer'><span>Threat landscape.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379106[]' id='answer-id-1475486' class='answer   answerof-379106 ' value='1475486'   \/><label for='answer-id-1475486' id='answer-label-1475486' class=' answer'><span>Awareness program.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379106[]' id='answer-id-1475487' class='answer   answerof-379106 ' value='1475487'   \/><label for='answer-id-1475487' id='answer-label-1475487' class=' answer'><span>Risk heat map.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-379107'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>Which of the following is MOST helpful when determining whether a system security control is effective?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='379107' \/><input type='hidden' id='answerType379107' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379107[]' id='answer-id-1475488' class='answer   answerof-379107 ' value='1475488'   \/><label for='answer-id-1475488' id='answer-label-1475488' class=' answer'><span>Control standard operating procedures<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379107[]' id='answer-id-1475489' class='answer   answerof-379107 ' value='1475489'   \/><label for='answer-id-1475489' id='answer-label-1475489' class=' answer'><span>Latest security assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379107[]' id='answer-id-1475490' class='answer   answerof-379107 ' value='1475490'   \/><label for='answer-id-1475490' id='answer-label-1475490' class=' answer'><span>Current security threat report<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379107[]' id='answer-id-1475491' class='answer   answerof-379107 ' value='1475491'   \/><label for='answer-id-1475491' id='answer-label-1475491' class=' answer'><span>Updated risk register<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-379108'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>Which of the following attributes of a key risk indicator (KRI) is MOST important?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='379108' \/><input type='hidden' id='answerType379108' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379108[]' id='answer-id-1475492' class='answer   answerof-379108 ' value='1475492'   \/><label for='answer-id-1475492' id='answer-label-1475492' class=' answer'><span>Repeatable<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379108[]' id='answer-id-1475493' class='answer   answerof-379108 ' value='1475493'   \/><label for='answer-id-1475493' id='answer-label-1475493' class=' answer'><span>Automated<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379108[]' id='answer-id-1475494' class='answer   answerof-379108 ' value='1475494'   \/><label for='answer-id-1475494' id='answer-label-1475494' class=' answer'><span>Quantitative<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379108[]' id='answer-id-1475495' class='answer   answerof-379108 ' value='1475495'   \/><label for='answer-id-1475495' id='answer-label-1475495' class=' answer'><span>Qualitative<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-379109'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='379109' \/><input type='hidden' id='answerType379109' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379109[]' id='answer-id-1475496' class='answer   answerof-379109 ' value='1475496'   \/><label for='answer-id-1475496' id='answer-label-1475496' class=' answer'><span>Business continuity manager (BCM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379109[]' id='answer-id-1475497' class='answer   answerof-379109 ' value='1475497'   \/><label for='answer-id-1475497' id='answer-label-1475497' class=' answer'><span>Human resources manager (HRM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379109[]' id='answer-id-1475498' class='answer   answerof-379109 ' value='1475498'   \/><label for='answer-id-1475498' id='answer-label-1475498' class=' answer'><span>Chief risk officer (CRO)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379109[]' id='answer-id-1475499' class='answer   answerof-379109 ' value='1475499'   \/><label for='answer-id-1475499' id='answer-label-1475499' class=' answer'><span>Chief information officer (CIO)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-379110'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. <br \/>\r<br>The BEST way to support risk-based decisions by senior management would be to:<\/div><input type='hidden' name='question_id[]' id='qID_23' value='379110' \/><input type='hidden' id='answerType379110' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379110[]' id='answer-id-1475500' class='answer   answerof-379110 ' value='1475500'   \/><label for='answer-id-1475500' id='answer-label-1475500' class=' answer'><span>map findings to objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379110[]' id='answer-id-1475501' class='answer   answerof-379110 ' value='1475501'   \/><label for='answer-id-1475501' id='answer-label-1475501' class=' answer'><span>provide quantified detailed analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379110[]' id='answer-id-1475502' class='answer   answerof-379110 ' value='1475502'   \/><label for='answer-id-1475502' id='answer-label-1475502' class=' answer'><span>recommend risk tolerance thresholds.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379110[]' id='answer-id-1475503' class='answer   answerof-379110 ' value='1475503'   \/><label for='answer-id-1475503' id='answer-label-1475503' class=' answer'><span>quantify key risk indicators (KRls).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-379111'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. <br \/>\r<br>Which of the following is MOST likely to change as a result of this implementation?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='379111' \/><input type='hidden' id='answerType379111' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379111[]' id='answer-id-1475504' class='answer   answerof-379111 ' value='1475504'   \/><label for='answer-id-1475504' id='answer-label-1475504' class=' answer'><span>Risk likelihood<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379111[]' id='answer-id-1475505' class='answer   answerof-379111 ' value='1475505'   \/><label for='answer-id-1475505' id='answer-label-1475505' class=' answer'><span>Risk velocity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379111[]' id='answer-id-1475506' class='answer   answerof-379111 ' value='1475506'   \/><label for='answer-id-1475506' id='answer-label-1475506' class=' answer'><span>Risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379111[]' id='answer-id-1475507' class='answer   answerof-379111 ' value='1475507'   \/><label for='answer-id-1475507' id='answer-label-1475507' class=' answer'><span>Risk impact<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-379112'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>Which of the following is MOST critical when designing controls?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='379112' \/><input type='hidden' id='answerType379112' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379112[]' id='answer-id-1475508' class='answer   answerof-379112 ' value='1475508'   \/><label for='answer-id-1475508' id='answer-label-1475508' class=' answer'><span>Involvement of internal audit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379112[]' id='answer-id-1475509' class='answer   answerof-379112 ' value='1475509'   \/><label for='answer-id-1475509' id='answer-label-1475509' class=' answer'><span>Involvement of process owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379112[]' id='answer-id-1475510' class='answer   answerof-379112 ' value='1475510'   \/><label for='answer-id-1475510' id='answer-label-1475510' class=' answer'><span>Quantitative impact of the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379112[]' id='answer-id-1475511' class='answer   answerof-379112 ' value='1475511'   \/><label for='answer-id-1475511' id='answer-label-1475511' class=' answer'><span>Identification of key risk indicators<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-379113'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='379113' \/><input type='hidden' id='answerType379113' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379113[]' id='answer-id-1475512' class='answer   answerof-379113 ' value='1475512'   \/><label for='answer-id-1475512' id='answer-label-1475512' class=' answer'><span>Number of tickets for provisioning new accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379113[]' id='answer-id-1475513' class='answer   answerof-379113 ' value='1475513'   \/><label for='answer-id-1475513' id='answer-label-1475513' class=' answer'><span>Average time to provision user accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379113[]' id='answer-id-1475514' class='answer   answerof-379113 ' value='1475514'   \/><label for='answer-id-1475514' id='answer-label-1475514' class=' answer'><span>Password reset volume per month<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379113[]' id='answer-id-1475515' class='answer   answerof-379113 ' value='1475515'   \/><label for='answer-id-1475515' id='answer-label-1475515' class=' answer'><span>Average account lockout time<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-379114'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='379114' \/><input type='hidden' id='answerType379114' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379114[]' id='answer-id-1475516' class='answer   answerof-379114 ' value='1475516'   \/><label for='answer-id-1475516' id='answer-label-1475516' class=' answer'><span>Logs and system events<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379114[]' id='answer-id-1475517' class='answer   answerof-379114 ' value='1475517'   \/><label for='answer-id-1475517' id='answer-label-1475517' class=' answer'><span>Intrusion detection system (IDS) rules<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379114[]' id='answer-id-1475518' class='answer   answerof-379114 ' value='1475518'   \/><label for='answer-id-1475518' id='answer-label-1475518' class=' answer'><span>Vulnerability assessment reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379114[]' id='answer-id-1475519' class='answer   answerof-379114 ' value='1475519'   \/><label for='answer-id-1475519' id='answer-label-1475519' class=' answer'><span>Penetration test reports<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-379115'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='379115' \/><input type='hidden' id='answerType379115' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379115[]' id='answer-id-1475520' class='answer   answerof-379115 ' value='1475520'   \/><label for='answer-id-1475520' id='answer-label-1475520' class=' answer'><span>Obtaining logs m an easily readable format<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379115[]' id='answer-id-1475521' class='answer   answerof-379115 ' value='1475521'   \/><label for='answer-id-1475521' id='answer-label-1475521' class=' answer'><span>Providing accurate logs m a timely manner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379115[]' id='answer-id-1475522' class='answer   answerof-379115 ' value='1475522'   \/><label for='answer-id-1475522' id='answer-label-1475522' class=' answer'><span>Collecting logs from the entire set of IT systems<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379115[]' id='answer-id-1475523' class='answer   answerof-379115 ' value='1475523'   \/><label for='answer-id-1475523' id='answer-label-1475523' class=' answer'><span>implementing an automated log analysis tool<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-379116'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>Which of the following is the MOST important outcome of reviewing the risk management process?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='379116' \/><input type='hidden' id='answerType379116' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379116[]' id='answer-id-1475524' class='answer   answerof-379116 ' value='1475524'   \/><label for='answer-id-1475524' id='answer-label-1475524' class=' answer'><span>Assuring the risk profile supports the IT objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379116[]' id='answer-id-1475525' class='answer   answerof-379116 ' value='1475525'   \/><label for='answer-id-1475525' id='answer-label-1475525' class=' answer'><span>Improving the competencies of employees who performed the review<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379116[]' id='answer-id-1475526' class='answer   answerof-379116 ' value='1475526'   \/><label for='answer-id-1475526' id='answer-label-1475526' class=' answer'><span>Determining what changes should be made to IS policies to reduce risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379116[]' id='answer-id-1475527' class='answer   answerof-379116 ' value='1475527'   \/><label for='answer-id-1475527' id='answer-label-1475527' class=' answer'><span>Determining that procedures used in risk assessment are appropriate<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-379117'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='379117' \/><input type='hidden' id='answerType379117' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379117[]' id='answer-id-1475528' class='answer   answerof-379117 ' value='1475528'   \/><label for='answer-id-1475528' id='answer-label-1475528' class=' answer'><span>Better understanding of the risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379117[]' id='answer-id-1475529' class='answer   answerof-379117 ' value='1475529'   \/><label for='answer-id-1475529' id='answer-label-1475529' class=' answer'><span>Improving audit results<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379117[]' id='answer-id-1475530' class='answer   answerof-379117 ' value='1475530'   \/><label for='answer-id-1475530' id='answer-label-1475530' class=' answer'><span>Enabling risk-based decision making<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379117[]' id='answer-id-1475531' class='answer   answerof-379117 ' value='1475531'   \/><label for='answer-id-1475531' id='answer-label-1475531' class=' answer'><span>Increasing process control efficiencies<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-379118'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>Which of the following is the BEST method to identify unnecessary controls?