{"id":35194,"date":"2022-02-09T00:58:32","date_gmt":"2022-02-09T00:58:32","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=35194"},"modified":"2025-09-22T06:40:39","modified_gmt":"2025-09-22T06:40:39","slug":"isaca-crisc-dumps-questions-updated-2022-pass-certified-in-risk-and-information-systems-control-crisc-exam","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/isaca-crisc-dumps-questions-updated-2022-pass-certified-in-risk-and-information-systems-control-crisc-exam.html","title":{"rendered":"ISACA CRISC Dumps Questions Updated [2022] Pass Certified in Risk and Information Systems Control (CRISC) Exam"},"content":{"rendered":"\r\n<p>How to pass Certified in Risk and Information Systems Control (CRISC) exam successfully? ISACA CRISC dumps questions of DumpsBase have been updated with actual questions and answers, which could be the best study materials for good preparation. The most updated CRISC exam dumps bring you actual Q&amp;As, allowing you read all of them with the pdf file and testing engine, which are the two main formats of DumpsBase to help you practice CRISC dumps questions and answers. We ensure that you can pass your ISACA CRISC exam successfully in the first attempt.<\/p>\r\n<h2>Try to read <span style=\"background-color: #ff0000;\">CRISC free dumps<\/span> before buying updated CRISC dumps questions.<\/h2>\r\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam6043\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-6043\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-6043\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-207878'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>The PRIMARY objective for selecting risk response options is to:<\/div><input type='hidden' name='question_id[]' id='qID_1' value='207878' \/><input type='hidden' id='answerType207878' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207878[]' id='answer-id-830335' class='answer   answerof-207878 ' value='830335'   \/><label for='answer-id-830335' id='answer-label-830335' class=' answer'><span>reduce risk 10 an acceptable level.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207878[]' id='answer-id-830336' class='answer   answerof-207878 ' value='830336'   \/><label for='answer-id-830336' id='answer-label-830336' class=' answer'><span>identify compensating controls.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207878[]' id='answer-id-830337' class='answer   answerof-207878 ' value='830337'   \/><label for='answer-id-830337' id='answer-label-830337' class=' answer'><span>minimize residual risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207878[]' id='answer-id-830338' class='answer   answerof-207878 ' value='830338'   \/><label for='answer-id-830338' id='answer-label-830338' class=' answer'><span>reduce risk factors.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-207879'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. Of the following, who should be notified of this new information FIRST.<\/div><input type='hidden' name='question_id[]' id='qID_2' value='207879' \/><input type='hidden' id='answerType207879' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207879[]' id='answer-id-830339' class='answer   answerof-207879 ' value='830339'   \/><label for='answer-id-830339' id='answer-label-830339' class=' answer'><span>The risk owner who also owns the business service enabled by this infrastructure<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207879[]' id='answer-id-830340' class='answer   answerof-207879 ' value='830340'   \/><label for='answer-id-830340' id='answer-label-830340' class=' answer'><span>The data center manager who is also employed under the managed hosting services contract<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207879[]' id='answer-id-830341' class='answer   answerof-207879 ' value='830341'   \/><label for='answer-id-830341' id='answer-label-830341' class=' answer'><span>The site manager who is required to provide annual risk assessments under the contract<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207879[]' id='answer-id-830342' class='answer   answerof-207879 ' value='830342'   \/><label for='answer-id-830342' id='answer-label-830342' class=' answer'><span>The chief information officer (CIO) who is responsible for the hosted services<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-207880'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation . <br \/>\r<br>Which of the following materials would be MOST helpful?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='207880' \/><input type='hidden' id='answerType207880' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207880[]' id='answer-id-830343' class='answer   answerof-207880 ' value='830343'   \/><label for='answer-id-830343' id='answer-label-830343' class=' answer'><span>IT risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207880[]' id='answer-id-830344' class='answer   answerof-207880 ' value='830344'   \/><label for='answer-id-830344' id='answer-label-830344' class=' answer'><span>List of key risk indicators<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207880[]' id='answer-id-830345' class='answer   answerof-207880 ' value='830345'   \/><label for='answer-id-830345' id='answer-label-830345' class=' answer'><span>Internal audit reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207880[]' id='answer-id-830346' class='answer   answerof-207880 ' value='830346'   \/><label for='answer-id-830346' id='answer-label-830346' class=' answer'><span>List of approved projects<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-207881'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='207881' \/><input type='hidden' id='answerType207881' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207881[]' id='answer-id-830347' class='answer   answerof-207881 ' value='830347'   \/><label