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='379118' \/><input type='hidden' id='answerType379118' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379118[]' id='answer-id-1475532' class='answer   answerof-379118 ' value='1475532'   \/><label for='answer-id-1475532' id='answer-label-1475532' class=' answer'><span>Evaluating the impact of removing existing controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379118[]' id='answer-id-1475533' class='answer   answerof-379118 ' value='1475533'   \/><label for='answer-id-1475533' id='answer-label-1475533' class=' answer'><span>Evaluating existing controls against audit requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379118[]' id='answer-id-1475534' class='answer   answerof-379118 ' value='1475534'   \/><label for='answer-id-1475534' id='answer-label-1475534' class=' answer'><span>Reviewing system functionalities associated with business processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379118[]' id='answer-id-1475535' class='answer   answerof-379118 ' value='1475535'   \/><label for='answer-id-1475535' id='answer-label-1475535' class=' answer'><span>Monitoring existing key risk indicators (KRIs)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-379119'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>What is the BEST information to present to business control owners when justifying costs related to controls?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='379119' \/><input type='hidden' id='answerType379119' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379119[]' id='answer-id-1475536' class='answer   answerof-379119 ' value='1475536'   \/><label for='answer-id-1475536' id='answer-label-1475536' class=' answer'><span>Loss event frequency and magnitude<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379119[]' id='answer-id-1475537' class='answer   answerof-379119 ' value='1475537'   \/><label for='answer-id-1475537' id='answer-label-1475537' class=' answer'><span>The previous year's budget and actuals<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379119[]' id='answer-id-1475538' class='answer   answerof-379119 ' value='1475538'   \/><label for='answer-id-1475538' id='answer-label-1475538' class=' answer'><span>Industry benchmarks and standards<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379119[]' id='answer-id-1475539' class='answer   answerof-379119 ' value='1475539'   \/><label for='answer-id-1475539' id='answer-label-1475539' class=' answer'><span>Return on IT security-related investments<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-379120'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. <br \/>\r<br>Which of the following would be MOST impacted?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='379120' \/><input type='hidden' id='answerType379120' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379120[]' id='answer-id-1475540' class='answer   answerof-379120 ' value='1475540'   \/><label for='answer-id-1475540' id='answer-label-1475540' class=' answer'><span>Key risk indicators (KRls)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379120[]' id='answer-id-1475541' class='answer   answerof-379120 ' value='1475541'   \/><label for='answer-id-1475541' id='answer-label-1475541' class=' answer'><span>Inherent risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379120[]' id='answer-id-1475542' class='answer   answerof-379120 ' value='1475542'   \/><label for='answer-id-1475542' id='answer-label-1475542' class=' answer'><span>Residual risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379120[]' id='answer-id-1475543' class='answer   answerof-379120 ' value='1475543'   \/><label for='answer-id-1475543' id='answer-label-1475543' class=' answer'><span>Risk appetite<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-379121'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches. <br \/>\r<br>Which of the following elements of the risk register is MOST important to update to reflect this change?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='379121' \/><input type='hidden' id='answerType379121' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379121[]' id='answer-id-1475544' class='answer   answerof-379121 ' value='1475544'   \/><label for='answer-id-1475544' id='answer-label-1475544' class=' answer'><span>Risk impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379121[]' id='answer-id-1475545' class='answer   answerof-379121 ' value='1475545'   \/><label for='answer-id-1475545' id='answer-label-1475545' class=' answer'><span>Risk trend<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379121[]' id='answer-id-1475546' class='answer   answerof-379121 ' value='1475546'   \/><label for='answer-id-1475546' id='answer-label-1475546' class=' answer'><span>Risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379121[]' id='answer-id-1475547' class='answer   answerof-379121 ' value='1475547'   \/><label for='answer-id-1475547' id='answer-label-1475547' class=' answer'><span>Risk likelihood<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-379122'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>Which of the following is the MOST important benefit of key risk indicators (KRIs)'<\/div><input type='hidden' name='question_id[]' id='qID_35' value='379122' \/><input type='hidden' id='answerType379122' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379122[]' id='answer-id-1475548' class='answer   answerof-379122 ' value='1475548'   \/><label for='answer-id-1475548' id='answer-label-1475548' class=' answer'><span>Assisting in continually optimizing risk governance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379122[]' id='answer-id-1475549' class='answer   answerof-379122 ' value='1475549'   \/><label for='answer-id-1475549' id='answer-label-1475549' class=' answer'><span>Enabling the documentation and analysis of trends<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379122[]' id='answer-id-1475550' class='answer   answerof-379122 ' value='1475550'   \/><label for='answer-id-1475550' id='answer-label-1475550' class=' answer'><span>Ensuring compliance with regulatory requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379122[]' id='answer-id-1475551' class='answer   answerof-379122 ' value='1475551'   \/><label for='answer-id-1475551' id='answer-label-1475551' class=' answer'><span>Providing an early warning to take proactive actions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-379123'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>IT risk assessments can BEST be used by management:<\/div><input type='hidden' name='question_id[]' id='qID_36' value='379123' \/><input type='hidden' id='answerType379123' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379123[]' id='answer-id-1475552' class='answer   answerof-379123 ' value='1475552'   \/><label for='answer-id-1475552' id='answer-label-1475552' class=' answer'><span>for compliance with laws and regulations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379123[]' id='answer-id-1475553' class='answer   answerof-379123 ' value='1475553'   \/><label for='answer-id-1475553' id='answer-label-1475553' class=' answer'><span>as a basis for cost-benefit analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379123[]' id='answer-id-1475554' class='answer   answerof-379123 ' value='1475554'   \/><label for='answer-id-1475554' id='answer-label-1475554' class=' answer'><span>as input for decision-making<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379123[]' id='answer-id-1475555' class='answer   answerof-379123 ' value='1475555'   \/><label for='answer-id-1475555' id='answer-label-1475555' class=' answer'><span>to measure organizational success.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-379124'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. <br \/>\r<br>Who should have the authority to accept the associated risk?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='379124' \/><input type='hidden' id='answerType379124' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379124[]' id='answer-id-1475556' class='answer   answerof-379124 ' value='1475556'   \/><label for='answer-id-1475556' id='answer-label-1475556' class=' answer'><span>Business continuity director<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379124[]' id='answer-id-1475557' class='answer   answerof-379124 ' value='1475557'   \/><label for='answer-id-1475557' id='answer-label-1475557' class=' answer'><span>Disaster recovery manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379124[]' id='answer-id-1475558' class='answer   answerof-379124 ' value='1475558'   \/><label for='answer-id-1475558' id='answer-label-1475558' class=' answer'><span>Business application owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379124[]' id='answer-id-1475559' class='answer   answerof-379124 ' value='1475559'   \/><label for='answer-id-1475559' id='answer-label-1475559' class=' answer'><span>Data center manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-379125'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>Which of the following will BEST quantify the risk associated with malicious users in an organization?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='379125' \/><input type='hidden' id='answerType379125' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379125[]' id='answer-id-1475560' class='answer   answerof-379125 ' value='1475560'   \/><label for='answer-id-1475560' id='answer-label-1475560' class=' answer'><span>Business impact analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379125[]' id='answer-id-1475561' class='answer   answerof-379125 ' value='1475561'   \/><label for='answer-id-1475561' id='answer-label-1475561' class=' answer'><span>Risk analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379125[]' id='answer-id-1475562' class='answer   answerof-379125 ' value='1475562'   \/><label for='answer-id-1475562' id='answer-label-1475562' class=' answer'><span>Threat risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379125[]' id='answer-id-1475563' class='answer   answerof-379125 ' value='1475563'   \/><label for='answer-id-1475563' id='answer-label-1475563' class=' answer'><span>Vulnerability assessment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-379126'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>Which of the following is the MOST important element of a successful risk awareness training program?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='379126' \/><input type='hidden' id='answerType379126' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379126[]' id='answer-id-1475564' class='answer   answerof-379126 ' value='1475564'   \/><label for='answer-id-1475564' id='answer-label-1475564' class=' answer'><span>Customizing content for the audience<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379126[]' id='answer-id-1475565' class='answer   answerof-379126 ' value='1475565'   \/><label for='answer-id-1475565' id='answer-label-1475565' class=' answer'><span>Providing incentives to participants<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379126[]' id='answer-id-1475566' class='answer   answerof-379126 ' value='1475566'   \/><label for='answer-id-1475566' id='answer-label-1475566' class=' answer'><span>Mapping to a recognized standard<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379126[]' id='answer-id-1475567' class='answer   answerof-379126 ' value='1475567'   \/><label for='answer-id-1475567' id='answer-label-1475567' class=' answer'><span>Providing metrics for measurement<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-379127'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>Whether the results of risk analyses should be presented in quantitative or qualitative terms should be based PRIMARILY on the:<\/div><input type='hidden' name='question_id[]' id='qID_40' value='379127' \/><input type='hidden' id='answerType379127' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379127[]' id='answer-id-1475568' class='answer   answerof-379127 ' value='1475568'   \/><label for='answer-id-1475568' id='answer-label-1475568' class=' answer'><span>requirements of management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379127[]' id='answer-id-1475569' class='answer   answerof-379127 ' value='1475569'   \/><label for='answer-id-1475569' id='answer-label-1475569' class=' answer'><span>specific risk analysis framework being used.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379127[]' id='answer-id-1475570' class='answer   answerof-379127 ' value='1475570'   \/><label for='answer-id-1475570' id='answer-label-1475570' class=' answer'><span>organizational risk tolerance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379127[]' id='answer-id-1475571' class='answer   answerof-379127 ' value='1475571'   \/><label for='answer-id-1475571' id='answer-label-1475571' class=' answer'><span>results of the risk assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-379128'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. <br \/>\r<br>The risk should be owned by the:<\/div><input type='hidden' name='question_id[]' id='qID_41' value='379128' \/><input type='hidden' id='answerType379128' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379128[]' id='answer-id-1475572' class='answer   answerof-379128 ' value='1475572'   \/><label for='answer-id-1475572' id='answer-label-1475572' class=' answer'><span>chief risk officer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379128[]' id='answer-id-1475573' class='answer   answerof-379128 ' value='1475573'   \/><label for='answer-id-1475573' id='answer-label-1475573' class=' answer'><span>project manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379128[]' id='answer-id-1475574' class='answer   answerof-379128 ' value='1475574'   \/><label for='answer-id-1475574' id='answer-label-1475574' class=' answer'><span>chief information officer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379128[]' id='answer-id-1475575' class='answer   answerof-379128 ' value='1475575'   \/><label for='answer-id-1475575' id='answer-label-1475575' class=' answer'><span>business process owner.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-379129'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>Which of the following would BEST help to ensure that suspicious network activity is identified?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='379129' \/><input type='hidden' id='answerType379129' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379129[]' id='answer-id-1475576' class='answer   answerof-379129 ' value='1475576'   \/><label for='answer-id-1475576' id='answer-label-1475576' class=' answer'><span>Analyzing intrusion detection system (IDS) logs<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379129[]' id='answer-id-1475577' class='answer   answerof-379129 ' value='1475577'   \/><label for='answer-id-1475577' id='answer-label-1475577' class=' answer'><span>Analyzing server logs<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379129[]' id='answer-id-1475578' class='answer   answerof-379129 ' value='1475578'   \/><label for='answer-id-1475578' id='answer-label-1475578' class=' answer'><span>Using a third-party monitoring provider<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379129[]' id='answer-id-1475579' class='answer   answerof-379129 ' value='1475579'   \/><label for='answer-id-1475579' id='answer-label-1475579' class=' answer'><span>Coordinating events with appropriate agencies<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-379130'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>Which of the following would BEST help minimize the risk associated with social engineering threats?