for='answer-id-830347' id='answer-label-830347' class=' answer'><span>Number of tickets for provisioning new accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207881[]' id='answer-id-830348' class='answer   answerof-207881 ' value='830348'   \/><label for='answer-id-830348' id='answer-label-830348' class=' answer'><span>Average time to provision user accounts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207881[]' id='answer-id-830349' class='answer   answerof-207881 ' value='830349'   \/><label for='answer-id-830349' id='answer-label-830349' class=' answer'><span>Password reset volume per month<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207881[]' id='answer-id-830350' class='answer   answerof-207881 ' value='830350'   \/><label for='answer-id-830350' id='answer-label-830350' class=' answer'><span>Average account lockout time<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-207882'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities . <br \/>\r<br>Which information would have the MOST impact on the overall recovery profile?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='207882' \/><input type='hidden' id='answerType207882' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207882[]' id='answer-id-830351' class='answer   answerof-207882 ' value='830351'   \/><label for='answer-id-830351' id='answer-label-830351' class=' answer'><span>The percentage of systems meeting recovery target times has increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207882[]' id='answer-id-830352' class='answer   answerof-207882 ' value='830352'   \/><label for='answer-id-830352' id='answer-label-830352' class=' answer'><span>The number of systems tested in the last year has increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207882[]' id='answer-id-830353' class='answer   answerof-207882 ' value='830353'   \/><label for='answer-id-830353' id='answer-label-830353' class=' answer'><span>The number of systems requiring a recovery plan has increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207882[]' id='answer-id-830354' class='answer   answerof-207882 ' value='830354'   \/><label for='answer-id-830354' id='answer-label-830354' class=' answer'><span>The percentage of systems with long recovery target times has decreased.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-207883'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='207883' \/><input type='hidden' id='answerType207883' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207883[]' id='answer-id-830355' class='answer   answerof-207883 ' value='830355'   \/><label for='answer-id-830355' id='answer-label-830355' class=' answer'><span>Risk tolerance is decreased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207883[]' id='answer-id-830356' class='answer   answerof-207883 ' value='830356'   \/><label for='answer-id-830356' id='answer-label-830356' class=' answer'><span>Residual risk is increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207883[]' id='answer-id-830357' class='answer   answerof-207883 ' value='830357'   \/><label for='answer-id-830357' id='answer-label-830357' class=' answer'><span>Inherent risk is increased.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207883[]' id='answer-id-830358' class='answer   answerof-207883 ' value='830358'   \/><label for='answer-id-830358' id='answer-label-830358' class=' answer'><span>Risk appetite is decreased<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-207884'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='207884' \/><input type='hidden' id='answerType207884' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207884[]' id='answer-id-830359' class='answer   answerof-207884 ' value='830359'   \/><label for='answer-id-830359' id='answer-label-830359' class=' answer'><span>Closed management action plans from the previous audit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207884[]' id='answer-id-830360' class='answer   answerof-207884 ' value='830360'   \/><label for='answer-id-830360' id='answer-label-830360' class=' answer'><span>Annual risk assessment results<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207884[]' id='answer-id-830361' class='answer   answerof-207884 ' value='830361'   \/><label for='answer-id-830361' id='answer-label-830361' class=' answer'><span>An updated vulnerability management report<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207884[]' id='answer-id-830362' class='answer   answerof-207884 ' value='830362'   \/><label for='answer-id-830362' id='answer-label-830362' class=' answer'><span>A list of identified generic risk scenarios<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-207885'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>The MAIN purpose of conducting a control self-assessment (CSA) is to:<\/div><input type='hidden' name='question_id[]' id='qID_8' value='207885' \/><input type='hidden' id='answerType207885' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207885[]' id='answer-id-830363' class='answer   answerof-207885 ' value='830363'   \/><label for='answer-id-830363' id='answer-label-830363' class=' answer'><span>gain a better understanding of the control effectiveness in the organization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207885[]' id='answer-id-830364' class='answer   answerof-207885 ' value='830364'   \/><label for='answer-id-830364' id='answer-label-830364' class=' answer'><span>gain a better understanding of the risk in the organization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207885[]' id='answer-id-830365' class='answer   answerof-207885 ' value='830365'   \/><label for='answer-id-830365' id='answer-label-830365' class=' answer'><span>adjust the controls prior to an external audit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207885[]' id='answer-id-830366' class='answer   answerof-207885 ' value='830366'   \/><label for='answer-id-830366' id='answer-label-830366' class=' answer'><span>reduce the dependency on external audits<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-207886'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Which of the following attributes of a key risk indicator (KRI) is MOST important?