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='379130' \/><input type='hidden' id='answerType379130' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379130[]' id='answer-id-1475580' class='answer   answerof-379130 ' value='1475580'   \/><label for='answer-id-1475580' id='answer-label-1475580' class=' answer'><span>Enforcing employees\u2019 sanctions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379130[]' id='answer-id-1475581' class='answer   answerof-379130 ' value='1475581'   \/><label for='answer-id-1475581' id='answer-label-1475581' class=' answer'><span>Conducting phishing exercises<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379130[]' id='answer-id-1475582' class='answer   answerof-379130 ' value='1475582'   \/><label for='answer-id-1475582' id='answer-label-1475582' class=' answer'><span>Enforcing segregation of dunes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379130[]' id='answer-id-1475583' class='answer   answerof-379130 ' value='1475583'   \/><label for='answer-id-1475583' id='answer-label-1475583' class=' answer'><span>Reviewing the organization's risk appetite<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-379131'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='379131' \/><input type='hidden' id='answerType379131' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379131[]' id='answer-id-1475584' class='answer   answerof-379131 ' value='1475584'   \/><label for='answer-id-1475584' id='answer-label-1475584' class=' answer'><span>Ensuring availability of resources for log analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379131[]' id='answer-id-1475585' class='answer   answerof-379131 ' value='1475585'   \/><label for='answer-id-1475585' id='answer-label-1475585' class=' answer'><span>Implementing log analysis tools to automate controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379131[]' id='answer-id-1475586' class='answer   answerof-379131 ' value='1475586'   \/><label for='answer-id-1475586' id='answer-label-1475586' class=' answer'><span>Ensuring the control is proportional to the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379131[]' id='answer-id-1475587' class='answer   answerof-379131 ' value='1475587'   \/><label for='answer-id-1475587' id='answer-label-1475587' class=' answer'><span>Building correlations between logs collected from different sources<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-379132'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>Risk mitigation procedures should include:<\/div><input type='hidden' name='question_id[]' id='qID_45' value='379132' \/><input type='hidden' id='answerType379132' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379132[]' id='answer-id-1475588' class='answer   answerof-379132 ' value='1475588'   \/><label for='answer-id-1475588' id='answer-label-1475588' class=' answer'><span>buying an insurance policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379132[]' id='answer-id-1475589' class='answer   answerof-379132 ' value='1475589'   \/><label for='answer-id-1475589' id='answer-label-1475589' class=' answer'><span>acceptance of exposures<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379132[]' id='answer-id-1475590' class='answer   answerof-379132 ' value='1475590'   \/><label for='answer-id-1475590' id='answer-label-1475590' class=' answer'><span>deployment of counter measures.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379132[]' id='answer-id-1475591' class='answer   answerof-379132 ' value='1475591'   \/><label for='answer-id-1475591' id='answer-label-1475591' class=' answer'><span>enterprise architecture implementation.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-379133'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?<\/div><input type='hidden' name='question_id[]' id='qID_46' value='379133' \/><input type='hidden' id='answerType379133' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379133[]' id='answer-id-1475592' class='answer   answerof-379133 ' value='1475592'   \/><label for='answer-id-1475592' id='answer-label-1475592' class=' answer'><span>A control self-assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379133[]' id='answer-id-1475593' class='answer   answerof-379133 ' value='1475593'   \/><label for='answer-id-1475593' id='answer-label-1475593' class=' answer'><span>A third-party security assessment report<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379133[]' id='answer-id-1475594' class='answer   answerof-379133 ' value='1475594'   \/><label for='answer-id-1475594' id='answer-label-1475594' class=' answer'><span>Internal audit reports from the vendor<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379133[]' id='answer-id-1475595' class='answer   answerof-379133 ' value='1475595'   \/><label for='answer-id-1475595' id='answer-label-1475595' class=' answer'><span>Service level agreement monitoring<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-379134'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>Improvements in the design and implementation of a control will MOST likely result in an update to:<\/div><input type='hidden' name='question_id[]' id='qID_47' value='379134' \/><input type='hidden' id='answerType379134' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379134[]' id='answer-id-1475596' class='answer   answerof-379134 ' value='1475596'   \/><label for='answer-id-1475596' id='answer-label-1475596' class=' answer'><span>inherent risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379134[]' id='answer-id-1475597' class='answer   answerof-379134 ' value='1475597'   \/><label for='answer-id-1475597' id='answer-label-1475597' class=' answer'><span>residual risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379134[]' id='answer-id-1475598' class='answer   answerof-379134 ' value='1475598'   \/><label for='answer-id-1475598' id='answer-label-1475598' class=' answer'><span>risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379134[]' id='answer-id-1475599' class='answer   answerof-379134 ' value='1475599'   \/><label for='answer-id-1475599' id='answer-label-1475599' class=' answer'><span>risk tolerance<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-379135'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>A risk practitioner has determined that a key control does not meet design expectations. <br \/>\r<br>Which of the following should be done NEXT?<\/div><input type='hidden' name='question_id[]' id='qID_48' value='379135' \/><input type='hidden' id='answerType379135' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379135[]' id='answer-id-1475600' class='answer   answerof-379135 ' value='1475600'   \/><label for='answer-id-1475600' id='answer-label-1475600' class=' answer'><span>Document the finding in the risk register.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379135[]' id='answer-id-1475601' class='answer   answerof-379135 ' value='1475601'   \/><label for='answer-id-1475601' id='answer-label-1475601' class=' answer'><span>Invoke the incident response plan.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379135[]' id='answer-id-1475602' class='answer   answerof-379135 ' value='1475602'   \/><label for='answer-id-1475602' id='answer-label-1475602' class=' answer'><span>Re-evaluate key risk indicators.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379135[]' id='answer-id-1475603' class='answer   answerof-379135 ' value='1475603'   \/><label for='answer-id-1475603' id='answer-label-1475603' class=' answer'><span>Modify the design of the control.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-379136'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?<\/div><input type='hidden' name='question_id[]' id='qID_49' value='379136' \/><input type='hidden' id='answerType379136' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379136[]' id='answer-id-1475604' class='answer   answerof-379136 ' value='1475604'   \/><label for='answer-id-1475604' id='answer-label-1475604' class=' answer'><span>Identification of controls gaps that may lead to noncompliance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379136[]' id='answer-id-1475605' class='answer   answerof-379136 ' value='1475605'   \/><label for='answer-id-1475605' id='answer-label-1475605' class=' answer'><span>Prioritization of risk action plans across departments<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379136[]' id='answer-id-1475606' class='answer   answerof-379136 ' value='1475606'   \/><label for='answer-id-1475606' id='answer-label-1475606' class=' answer'><span>Early detection of emerging threats<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379136[]' id='answer-id-1475607' class='answer   answerof-379136 ' value='1475607'   \/><label for='answer-id-1475607' id='answer-label-1475607' class=' answer'><span>Accurate measurement of loss impact<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-379137'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='379137' \/><input type='hidden' id='answerType379137' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379137[]' id='answer-id-1475608' class='answer   answerof-379137 ' value='1475608'   \/><label for='answer-id-1475608' id='answer-label-1475608' class=' answer'><span>Sensitivity analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379137[]' id='answer-id-1475609' class='answer   answerof-379137 ' value='1475609'   \/><label for='answer-id-1475609' id='answer-label-1475609' class=' answer'><span>Level of residual risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379137[]' id='answer-id-1475610' class='answer   answerof-379137 ' value='1475610'   \/><label for='answer-id-1475610' id='answer-label-1475610' class=' answer'><span>Cost-benefit analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379137[]' id='answer-id-1475611' class='answer   answerof-379137 ' value='1475611'   \/><label for='answer-id-1475611' id='answer-label-1475611' class=' answer'><span>Risk appetite<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-379138'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>Which of the following would BEST provide early warning of a high-risk condition?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='379138' \/><input type='hidden' id='answerType379138' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379138[]' id='answer-id-1475612' class='answer   answerof-379138 ' value='1475612'   \/><label for='answer-id-1475612' id='answer-label-1475612' class=' answer'><span>Risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379138[]' id='answer-id-1475613' class='answer   answerof-379138 ' value='1475613'   \/><label for='answer-id-1475613' id='answer-label-1475613' class=' answer'><span>Risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379138[]' id='answer-id-1475614' class='answer   answerof-379138 ' value='1475614'   \/><label for='answer-id-1475614' id='answer-label-1475614' class=' answer'><span>Key risk indicator (KRI)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379138[]' id='answer-id-1475615' class='answer   answerof-379138 ' value='1475615'   \/><label for='answer-id-1475615' id='answer-label-1475615' class=' answer'><span>Key performance indicator (KPI)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-379139'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>From a business perspective, which of the following is the MOST important objective of a disaster recovery test?<\/div><input type='hidden' name='question_id[]' id='qID_52' value='379139' \/><input type='hidden' id='answerType379139' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379139[]' id='answer-id-1475616' class='answer   answerof-379139 ' value='1475616'   \/><label for='answer-id-1475616' id='answer-label-1475616' class=' answer'><span>The organization gains assurance it can recover from a disaster<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379139[]' id='answer-id-1475617' class='answer   answerof-379139 ' value='1475617'   \/><label for='answer-id-1475617' id='answer-label-1475617' class=' answer'><span>Errors are discovered in the disaster recovery process.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379139[]' id='answer-id-1475618' class='answer   answerof-379139 ' value='1475618'   \/><label for='answer-id-1475618' id='answer-label-1475618' class=' answer'><span>All business-critical systems are successfully tested.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379139[]' id='answer-id-1475619' class='answer   answerof-379139 ' value='1475619'   \/><label for='answer-id-1475619' id='answer-label-1475619' class=' answer'><span>All critical data is recovered within recovery time objectives (RTOs).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-379140'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>Which of the following is MOST important to understand when determining an appropriate risk assessment approach?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='379140' \/><input type='hidden' id='answerType379140' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379140[]' id='answer-id-1475620' class='answer   answerof-379140 ' value='1475620'   \/><label for='answer-id-1475620' id='answer-label-1475620' class=' answer'><span>Complexity of the IT infrastructure<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379140[]' id='answer-id-1475621' class='answer   answerof-379140 ' value='1475621'   \/><label for='answer-id-1475621' id='answer-label-1475621' class=' answer'><span>Value of information assets<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379140[]' id='answer-id-1475622' class='answer   answerof-379140 ' value='1475622'   \/><label for='answer-id-1475622' id='answer-label-1475622' class=' answer'><span>Management culture<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379140[]' id='answer-id-1475623' class='answer   answerof-379140 ' value='1475623'   \/><label for='answer-id-1475623' id='answer-label-1475623' class=' answer'><span>Threats and vulnerabilities<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-379141'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization. <br \/>\r<br>Which of the following in the MOST important topic to cover in this training?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='379141' \/><input type='hidden' id='answerType379141' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379141[]' id='answer-id-1475624' class='answer   answerof-379141 ' value='1475624'   \/><label for='answer-id-1475624' id='answer-label-1475624' class=' answer'><span>Applying risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379141[]' id='answer-id-1475625' class='answer   answerof-379141 ' value='1475625'   \/><label for='answer-id-1475625' id='answer-label-1475625' class=' answer'><span>Applying risk factors<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379141[]' id='answer-id-1475626' class='answer   answerof-379141 ' value='1475626'   \/><label for='answer-id-1475626' id='answer-label-1475626' class=' answer'><span>Referencing risk event data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379141[]' id='answer-id-1475627' class='answer   answerof-379141 ' value='1475627'   \/><label for='answer-id-1475627' id='answer-label-1475627' class=' answer'><span>Understanding risk culture<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-379142'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. <br \/>\r<br>The overall control environment may still be effective if:<\/div><input type='hidden' name='question_id[]' id='qID_55' value='379142' \/><input type='hidden' id='answerType379142' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379142[]' id='answer-id-1475628' class='answer   answerof-379142 ' value='1475628'   \/><label for='answer-id-1475628' id='answer-label-1475628' class=' answer'><span>compensating controls are in place.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379142[]' id='answer-id-1475629' class='answer   answerof-379142 ' value='1475629'   \/><label for='answer-id-1475629' id='answer-label-1475629' class=' answer'><span>a control mitigation plan is in place.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379142[]' id='answer-id-1475630' class='answer   answerof-379142 ' value='1475630'   \/><label for='answer-id-1475630' id='answer-label-1475630' class=' answer'><span>risk management is effective.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379142[]' id='answer-id-1475631' class='answer   answerof-379142 ' value='1475631'   \/><label for='answer-id-1475631' id='answer-label-1475631' class=' answer'><span>residual risk is accepted.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-56' style=';'><div id='questionWrap-56'  class='   watupro-question-id-379143'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>56. <\/span>An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. <br \/>\r<br>Of the following, who should be notified of this new information FIRST.<\/div><input type='hidden' name='question_id[]' id='qID_56' value='379143' \/><input type='hidden' id='answerType379143' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379143[]' id='answer-id-1475632' class='answer   answerof-379143 ' value='1475632'   \/><label for='answer-id-1475632' id='answer-label-1475632' class=' answer'><span>The risk owner who also owns the business service enabled by this infrastructure<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379143[]' id='answer-id-1475633' class='answer   answerof-379143 ' value='1475633'   \/><label for='answer-id-1475633' id='answer-label-1475633' class=' answer'><span>The data center manager who is also employed under the managed hosting services contract<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379143[]' id='answer-id-1475634' class='answer   answerof-379143 ' value='1475634'   \/><label for='answer-id-1475634' id='answer-label-1475634' class=' answer'><span>The site manager who is required to provide annual risk assessments under the contract<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379143[]' id='answer-id-1475635' class='answer   answerof-379143 ' value='1475635'   \/><label for='answer-id-1475635' id='answer-label-1475635' class=' answer'><span>The chief information officer (CIO) who is responsible for the hosted services<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-57' style=';'><div id='questionWrap-57'  class='   watupro-question-id-379144'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>57. <\/span>Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?<\/div><input type='hidden' name='question_id[]' id='qID_57' value='379144' \/><input type='hidden' id='answerType379144' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379144[]' id='answer-id-1475636' class='answer   answerof-379144 ' value='1475636'   \/><label for='answer-id-1475636' id='answer-label-1475636' class=' answer'><span>Increase in the frequency of changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379144[]' id='answer-id-1475637' class='answer   answerof-379144 ' value='1475637'   \/><label for='answer-id-1475637' id='answer-label-1475637' class=' answer'><span>Percent of unauthorized changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379144[]' id='answer-id-1475638' class='answer   answerof-379144 ' value='1475638'   \/><label for='answer-id-1475638' id='answer-label-1475638' class=' answer'><span>Increase in the number of emergency changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379144[]' id='answer-id-1475639' class='answer   answerof-379144 ' value='1475639'   \/><label for='answer-id-1475639' id='answer-label-1475639' class=' answer'><span>Average time to complete changes<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-58' style=';'><div id='questionWrap-58'  class='   watupro-question-id-379145'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>58. <\/span>Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?<\/div><input type='hidden' name='question_id[]' id='qID_58' value='379145' \/><input type='hidden' id='answerType379145' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379145[]' id='answer-id-1475640' class='answer   answerof-379145 ' value='1475640'   \/><label for='answer-id-1475640' id='answer-label-1475640' class=' answer'><span>Encrypted storage of data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379145[]' id='answer-id-1475641' class='answer   answerof-379145 ' value='1475641'   \/><label for='answer-id-1475641' id='answer-label-1475641' class=' answer'><span>Links to source data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379145[]' id='answer-id-1475642' class='answer   answerof-379145 ' value='1475642'   \/><label for='answer-id-1475642' id='answer-label-1475642' class=' answer'><span>Audit trails for updates and deletions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379145[]' id='answer-id-1475643' class='answer   answerof-379145 ' value='1475643'   \/><label for='answer-id-1475643' id='answer-label-1475643' class=' answer'><span>Check totals on data records and data fields<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-59' style=';'><div id='questionWrap-59'  class='   watupro-question-id-379146'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>59. <\/span>A risk practitioner is organizing risk awareness training for senior management. <br \/>\r<br>Which of the following is the MOST important topic to cover in the training session?<\/div><input type='hidden' name='question_id[]' id='qID_59' value='379146' \/><input type='hidden' id='answerType379146' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379146[]' id='answer-id-1475644' class='answer   answerof-379146 ' value='1475644'   \/><label for='answer-id-1475644' id='answer-label-1475644' class=' answer'><span>The organization's strategic risk management projects<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379146[]' id='answer-id-1475645' class='answer   answerof-379146 ' value='1475645'   \/><label for='answer-id-1475645' id='answer-label-1475645' class=' answer'><span>Senior management roles and responsibilities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379146[]' id='answer-id-1475646' class='answer   answerof-379146 ' value='1475646'   \/><label for='answer-id-1475646' id='answer-label-1475646' class=' answer'><span>The organizations risk appetite and tolerance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379146[]' id='answer-id-1475647' class='answer   answerof-379146 ' value='1475647'   \/><label for='answer-id-1475647' id='answer-label-1475647' class=' answer'><span>Senior management allocation of risk management resources<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-60' style=';'><div id='questionWrap-60'  class='   watupro-question-id-379147'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>60. <\/span>An organization wants to assess the maturity of its internal control environment. The FIRST step should be to:<\/div><input type='hidden' name='question_id[]' id='qID_60' value='379147' \/><input type='hidden' id='answerType379147' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379147[]' id='answer-id-1475648' class='answer   answerof-379147 ' value='1475648'   \/><label for='answer-id-1475648' id='answer-label-1475648' class=' answer'><span>validate control process execution.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379147[]' id='answer-id-1475649' class='answer   answerof-379147 ' value='1475649'   \/><label for='answer-id-1475649' id='answer-label-1475649' class=' answer'><span>determine if controls are effective.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379147[]' id='answer-id-1475650' class='answer   answerof-379147 ' value='1475650'   \/><label for='answer-id-1475650' id='answer-label-1475650' class=' answer'><span>identify key process owners.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379147[]' id='answer-id-1475651' class='answer   answerof-379147 ' value='1475651'   \/><label for='answer-id-1475651' id='answer-label-1475651' class=' answer'><span>conduct a baseline assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-61' style=';'><div id='questionWrap-61'  class='   watupro-question-id-379148'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>61. <\/span>An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. <br \/>\r<br>The risk practitioner should report to management that the risk has been:<\/div><input type='hidden' name='question_id[]' id='qID_61' value='379148' \/><input type='hidden' id='answerType379148' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379148[]' id='answer-id-1475652' class='answer   answerof-379148 ' value='1475652'   \/><label for='answer-id-1475652' id='answer-label-1475652' class=' answer'><span>transferred<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379148[]' id='answer-id-1475653' class='answer   answerof-379148 ' value='1475653'   \/><label for='answer-id-1475653' id='answer-label-1475653' class=' answer'><span>mitigated.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379148[]' id='answer-id-1475654' class='answer   answerof-379148 ' value='1475654'   \/><label for='answer-id-1475654' id='answer-label-1475654' class=' answer'><span>accepted<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379148[]' id='answer-id-1475655' class='answer   answerof-379148 ' value='1475655'   \/><label for='answer-id-1475655' id='answer-label-1475655' class=' answer'><span>avoided<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-62' style=';'><div id='questionWrap-62'  class='   watupro-question-id-379149'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>62. <\/span>Which of the following will BEST mitigate the risk associated with IT and business misalignment?<\/div><input type='hidden' name='question_id[]' id='qID_62' value='379149' \/><input type='hidden' id='answerType379149' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379149[]' id='answer-id-1475656' class='answer   answerof-379149 ' value='1475656'   \/><label for='answer-id-1475656' id='answer-label-1475656' class=' answer'><span>Establishing business key performance indicators (KPIs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379149[]' id='answer-id-1475657' class='answer   answerof-379149 ' value='1475657'   \/><label for='answer-id-1475657' id='answer-label-1475657' class=' answer'><span>Introducing an established framework for IT architecture<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379149[]' id='answer-id-1475658' class='answer   answerof-379149 ' value='1475658'   \/><label for='answer-id-1475658' id='answer-label-1475658' class=' answer'><span>Establishing key risk indicators (KRIs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379149[]' id='answer-id-1475659' class='answer   answerof-379149 ' value='1475659'   \/><label for='answer-id-1475659' id='answer-label-1475659' class=' answer'><span>Involving the business process owner in IT strategy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-63' style=';'><div id='questionWrap-63'  class='   watupro-question-id-379150'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>63. <\/span>A trusted third-party service provider has determined that the risk of a client's systems being hacked is low. <br \/>\r<br>Which of the following would be the client's BEST course of action?<\/div><input type='hidden' name='question_id[]' id='qID_63' value='379150' \/><input type='hidden' id='answerType379150' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379150[]' id='answer-id-1475660' class='answer   answerof-379150 ' value='1475660'   \/><label for='answer-id-1475660' id='answer-label-1475660' class=' answer'><span>Perform their own risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379150[]' id='answer-id-1475661' class='answer   answerof-379150 ' value='1475661'   \/><label for='answer-id-1475661' id='answer-label-1475661' class=' answer'><span>Implement additional controls to address the risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379150[]' id='answer-id-1475662' class='answer   answerof-379150 ' value='1475662'   \/><label for='answer-id-1475662' id='answer-label-1475662' class=' answer'><span>Accept the risk based on the third party's risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379150[]' id='answer-id-1475663' class='answer   answerof-379150 ' value='1475663'   \/><label for='answer-id-1475663' id='answer-label-1475663' class=' answer'><span>Perform an independent audit of the third party.