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='207886' \/><input type='hidden' id='answerType207886' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207886[]' id='answer-id-830367' class='answer   answerof-207886 ' value='830367'   \/><label for='answer-id-830367' id='answer-label-830367' class=' answer'><span>Repeatable<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207886[]' id='answer-id-830368' class='answer   answerof-207886 ' value='830368'   \/><label for='answer-id-830368' id='answer-label-830368' class=' answer'><span>Automated<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207886[]' id='answer-id-830369' class='answer   answerof-207886 ' value='830369'   \/><label for='answer-id-830369' id='answer-label-830369' class=' answer'><span>Quantitative<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207886[]' id='answer-id-830370' class='answer   answerof-207886 ' value='830370'   \/><label for='answer-id-830370' id='answer-label-830370' class=' answer'><span>Qualitative<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-207887'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>A contract associated with a cloud service provider MUST include:<\/div><input type='hidden' name='question_id[]' id='qID_10' value='207887' \/><input type='hidden' id='answerType207887' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207887[]' id='answer-id-830371' class='answer   answerof-207887 ' value='830371'   \/><label for='answer-id-830371' id='answer-label-830371' class=' answer'><span>ownership of responsibilities.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207887[]' id='answer-id-830372' class='answer   answerof-207887 ' value='830372'   \/><label for='answer-id-830372' id='answer-label-830372' class=' answer'><span>a business recovery plan.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207887[]' id='answer-id-830373' class='answer   answerof-207887 ' value='830373'   \/><label for='answer-id-830373' id='answer-label-830373' class=' answer'><span>provision for source code escrow.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207887[]' id='answer-id-830374' class='answer   answerof-207887 ' value='830374'   \/><label for='answer-id-830374' id='answer-label-830374' class=' answer'><span>the providers financial statements.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-207888'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>Who should be accountable for ensuring effective cybersecurity controls are established?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='207888' \/><input type='hidden' id='answerType207888' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207888[]' id='answer-id-830375' class='answer   answerof-207888 ' value='830375'   \/><label for='answer-id-830375' id='answer-label-830375' class=' answer'><span>Risk owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207888[]' id='answer-id-830376' class='answer   answerof-207888 ' value='830376'   \/><label for='answer-id-830376' id='answer-label-830376' class=' answer'><span>Security management function<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207888[]' id='answer-id-830377' class='answer   answerof-207888 ' value='830377'   \/><label for='answer-id-830377' id='answer-label-830377' class=' answer'><span>IT management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207888[]' id='answer-id-830378' class='answer   answerof-207888 ' value='830378'   \/><label for='answer-id-830378' id='answer-label-830378' class=' answer'><span>Enterprise risk function<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-207889'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>Which of the following is the BEST method to identify unnecessary controls?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='207889' \/><input type='hidden' id='answerType207889' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207889[]' id='answer-id-830379' class='answer   answerof-207889 ' value='830379'   \/><label for='answer-id-830379' id='answer-label-830379' class=' answer'><span>Evaluating the impact of removing existing controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207889[]' id='answer-id-830380' class='answer   answerof-207889 ' value='830380'   \/><label for='answer-id-830380' id='answer-label-830380' class=' answer'><span>Evaluating existing controls against audit requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207889[]' id='answer-id-830381' class='answer   answerof-207889 ' value='830381'   \/><label for='answer-id-830381' id='answer-label-830381' class=' answer'><span>Reviewing system functionalities associated with business processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207889[]' id='answer-id-830382' class='answer   answerof-207889 ' value='830382'   \/><label for='answer-id-830382' id='answer-label-830382' class=' answer'><span>Monitoring existing key risk indicators (KRIs)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-207890'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='207890' \/><input type='hidden' id='answerType207890' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207890[]' id='answer-id-830383' class='answer   answerof-207890 ' value='830383'   \/><label for='answer-id-830383' id='answer-label-830383' class=' answer'><span>It compares performance levels of IT assets to value delivered.