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-64' style=';'><div id='questionWrap-64'  class='   watupro-question-id-379151'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>64. <\/span>The MAIN purpose of conducting a control self-assessment (CSA) is to:<\/div><input type='hidden' name='question_id[]' id='qID_64' value='379151' \/><input type='hidden' id='answerType379151' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379151[]' id='answer-id-1475664' class='answer   answerof-379151 ' value='1475664'   \/><label for='answer-id-1475664' id='answer-label-1475664' class=' answer'><span>gain a better understanding of the control effectiveness in the organization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379151[]' id='answer-id-1475665' class='answer   answerof-379151 ' value='1475665'   \/><label for='answer-id-1475665' id='answer-label-1475665' class=' answer'><span>gain a better understanding of the risk in the organization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379151[]' id='answer-id-1475666' class='answer   answerof-379151 ' value='1475666'   \/><label for='answer-id-1475666' id='answer-label-1475666' class=' answer'><span>adjust the controls prior to an external audit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379151[]' id='answer-id-1475667' class='answer   answerof-379151 ' value='1475667'   \/><label for='answer-id-1475667' id='answer-label-1475667' class=' answer'><span>reduce the dependency on external audits<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-65' style=';'><div id='questionWrap-65'  class='   watupro-question-id-379152'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>65. <\/span>The acceptance of control costs that exceed risk exposure is MOST likely an example of:<\/div><input type='hidden' name='question_id[]' id='qID_65' value='379152' \/><input type='hidden' id='answerType379152' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379152[]' id='answer-id-1475668' class='answer   answerof-379152 ' value='1475668'   \/><label for='answer-id-1475668' id='answer-label-1475668' class=' answer'><span>low risk tolerance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379152[]' id='answer-id-1475669' class='answer   answerof-379152 ' value='1475669'   \/><label for='answer-id-1475669' id='answer-label-1475669' class=' answer'><span>corporate culture misalignment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379152[]' id='answer-id-1475670' class='answer   answerof-379152 ' value='1475670'   \/><label for='answer-id-1475670' id='answer-label-1475670' class=' answer'><span>corporate culture alignment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379152[]' id='answer-id-1475671' class='answer   answerof-379152 ' value='1475671'   \/><label for='answer-id-1475671' id='answer-label-1475671' class=' answer'><span>high risk tolerance<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-66' style=';'><div id='questionWrap-66'  class='   watupro-question-id-379153'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>66. <\/span>Who is the MOST appropriate owner for newly identified IT risk?<\/div><input type='hidden' name='question_id[]' id='qID_66' value='379153' \/><input type='hidden' id='answerType379153' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379153[]' id='answer-id-1475672' class='answer   answerof-379153 ' value='1475672'   \/><label for='answer-id-1475672' id='answer-label-1475672' class=' answer'><span>The manager responsible for IT operations that will support the risk mitigation efforts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379153[]' id='answer-id-1475673' class='answer   answerof-379153 ' value='1475673'   \/><label for='answer-id-1475673' id='answer-label-1475673' class=' answer'><span>The individual with authority to commit organizational resources to mitigate the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379153[]' id='answer-id-1475674' class='answer   answerof-379153 ' value='1475674'   \/><label for='answer-id-1475674' id='answer-label-1475674' class=' answer'><span>A project manager capable of prioritizing the risk remediation efforts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379153[]' id='answer-id-1475675' class='answer   answerof-379153 ' value='1475675'   \/><label for='answer-id-1475675' id='answer-label-1475675' class=' answer'><span>The individual with the most IT risk-related subject matter knowledge<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-67' style=';'><div id='questionWrap-67'  class='   watupro-question-id-379154'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>67. <\/span>Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?<\/div><input type='hidden' name='question_id[]' id='qID_67' value='379154' \/><input type='hidden' id='answerType379154' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379154[]' id='answer-id-1475676' class='answer   answerof-379154 ' value='1475676'   \/><label for='answer-id-1475676' id='answer-label-1475676' class=' answer'><span>Testing the transmission of credit card numbers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379154[]' id='answer-id-1475677' class='answer   answerof-379154 ' value='1475677'   \/><label for='answer-id-1475677' id='answer-label-1475677' class=' answer'><span>Reviewing logs for unauthorized data transfers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379154[]' id='answer-id-1475678' class='answer   answerof-379154 ' value='1475678'   \/><label for='answer-id-1475678' id='answer-label-1475678' class=' answer'><span>Configuring the DLP control to block credit card numbers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379154[]' id='answer-id-1475679' class='answer   answerof-379154 ' value='1475679'   \/><label for='answer-id-1475679' id='answer-label-1475679' class=' answer'><span>Testing the DLP rule change control process<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-68' style=';'><div id='questionWrap-68'  class='   watupro-question-id-379155'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>68. <\/span>Calculation of the recovery time objective (RTO) is necessary to determine the:<\/div><input type='hidden' name='question_id[]' id='qID_68' value='379155' \/><input type='hidden' id='answerType379155' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379155[]' id='answer-id-1475680' class='answer   answerof-379155 ' value='1475680'   \/><label for='answer-id-1475680' id='answer-label-1475680' class=' answer'><span>time required to restore files.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379155[]' id='answer-id-1475681' class='answer   answerof-379155 ' value='1475681'   \/><label for='answer-id-1475681' id='answer-label-1475681' class=' answer'><span>point of synchronization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379155[]' id='answer-id-1475682' class='answer   answerof-379155 ' value='1475682'   \/><label for='answer-id-1475682' id='answer-label-1475682' class=' answer'><span>priority of restoration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379155[]' id='answer-id-1475683' class='answer   answerof-379155 ' value='1475683'   \/><label for='answer-id-1475683' id='answer-label-1475683' class=' answer'><span>annual loss expectancy (ALE).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-69' style=';'><div id='questionWrap-69'  class='   watupro-question-id-379156'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>69. <\/span>The PRIMARY objective for selecting risk response options is to:<\/div><input type='hidden' name='question_id[]' id='qID_69' value='379156' \/><input type='hidden' id='answerType379156' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379156[]' id='answer-id-1475684' class='answer   answerof-379156 ' value='1475684'   \/><label for='answer-id-1475684' id='answer-label-1475684' class=' answer'><span>reduce risk 10 an acceptable level.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379156[]' id='answer-id-1475685' class='answer   answerof-379156 ' value='1475685'   \/><label for='answer-id-1475685' id='answer-label-1475685' class=' answer'><span>identify compensating controls.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379156[]' id='answer-id-1475686' class='answer   answerof-379156 ' value='1475686'   \/><label for='answer-id-1475686' id='answer-label-1475686' class=' answer'><span>minimize residual risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379156[]' id='answer-id-1475687' class='answer   answerof-379156 ' value='1475687'   \/><label for='answer-id-1475687' id='answer-label-1475687' class=' answer'><span>reduce risk factors.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-70' style=';'><div id='questionWrap-70'  class='   watupro-question-id-379157'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>70. <\/span>Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?<\/div><input type='hidden' name='question_id[]' id='qID_70' value='379157' \/><input type='hidden' id='answerType379157' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379157[]' id='answer-id-1475688' class='answer   answerof-379157 ' value='1475688'   \/><label for='answer-id-1475688' id='answer-label-1475688' class=' answer'><span>Completeness of system documentation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379157[]' id='answer-id-1475689' class='answer   answerof-379157 ' value='1475689'   \/><label for='answer-id-1475689' id='answer-label-1475689' class=' answer'><span>Results of end user acceptance testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379157[]' id='answer-id-1475690' class='answer   answerof-379157 ' value='1475690'   \/><label for='answer-id-1475690' id='answer-label-1475690' class=' answer'><span>Variances between planned and actual cost<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379157[]' id='answer-id-1475691' class='answer   answerof-379157 ' value='1475691'   \/><label for='answer-id-1475691' id='answer-label-1475691' class=' answer'><span>availability of in-house resources<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-71' style=';'><div id='questionWrap-71'  class='   watupro-question-id-379158'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>71. <\/span>Which of the following would BEST help an enterprise prioritize risk scenarios?<\/div><input type='hidden' name='question_id[]' id='qID_71' value='379158' \/><input type='hidden' id='answerType379158' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379158[]' id='answer-id-1475692' class='answer   answerof-379158 ' value='1475692'   \/><label for='answer-id-1475692' id='answer-label-1475692' class=' answer'><span>Industry best practices<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379158[]' id='answer-id-1475693' class='answer   answerof-379158 ' value='1475693'   \/><label for='answer-id-1475693' id='answer-label-1475693' class=' answer'><span>Placement on the risk map<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379158[]' id='answer-id-1475694' class='answer   answerof-379158 ' value='1475694'   \/><label for='answer-id-1475694' id='answer-label-1475694' class=' answer'><span>Degree of variances in the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379158[]' id='answer-id-1475695' class='answer   answerof-379158 ' value='1475695'   \/><label for='answer-id-1475695' id='answer-label-1475695' class=' answer'><span>Cost of risk mitigation<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-72' style=';'><div id='questionWrap-72'  class='   watupro-question-id-379159'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>72. <\/span>Which of the following would be a risk practitioners\u2019 BEST recommendation for preventing cyber intrusion?<\/div><input type='hidden' name='question_id[]' id='qID_72' value='379159' \/><input type='hidden' id='answerType379159' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379159[]' id='answer-id-1475696' class='answer   answerof-379159 ' value='1475696'   \/><label for='answer-id-1475696' id='answer-label-1475696' class=' answer'><span>Establish a cyber response plan<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379159[]' id='answer-id-1475697' class='answer   answerof-379159 ' value='1475697'   \/><label for='answer-id-1475697' id='answer-label-1475697' class=' answer'><span>Implement data loss prevention (DLP) tools.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379159[]' id='answer-id-1475698' class='answer   answerof-379159 ' value='1475698'   \/><label for='answer-id-1475698' id='answer-label-1475698' class=' answer'><span>Implement network segregation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379159[]' id='answer-id-1475699' class='answer   answerof-379159 ' value='1475699'   \/><label for='answer-id-1475699' id='answer-label-1475699' class=' answer'><span>Strengthen vulnerability remediation efforts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-73' style=';'><div id='questionWrap-73'  class='   watupro-question-id-379160'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>73. <\/span>The head of a business operations department asks to review the entire IT risk register. <br \/>\r<br>Which of the following would be the risk manager s BEST approach to this request before sharing the register?<\/div><input type='hidden' name='question_id[]' id='qID_73' value='379160' \/><input type='hidden' id='answerType379160' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379160[]' id='answer-id-1475700' class='answer   answerof-379160 ' value='1475700'   \/><label for='answer-id-1475700' id='answer-label-1475700' class=' answer'><span>Escalate to senior management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379160[]' id='answer-id-1475701' class='answer   answerof-379160 ' value='1475701'   \/><label for='answer-id-1475701' id='answer-label-1475701' class=' answer'><span>Require a nondisclosure agreement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379160[]' id='answer-id-1475702' class='answer   answerof-379160 ' value='1475702'   \/><label for='answer-id-1475702' id='answer-label-1475702' class=' answer'><span>Sanitize portions of the register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379160[]' id='answer-id-1475703' class='answer   answerof-379160 ' value='1475703'   \/><label for='answer-id-1475703' id='answer-label-1475703' class=' answer'><span>Determine the purpose of the request<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-74' style=';'><div id='questionWrap-74'  class='   watupro-question-id-379161'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>74. <\/span>Which of the following techniques would be used during a risk assessment to demonstrate to stakeholders that all known alternatives were evaluated?<\/div><input type='hidden' name='question_id[]' id='qID_74' value='379161' \/><input type='hidden' id='answerType379161' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379161[]' id='answer-id-1475704' class='answer   answerof-379161 ' value='1475704'   \/><label for='answer-id-1475704' id='answer-label-1475704' class=' answer'><span>Control chart<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379161[]' id='answer-id-1475705' class='answer   answerof-379161 ' value='1475705'   \/><label for='answer-id-1475705' id='answer-label-1475705' class=' answer'><span>Sensitivity analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379161[]' id='answer-id-1475706' class='answer   answerof-379161 ' value='1475706'   \/><label for='answer-id-1475706' id='answer-label-1475706' class=' answer'><span>Trend analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379161[]' id='answer-id-1475707' class='answer   answerof-379161 ' value='1475707'   \/><label for='answer-id-1475707' id='answer-label-1475707' class=' answer'><span>Decision tree<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-75' style=';'><div id='questionWrap-75'  class='   watupro-question-id-379162'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>75. <\/span>During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. <br \/>\r<br>Which of the following controls has MOST likely been compromised?<\/div><input type='hidden' name='question_id[]' id='qID_75' value='379162' \/><input type='hidden' id='answerType379162' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379162[]' id='answer-id-1475708' class='answer   answerof-379162 ' value='1475708'   \/><label for='answer-id-1475708' id='answer-label-1475708' class=' answer'><span>Data validation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379162[]' id='answer-id-1475709' class='answer   answerof-379162 ' value='1475709'   \/><label for='answer-id-1475709' id='answer-label-1475709' class=' answer'><span>Identification<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379162[]' id='answer-id-1475710' class='answer   answerof-379162 ' value='1475710'   \/><label for='answer-id-1475710' id='answer-label-1475710' class=' answer'><span>Authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379162[]' id='answer-id-1475711' class='answer   answerof-379162 ' value='1475711'   \/><label for='answer-id-1475711' id='answer-label-1475711' class=' answer'><span>Data integrity<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-76' style=';'><div id='questionWrap-76'  class='   watupro-question-id-379163'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>76. <\/span>Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?<\/div><input type='hidden' name='question_id[]' id='qID_76' value='379163' \/><input type='hidden' id='answerType379163' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379163[]' id='answer-id-1475712' class='answer   answerof-379163 ' value='1475712'   \/><label for='answer-id-1475712' id='answer-label-1475712' class=' answer'><span>It compares performance levels of IT assets to value delivered.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379163[]' id='answer-id-1475713' class='answer   answerof-379163 ' value='1475713'   \/><label for='answer-id-1475713' id='answer-label-1475713' class=' answer'><span>It facilitates the alignment of strategic IT objectives to business objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379163[]' id='answer-id-1475714' class='answer   answerof-379163 ' value='1475714'   \/><label for='answer-id-1475714' id='answer-label-1475714' class=' answer'><span>It provides input to business managers when preparing a business case for new IT projects.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379163[]' id='answer-id-1475715' class='answer   answerof-379163 ' value='1475715'   \/><label for='answer-id-1475715' id='answer-label-1475715' class=' answer'><span>It helps assess the effects of IT decisions on risk exposure<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-77' style=';'><div id='questionWrap-77'  class='   watupro-question-id-379164'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>77. <\/span>Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?<\/div><input type='hidden' name='question_id[]' id='qID_77' value='379164' \/><input type='hidden' id='answerType379164' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379164[]' id='answer-id-1475716' class='answer   answerof-379164 ' value='1475716'   \/><label for='answer-id-1475716' id='answer-label-1475716' class=' answer'><span>Risk tolerance is decreased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379164[]' id='answer-id-1475717' class='answer   answerof-379164 ' value='1475717'   \/><label for='answer-id-1475717' id='answer-label-1475717' class=' answer'><span>Residual risk is increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379164[]' id='answer-id-1475718' class='answer   answerof-379164 ' value='1475718'   \/><label for='answer-id-1475718' id='answer-label-1475718' class=' answer'><span>Inherent risk is increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379164[]' id='answer-id-1475719' class='answer   answerof-379164 ' value='1475719'   \/><label for='answer-id-1475719' id='answer-label-1475719' class=' answer'><span>Risk appetite is decreased<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-78' style=';'><div id='questionWrap-78'  class='   watupro-question-id-379165'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>78. <\/span>Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?<\/div><input type='hidden' name='question_id[]' id='qID_78' value='379165' \/><input type='hidden' id='answerType379165' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379165[]' id='answer-id-1475720' class='answer   answerof-379165 ' value='1475720'   \/><label for='answer-id-1475720' id='answer-label-1475720' class=' answer'><span>Performing a benchmark analysis and evaluating gaps<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379165[]' id='answer-id-1475721' class='answer   answerof-379165 ' value='1475721'   \/><label for='answer-id-1475721' id='answer-label-1475721' class=' answer'><span>Conducting risk assessments and implementing controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379165[]' id='answer-id-1475722' class='answer   answerof-379165 ' value='1475722'   \/><label for='answer-id-1475722' id='answer-label-1475722' class=' answer'><span>Communicating components of risk and their acceptable levels<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379165[]' id='answer-id-1475723' class='answer   answerof-379165 ' value='1475723'   \/><label for='answer-id-1475723' id='answer-label-1475723' class=' answer'><span>Participating in peer reviews and implementing best practices<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-79' style=';'><div id='questionWrap-79'  class='   watupro-question-id-379166'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>79. <\/span>Which of the following is the MAIN reason for documenting the performance of controls?<\/div><input type='hidden' name='question_id[]' id='qID_79' value='379166' \/><input type='hidden' id='answerType379166' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379166[]' id='answer-id-1475724' class='answer   answerof-379166 ' value='1475724'   \/><label for='answer-id-1475724' id='answer-label-1475724' class=' answer'><span>Obtaining management sign-off<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379166[]' id='answer-id-1475725' class='answer   answerof-379166 ' value='1475725'   \/><label for='answer-id-1475725' id='answer-label-1475725' class=' answer'><span>Demonstrating effective risk mitigation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379166[]' id='answer-id-1475726' class='answer   answerof-379166 ' value='1475726'   \/><label for='answer-id-1475726' id='answer-label-1475726' class=' answer'><span>Justifying return on investment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379166[]' id='answer-id-1475727' class='answer   answerof-379166 ' value='1475727'   \/><label for='answer-id-1475727' id='answer-label-1475727' class=' answer'><span>Providing accurate risk reporting<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-80' style=';'><div id='questionWrap-80'  class='   watupro-question-id-379167'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>80. <\/span>When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?<\/div><input type='hidden' name='question_id[]' id='qID_80' value='379167' \/><input type='hidden' id='answerType379167' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379167[]' id='answer-id-1475728' class='answer   answerof-379167 ' value='1475728'   \/><label for='answer-id-1475728' id='answer-label-1475728' class=' answer'><span>Perform a background check on the vendor.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379167[]' id='answer-id-1475729' class='answer   answerof-379167 ' value='1475729'   \/><label for='answer-id-1475729' id='answer-label-1475729' class=' answer'><span>Require the vendor to sign a nondisclosure agreement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379167[]' id='answer-id-1475730' class='answer   answerof-379167 ' value='1475730'   \/><label for='answer-id-1475730' id='answer-label-1475730' class=' answer'><span>Require the vendor to have liability insurance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379167[]' id='answer-id-1475731' class='answer   answerof-379167 ' value='1475731'   \/><label for='answer-id-1475731' id='answer-label-1475731' class=' answer'><span>Clearly define the project scope<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-81' style=';'><div id='questionWrap-81'  class='   watupro-question-id-379168'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>81. <\/span>Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?<\/div><input type='hidden' name='question_id[]' id='qID_81' value='379168' \/><input type='hidden' id='answerType379168' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379168[]' id='answer-id-1475732' class='answer   answerof-379168 ' value='1475732'   \/><label for='answer-id-1475732' id='answer-label-1475732' class=' answer'><span>Number of users that participated in the DRP testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379168[]' id='answer-id-1475733' class='answer   answerof-379168 ' value='1475733'   \/><label for='answer-id-1475733' id='answer-label-1475733' class=' answer'><span>Number of issues identified during DRP testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379168[]' id='answer-id-1475734' class='answer   answerof-379168 ' value='1475734'   \/><label for='answer-id-1475734' id='answer-label-1475734' class=' answer'><span>Percentage of applications that met the RTO during DRP testing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379168[]' id='answer-id-1475735' class='answer   answerof-379168 ' value='1475735'   \/><label for='answer-id-1475735' id='answer-label-1475735' class=' answer'><span>Percentage of issues resolved as a result of DRP testing<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-82' style=';'><div id='questionWrap-82'  class='   watupro-question-id-379169'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>82. <\/span>The risk associated with an asset before controls are applied can be expressed as:<\/div><input type='hidden' name='question_id[]' id='qID_82' value='379169' \/><input type='hidden' id='answerType379169' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379169[]' id='answer-id-1475736' class='answer   answerof-379169 ' value='1475736'   \/><label for='answer-id-1475736' id='answer-label-1475736' class=' answer'><span>a function of the likelihood and impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379169[]' id='answer-id-1475737' class='answer   answerof-379169 ' value='1475737'   \/><label for='answer-id-1475737' id='answer-label-1475737' class=' answer'><span>the magnitude of an impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379169[]' id='answer-id-1475738' class='answer   answerof-379169 ' value='1475738'   \/><label for='answer-id-1475738' id='answer-label-1475738' class=' answer'><span>a function of the cost and effectiveness of control.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379169[]' id='answer-id-1475739' class='answer   answerof-379169 ' value='1475739'   \/><label for='answer-id-1475739' id='answer-label-1475739' class=' answer'><span>the likelihood of a given threat<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-83' style=';'><div id='questionWrap-83'  class='   watupro-question-id-379170'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>83. <\/span>In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?<\/div><input type='hidden' name='question_id[]' id='qID_83' value='379170' \/><input type='hidden' id='answerType379170' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379170[]' id='answer-id-1475740' class='answer   answerof-379170 ' value='1475740'   \/><label for='answer-id-1475740' id='answer-label-1475740' class=' answer'><span>The control catalog<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379170[]' id='answer-id-1475741' class='answer   answerof-379170 ' value='1475741'   \/><label for='answer-id-1475741' id='answer-label-1475741' class=' answer'><span>The asset profile<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379170[]' id='answer-id-1475742' class='answer   answerof-379170 ' value='1475742'   \/><label for='answer-id-1475742' id='answer-label-1475742' class=' answer'><span>Business objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379170[]' id='answer-id-1475743' class='answer   answerof-379170 ' value='1475743'   \/><label for='answer-id-1475743' id='answer-label-1475743' class=' answer'><span>Key risk indicators (KRls)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-84' style=';'><div id='questionWrap-84'  class='   watupro-question-id-379171'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>84. <\/span>Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?<\/div><input type='hidden' name='question_id[]' id='qID_84' value='379171' \/><input type='hidden' id='answerType379171' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379171[]' id='answer-id-1475744' class='answer   answerof-379171 ' value='1475744'   \/><label for='answer-id-1475744' id='answer-label-1475744' class=' answer'><span>Percentage of systems included in recovery processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379171[]' id='answer-id-1475745' class='answer   answerof-379171 ' value='1475745'   \/><label for='answer-id-1475745' id='answer-label-1475745' class=' answer'><span>Number of key systems hosted<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379171[]' id='answer-id-1475746' class='answer   answerof-379171 ' value='1475746'   \/><label for='answer-id-1475746' id='answer-label-1475746' class=' answer'><span>Average response time to resolve system incidents<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379171[]' id='answer-id-1475747' class='answer   answerof-379171 ' value='1475747'   \/><label for='answer-id-1475747' id='answer-label-1475747' class=' answer'><span>Percentage of system availability<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-85' style=';'><div id='questionWrap-85'  class='   watupro-question-id-379172'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>85. <\/span>After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?<\/div><input type='hidden' name='question_id[]' id='qID_85' value='379172' \/><input type='hidden' id='answerType379172' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379172[]' id='answer-id-1475748' class='answer   answerof-379172 ' value='1475748'   \/><label for='answer-id-1475748' id='answer-label-1475748' class=' answer'><span>The risk practitioner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379172[]' id='answer-id-1475749' class='answer   answerof-379172 ' value='1475749'   \/><label for='answer-id-1475749' id='answer-label-1475749' class=' answer'><span>The business process owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379172[]' id='answer-id-1475750' class='answer   answerof-379172 ' value='1475750'   \/><label for='answer-id-1475750' id='answer-label-1475750' class=' answer'><span>The risk owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379172[]' id='answer-id-1475751' class='answer   answerof-379172 ' value='1475751'   \/><label for='answer-id-1475751' id='answer-label-1475751' class=' answer'><span>The control owner<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-86' style=';'><div id='questionWrap-86'  class='   watupro-question-id-379173'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>86. <\/span>A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. <br \/>\r<br>Which of the following is the MOST likely reason for senior management's response?<\/div><input type='hidden' name='question_id[]' id='qID_86' value='379173' \/><input type='hidden' id='answerType379173' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379173[]' id='answer-id-1475752' class='answer   answerof-379173 ' value='1475752'   \/><label for='answer-id-1475752' id='answer-label-1475752' class=' answer'><span>The underlying data source for the KRI is using inaccurate data and needs to be corrected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379173[]' id='answer-id-1475753' class='answer   answerof-379173 ' value='1475753'   \/><label for='answer-id-1475753' id='answer-label-1475753' class=' answer'><span>The KRI is not providing useful information and should be removed from the KRI inventory.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379173[]' id='answer-id-1475754' class='answer   answerof-379173 ' value='1475754'   \/><label for='answer-id-1475754' id='answer-label-1475754' class=' answer'><span>The KRI threshold needs to be revised to better align with the organization s risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379173[]' id='answer-id-1475755' class='answer   answerof-379173 ' value='1475755'   \/><label for='answer-id-1475755' id='answer-label-1475755' class=' answer'><span>Senior management does not understand the KRI and should undergo risk training.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-87' style=';'><div id='questionWrap-87'  class='   watupro-question-id-379174'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>87. <\/span>A business unit is updating a risk register with assessment results for a key project. <br \/>\r<br>Which of the following is MOST important to capture in the register?<\/div><input type='hidden' name='question_id[]' id='qID_87' value='379174' \/><input type='hidden' id='answerType379174' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379174[]' id='answer-id-1475756' class='answer   answerof-379174 ' value='1475756'   \/><label for='answer-id-1475756' id='answer-label-1475756' class=' answer'><span>The team that performed the risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379174[]' id='answer-id-1475757' class='answer   answerof-379174 ' value='1475757'   \/><label for='answer-id-1475757' id='answer-label-1475757' class=' answer'><span>An assigned risk manager to provide oversight<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379174[]' id='answer-id-1475758' class='answer   answerof-379174 ' value='1475758'   \/><label for='answer-id-1475758' id='answer-label-1475758' class=' answer'><span>Action plans to address risk scenarios requiring treatment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379174[]' id='answer-id-1475759' class='answer   answerof-379174 ' value='1475759'   \/><label for='answer-id-1475759' id='answer-label-1475759' class=' answer'><span>The methodology used to perform the risk assessment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-88' style=';'><div id='questionWrap-88'  class='   watupro-question-id-379175'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>88. <\/span>Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?<\/div><input type='hidden' name='question_id[]' id='qID_88' value='379175' \/><input type='hidden' id='answerType379175' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379175[]' id='answer-id-1475760' class='answer   answerof-379175 ' value='1475760'   \/><label for='answer-id-1475760' id='answer-label-1475760' class=' answer'><span>Align business objectives to the risk profile.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379175[]' id='answer-id-1475761' class='answer   answerof-379175 ' value='1475761'   \/><label for='answer-id-1475761' id='answer-label-1475761' class=' answer'><span>Assess risk against business objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379175[]' id='answer-id-1475762' class='answer   answerof-379175 ' value='1475762'   \/><label for='answer-id-1475762' id='answer-label-1475762' class=' answer'><span>Implement an organization-specific risk taxonomy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379175[]' id='answer-id-1475763' class='answer   answerof-379175 ' value='1475763'   \/><label for='answer-id-1475763' id='answer-label-1475763' class=' answer'><span>Explain risk details to management.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-89' style=';'><div id='questionWrap-89'  class='   watupro-question-id-379176'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>89. <\/span>Which of the following would BEST ensure that identified risk scenarios are addressed?<\/div><input type='hidden' name='question_id[]' id='qID_89' value='379176' \/><input type='hidden' id='answerType379176' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379176[]' id='answer-id-1475764' class='answer   answerof-379176 ' value='1475764'   \/><label for='answer-id-1475764' id='answer-label-1475764' class=' answer'><span>Reviewing the implementation of the risk response<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379176[]' id='answer-id-1475765' class='answer   answerof-379176 ' value='1475765'   \/><label for='answer-id-1475765' id='answer-label-1475765' class=' answer'><span>Creating a separate risk register for key business units<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379176[]' id='answer-id-1475766' class='answer   answerof-379176 ' value='1475766'   \/><label for='answer-id-1475766' id='answer-label-1475766' class=' answer'><span>Performing real-time monitoring of threats<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379176[]' id='answer-id-1475767' class='answer   answerof-379176 ' value='1475767'   \/><label for='answer-id-1475767' id='answer-label-1475767' class=' answer'><span>Performing regular risk control self-assessments<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-90' style=';'><div id='questionWrap-90'  class='   watupro-question-id-379177'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>90. <\/span>A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:<\/div><input type='hidden' name='question_id[]' id='qID_90' value='379177' \/><input type='hidden' id='answerType379177' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379177[]' id='answer-id-1475768' class='answer   answerof-379177 ' value='1475768'   \/><label for='answer-id-1475768' id='answer-label-1475768' class=' answer'><span>communication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379177[]' id='answer-id-1475769' class='answer   answerof-379177 ' value='1475769'   \/><label for='answer-id-1475769' id='answer-label-1475769' class=' answer'><span>identification.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379177[]' id='answer-id-1475770' class='answer   answerof-379177 ' value='1475770'   \/><label for='answer-id-1475770' id='answer-label-1475770' class=' answer'><span>treatment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379177[]' id='answer-id-1475771' class='answer   answerof-379177 ' value='1475771'   \/><label for='answer-id-1475771' id='answer-label-1475771' class=' answer'><span>assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-91' style=';'><div id='questionWrap-91'  class='   watupro-question-id-379178'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>91. <\/span>The PRIMARY objective of testing the effectiveness of a new control before implementation is to:<\/div><input type='hidden' name='question_id[]' id='qID_91' value='379178' \/><input type='hidden' id='answerType379178' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379178[]' id='answer-id-1475772' class='answer   answerof-379178 ' value='1475772'   \/><label for='answer-id-1475772' id='answer-label-1475772' class=' answer'><span>ensure that risk is mitigated by the control.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379178[]' id='answer-id-1475773' class='answer   answerof-379178 ' value='1475773'   \/><label for='answer-id-1475773' id='answer-label-1475773' class=' answer'><span>measure efficiency of the control process.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379178[]' id='answer-id-1475774' class='answer   answerof-379178 ' value='1475774'   \/><label for='answer-id-1475774' id='answer-label-1475774' class=' answer'><span>confirm control alignment with business objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379178[]' id='answer-id-1475775' class='answer   answerof-379178 ' value='1475775'   \/><label for='answer-id-1475775' id='answer-label-1475775' class=' answer'><span>comply with the organization's policy.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-92' style=';'><div id='questionWrap-92'  class='   watupro-question-id-379179'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>92. <\/span>Which of the following is the PRIMARY reason to perform ongoing risk assessments?<\/div><input type='hidden' name='question_id[]' id='qID_92' value='379179' \/><input type='hidden' id='answerType379179' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379179[]' id='answer-id-1475776' class='answer   answerof-379179 ' value='1475776'   \/><label for='answer-id-1475776' id='answer-label-1475776' class=' answer'><span>Emerging risk must be continuously reported to management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379179[]' id='answer-id-1475777' class='answer   answerof-379179 ' value='1475777'   \/><label for='answer-id-1475777' id='answer-label-1475777' class=' answer'><span>New system vulnerabilities emerge at frequent intervals.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379179[]' id='answer-id-1475778' class='answer   answerof-379179 ' value='1475778'   \/><label for='answer-id-1475778' id='answer-label-1475778' class=' answer'><span>The risk environment is subject to change.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379179[]' id='answer-id-1475779' class='answer   answerof-379179 ' value='1475779'   \/><label for='answer-id-1475779' id='answer-label-1475779' class=' answer'><span>The information security budget must be justified.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-93' style=';'><div id='questionWrap-93'  class='   watupro-question-id-379180'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>93. <\/span>Malware has recently affected an organization. The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:<\/div><input type='hidden' name='question_id[]' id='qID_93' value='379180' \/><input type='hidden' id='answerType379180' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379180[]' id='answer-id-1475780' class='answer   answerof-379180 ' value='1475780'   \/><label for='answer-id-1475780' id='answer-label-1475780' class=' answer'><span>a gap analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379180[]' id='answer-id-1475781' class='answer   answerof-379180 ' value='1475781'   \/><label for='answer-id-1475781' id='answer-label-1475781' class=' answer'><span>a root cause analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379180[]' id='answer-id-1475782' class='answer   answerof-379180 ' value='1475782'   \/><label for='answer-id-1475782' id='answer-label-1475782' class=' answer'><span>an impact assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379180[]' id='answer-id-1475783' class='answer   answerof-379180 ' value='1475783'   \/><label for='answer-id-1475783' id='answer-label-1475783' class=' answer'><span>a vulnerability assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-94' style=';'><div id='questionWrap-94'  class='   watupro-question-id-379181'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>94. <\/span>Which of the following is MOST effective against external threats to an organizations confidential information?<\/div><input type='hidden' name='question_id[]' id='qID_94' value='379181' \/><input type='hidden' id='answerType379181' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379181[]' id='answer-id-1475784' class='answer   answerof-379181 ' value='1475784'   \/><label for='answer-id-1475784' id='answer-label-1475784' class=' answer'><span>Single sign-on<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379181[]' id='answer-id-1475785' class='answer   answerof-379181 ' value='1475785'   \/><label for='answer-id-1475785' id='answer-label-1475785' class=' answer'><span>Data integrity checking<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379181[]' id='answer-id-1475786' class='answer   answerof-379181 ' value='1475786'   \/><label for='answer-id-1475786' id='answer-label-1475786' class=' answer'><span>Strong authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379181[]' id='answer-id-1475787' class='answer   answerof-379181 ' value='1475787'   \/><label for='answer-id-1475787' id='answer-label-1475787' class=' answer'><span>Intrusion detection system<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-95' style=';'><div id='questionWrap-95'  class='   watupro-question-id-379182'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>95. <\/span>Which of the following is the MOST important foundational element of an effective three lines of defense model for an organization?<\/div><input type='hidden' name='question_id[]' id='qID_95' value='379182' \/><input type='hidden' id='answerType379182' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379182[]' id='answer-id-1475788' class='answer   answerof-379182 ' value='1475788'   \/><label for='answer-id-1475788' id='answer-label-1475788' class=' answer'><span>A robust risk aggregation tool set<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379182[]' id='answer-id-1475789' class='answer   answerof-379182 ' value='1475789'   \/><label for='answer-id-1475789' id='answer-label-1475789' class=' answer'><span>Clearly defined roles and responsibilities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379182[]' id='answer-id-1475790' class='answer   answerof-379182 ' value='1475790'   \/><label for='answer-id-1475790' id='answer-label-1475790' class=' answer'><span>A well-established risk management committee<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379182[]' id='answer-id-1475791' class='answer   answerof-379182 ' value='1475791'   \/><label for='answer-id-1475791' id='answer-label-1475791' class=' answer'><span>Well-documented and communicated escalation procedures<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-96' style=';'><div id='questionWrap-96'  class='   watupro-question-id-379183'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>96. <\/span>Which of the following is the MOST important characteristic of an effective risk management program?<\/div><input type='hidden' name='question_id[]' id='qID_96' value='379183' \/><input type='hidden' id='answerType379183' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379183[]' id='answer-id-1475792' class='answer   answerof-379183 ' value='1475792'   \/><label for='answer-id-1475792' id='answer-label-1475792' class=' answer'><span>Risk response plans are documented<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379183[]' id='answer-id-1475793' class='answer   answerof-379183 ' value='1475793'   \/><label for='answer-id-1475793' id='answer-label-1475793' class=' answer'><span>Controls are mapped to key risk scenarios.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379183[]' id='answer-id-1475794' class='answer   answerof-379183 ' value='1475794'   \/><label for='answer-id-1475794' id='answer-label-1475794' class=' answer'><span>Key risk indicators are defined.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379183[]' id='answer-id-1475795' class='answer   answerof-379183 ' value='1475795'   \/><label for='answer-id-1475795' id='answer-label-1475795' class=' answer'><span>Risk ownership is assigned<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-97' style=';'><div id='questionWrap-97'  class='   watupro-question-id-379184'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>97. <\/span>In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?<\/div><input type='hidden' name='question_id[]' id='qID_97' value='379184' \/><input type='hidden' id='answerType379184' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379184[]' id='answer-id-1475796' class='answer   answerof-379184 ' value='1475796'   \/><label for='answer-id-1475796' id='answer-label-1475796' class=' answer'><span>Risk questionnaire<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379184[]' id='answer-id-1475797' class='answer   answerof-379184 ' value='1475797'   \/><label for='answer-id-1475797' id='answer-label-1475797' class=' answer'><span>Risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379184[]' id='answer-id-1475798' class='answer   answerof-379184 ' value='1475798'   \/><label for='answer-id-1475798' id='answer-label-1475798' class=' answer'><span>Management assertion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379184[]' id='answer-id-1475799' class='answer   answerof-379184 ' value='1475799'   \/><label for='answer-id-1475799' id='answer-label-1475799' class=' answer'><span>Compliance manual<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-98' style=';'><div id='questionWrap-98'  class='   watupro-question-id-379185'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>98. <\/span>Which of the following should be the PRIMARY input when designing IT controls?<\/div><input type='hidden' name='question_id[]' id='qID_98' value='379185' \/><input type='hidden' id='answerType379185' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379185[]' id='answer-id-1475800' class='answer   answerof-379185 ' value='1475800'   \/><label for='answer-id-1475800' id='answer-label-1475800' class=' answer'><span>Benchmark of industry standards<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379185[]' id='answer-id-1475801' class='answer   answerof-379185 ' value='1475801'   \/><label for='answer-id-1475801' id='answer-label-1475801' class=' answer'><span>Internal and external risk reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379185[]' id='answer-id-1475802' class='answer   answerof-379185 ' value='1475802'   \/><label for='answer-id-1475802' id='answer-label-1475802' class=' answer'><span>Recommendations from IT risk experts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379185[]' id='answer-id-1475803' class='answer   answerof-379185 ' value='1475803'   \/><label for='answer-id-1475803' id='answer-label-1475803' class=' answer'><span>Outcome of control self-assessments<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-99' style=';'><div id='questionWrap-99'  class='   watupro-question-id-379186'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>99. <\/span>A risk practitioners PRIMARY focus when validating a risk response action plan should be that risk response:<\/div><input type='hidden' name='question_id[]' id='qID_99' value='379186' \/><input type='hidden' id='answerType379186' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379186[]' id='answer-id-1475804' class='answer   answerof-379186 ' value='1475804'   \/><label for='answer-id-1475804' id='answer-label-1475804' class=' answer'><span>reduces risk to an acceptable level<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379186[]' id='answer-id-1475805' class='answer   answerof-379186 ' value='1475805'   \/><label for='answer-id-1475805' id='answer-label-1475805' class=' answer'><span>quantifies risk impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379186[]' id='answer-id-1475806' class='answer   answerof-379186 ' value='1475806'   \/><label for='answer-id-1475806' id='answer-label-1475806' class=' answer'><span>aligns with business strategy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379186[]' id='answer-id-1475807' class='answer   answerof-379186 ' value='1475807'   \/><label for='answer-id-1475807' id='answer-label-1475807' class=' answer'><span>advances business objectives.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-100' style=';'><div id='questionWrap-100'  class='   watupro-question-id-379187'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>100. <\/span>Which of the following roles would provide the MOST important input when identifying IT risk scenarios?<\/div><input type='hidden' name='question_id[]' id='qID_100' value='379187' \/><input type='hidden' id='answerType379187' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379187[]' id='answer-id-1475808' class='answer   answerof-379187 ' value='1475808'   \/><label for='answer-id-1475808' id='answer-label-1475808' class=' answer'><span>Information security managers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379187[]' id='answer-id-1475809' class='answer   answerof-379187 ' value='1475809'   \/><label for='answer-id-1475809' id='answer-label-1475809' class=' answer'><span>Internal auditors<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379187[]' id='answer-id-1475810' class='answer   answerof-379187 ' value='1475810'   \/><label for='answer-id-1475810' id='answer-label-1475810' class=' answer'><span>Business process owners<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-379187[]' id='answer-id-1475811' class='answer   answerof-379187 ' value='1475811'   \/><label for='answer-id-1475811' id='answer-label-1475811' class=' answer'><span>Operational risk managers<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-101'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons9470\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"9470\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-04-13 18:42:05\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1776105725\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"379088:1475412,1475413,1475414,1475415 | 379089:1475416,1475417,1475418,1475419 | 379090:1475420,1475421,1475422,1475423 | 379091:1475424,1475425,1475426,1475427 | 379092:1475428,1475429,1475430,1475431 | 379093:1475432,1475433,1475434,1475435 | 379094:1475436,1475437,1475438,1475439 | 379095:1475440,1475441,1475442,1475443 | 379096:1475444,1475445,1475446,1475447 | 379097:1475448,1475449,1475450,1475451 | 379098:1475452,1475453,1475454,1475455 | 379099:1475456,1475457,1475458,1475459 | 379100:1475460,1475461,1475462,1475463 | 379101:1475464,1475465,1475466,1475467 | 379102:1475468,1475469,1475470,1475471 | 379103:1475472,1475473,1475474,1475475 | 379104:1475476,1475477,1475478,1475479 | 379105:1475480,1475481,1475482,1475483 | 379106:1475484,1475485,1475486,1475487 | 379107:1475488,1475489,1475490,1475491 | 379108:1475492,1475493,1475494,1475495 | 379109:1475496,1475497,1475498,1475499 | 379110:1475500,1475501,1475502,1475503 | 379111:1475504,1475505,1475506,1475507 | 379112:1475508,1475509,1475510,1475511 | 379113:1475512,1475513,1475514,1475515 | 379114:1475516,1475517,1475518,1475519 | 379115:1475520,1475521,1475522,1475523 | 379116:1475524,1475525,1475526,1475527 | 379117:1475528,1475529,1475530,1475531 | 379118:1475532,1475533,1475534,1475535 | 379119:1475536,1475537,1475538,1475539 | 379120:1475540,1475541,1475542,1475543 | 379121:1475544,1475545,1475546,1475547 | 379122:1475548,1475549,1475550,1475551 | 379123:1475552,1475553,1475554,1475555 | 379124:1475556,1475557,1475558,1475559 | 379125:1475560,1475561,1475562,1475563 | 379126:1475564,1475565,1475566,1475567 | 379127:1475568,1475569,1475570,1475571 | 379128:1475572,1475573,1475574,1475575 | 379129:1475576,1475577,1475578,1475579 | 379130:1475580,1475581,1475582,1475583 | 379131:1475584,1475585,1475586,1475587 | 379132:1475588,1475589,1475590,1475591 | 379133:1475592,1475593,1475594,1475595 | 379134:1475596,1475597,1475598,1475599 | 379135:1475600,1475601,1475602,1475603 | 379136:1475604,1475605,1475606,1475607 | 379137:1475608,1475609,1475610,1475611 | 379138:1475612,1475613,1475614,1475615 | 379139:1475616,1475617,1475618,1475619 | 379140:1475620,1475621,1475622,1475623 | 379141:1475624,1475625,1475626,1475627 | 379142:1475628,1475629,1475630,1475631 | 379143:1475632,1475633,1475634,1475635 | 379144:1475636,1475637,1475638,1475639 | 379145:1475640,1475641,1475642,1475643 | 379146:1475644,1475645,1475646,1475647 | 379147:1475648,1475649,1475650,1475651 | 379148:1475652,1475653,1475654,1475655 | 379149:1475656,1475657,1475658,1475659 | 379150:1475660,1475661,1475662,1475663 | 379151:1475664,1475665,1475666,1475667 | 379152:1475668,1475669,1475670,1475671 | 379153:1475672,1475673,1475674,1475675 | 379154:1475676,1475677,1475678,1475679 | 379155:1475680,1475681,1475682,1475683 | 379156:1475684,1475685,1475686,1475687 | 379157:1475688,1475689,1475690,1475691 | 379158:1475692,1475693,1475694,1475695 | 379159:1475696,1475697,1475698,1475699 | 379160:1475700,1475701,1475702,1475703 | 379161:1475704,1475705,1475706,1475707 | 379162:1475708,1475709,1475710,1475711 | 379163:1475712,1475713,1475714,1475715 | 379164:1475716,1475717,1475718,1475719 | 379165:1475720,1475721,1475722,1475723 | 379166:1475724,1475725,1475726,1475727 | 379167:1475728,1475729,1475730,1475731 | 379168:1475732,1475733,1475734,1475735 | 379169:1475736,1475737,1475738,1475739 | 379170:1475740,1475741,1475742,1475743 | 379171:1475744,1475745,1475746,1475747 | 379172:1475748,1475749,1475750,1475751 | 379173:1475752,1475753,1475754,1475755 | 379174:1475756,1475757,1475758,1475759 | 379175:1475760,1475761,1475762,1475763 | 379176:1475764,1475765,1475766,1475767 | 379177:1475768,1475769,1475770,1475771 | 379178:1475772,1475773,1475774,1475775 | 379179:1475776,1475777,1475778,1475779 | 379180:1475780,1475781,1475782,1475783 | 379181:1475784,1475785,1475786,1475787 | 379182:1475788,1475789,1475790,1475791 | 379183:1475792,1475793,1475794,1475795 | 379184:1475796,1475797,1475798,1475799 | 379185:1475800,1475801,1475802,1475803 | 379186:1475804,1475805,1475806,1475807 | 379187:1475808,1475809,1475810,1475811\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"379088,379089,379090,379091,379092,379093,379094,379095,379096,379097,379098,379099,379100,379101,379102,379103,379104,379105,379106,379107,379108,379109,379110,379111,379112,379113,379114,379115,379116,379117,379118,379119,379120,379121,379122,379123,379124,379125,379126,379127,379128,379129,379130,379131,379132,379133,379134,379135,379136,379137,379138,379139,379140,379141,379142,379143,379144,379145,379146,379147,379148,379149,379150,379151,379152,379153,379154,379155,379156,379157,379158,379159,379160,379161,379162,379163,379164,379165,379166,379167,379168,379169,379170,379171,379172,379173,379174,379175,379176,379177,379178,379179,379180,379181,379182,379183,379184,379185,379186,379187\";\nWatuPROSettings[9470] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 9470;\t    \nWatuPRO.post_id = 105142;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.35965000 1776105725\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(9470);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>Now, you can achieve the Certified in Risk and Information Systems Control (CRISC) certification by studying the most updated CRISC dumps (V13.02). DumpsBase ensures that you can prepare well with the most current CRISC exam questions. DumpsBase CRISC dumps (V13.02) provide a valuable tool for effective preparation, offering comprehensive coverage, realistic practice, and the flexibility [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[429,431],"tags":[10589,10592],"class_list":["post-105142","post","type-post","status-publish","format-standard","hentry","category-isaca","category-isaca-certificaton","tag-crisc-dumps","tag-crisc-exam-questions"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/105142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=105142"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/105142\/revisions"}],"predecessor-version":[{"id":105143,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/105142\/revisions\/105143"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=105142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=105142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=105142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}