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207890[]' id='answer-id-830384' class='answer   answerof-207890 ' value='830384'   \/><label for='answer-id-830384' id='answer-label-830384' class=' answer'><span>It facilitates the alignment of strategic IT objectives to business objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207890[]' id='answer-id-830385' class='answer   answerof-207890 ' value='830385'   \/><label for='answer-id-830385' id='answer-label-830385' class=' answer'><span>It provides input to business managers when preparing a business case for new IT projects.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207890[]' id='answer-id-830386' class='answer   answerof-207890 ' value='830386'   \/><label for='answer-id-830386' id='answer-label-830386' class=' answer'><span>It helps assess the effects of IT decisions on risk exposure<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-207891'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='207891' \/><input type='hidden' id='answerType207891' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207891[]' id='answer-id-830387' class='answer   answerof-207891 ' value='830387'   \/><label for='answer-id-830387' id='answer-label-830387' class=' answer'><span>Ensuring availability of resources for log analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207891[]' id='answer-id-830388' class='answer   answerof-207891 ' value='830388'   \/><label for='answer-id-830388' id='answer-label-830388' class=' answer'><span>Implementing log analysis tools to automate controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207891[]' id='answer-id-830389' class='answer   answerof-207891 ' value='830389'   \/><label for='answer-id-830389' id='answer-label-830389' class=' answer'><span>Ensuring the control is proportional to the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207891[]' id='answer-id-830390' class='answer   answerof-207891 ' value='830390'   \/><label for='answer-id-830390' id='answer-label-830390' class=' answer'><span>Building correlations between logs collected from different sources<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-207892'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='207892' \/><input type='hidden' id='answerType207892' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207892[]' id='answer-id-830391' class='answer   answerof-207892 ' value='830391'   \/><label for='answer-id-830391' id='answer-label-830391' class=' answer'><span>Login attempts are reconciled to a list of terminated employees.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207892[]' id='answer-id-830392' class='answer   answerof-207892 ' value='830392'   \/><label for='answer-id-830392' id='answer-label-830392' class=' answer'><span>A list of terminated employees is generated for reconciliation against current IT access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207892[]' id='answer-id-830393' class='answer   answerof-207892 ' value='830393'   \/><label for='answer-id-830393' id='answer-label-830393' class=' answer'><span>A process to remove employee access during the exit interview is implemented.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207892[]' id='answer-id-830394' class='answer   answerof-207892 ' value='830394'   \/><label for='answer-id-830394' id='answer-label-830394' class=' answer'><span>The human resources (HR) system automatically revokes system access.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-207893'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>Who is the MOST appropriate owner for newly identified IT risk?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='207893' \/><input type='hidden' id='answerType207893' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207893[]' id='answer-id-830395' class='answer   answerof-207893 ' value='830395'   \/><label for='answer-id-830395' id='answer-label-830395' class=' answer'><span>The manager responsible for IT operations that will support the risk mitigation efforts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207893[]' id='answer-id-830396' class='answer   answerof-207893 ' value='830396'   \/><label for='answer-id-830396' id='answer-label-830396' class=' answer'><span>The individual with authority to commit organizational resources to mitigate the risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207893[]' id='answer-id-830397' class='answer   answerof-207893 ' value='830397'   \/><label for='answer-id-830397' id='answer-label-830397' class=' answer'><span>A project manager capable of prioritizing the risk remediation efforts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207893[]' id='answer-id-830398' class='answer   answerof-207893 ' value='830398'   \/><label for='answer-id-830398' id='answer-label-830398' class=' answer'><span>The individual with the most IT risk-related subject matter knowledge<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-207894'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='207894' \/><input type='hidden' id='answerType207894' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207894[]' id='answer-id-830399' class='answer   answerof-207894 ' value='830399'   \/><label for='answer-id-830399' id='answer-label-830399' class=' answer'><span>A reduction in the number of help desk calls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207894[]' id='answer-id-830400' class='answer   answerof-207894 ' value='830400'   \/><label for='answer-id-830400' id='answer-label-830400' class=' answer'><span>An increase in the number of identified system flaws<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207894[]' id='answer-id-830401' class='answer   answerof-207894 ' value='830401'   \/><label for='answer-id-830401' id='answer-label-830401' class=' answer'><span>A reduction in the number of user access resets<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207894[]' id='answer-id-830402' class='answer   answerof-207894 ' value='830402'   \/><label for='answer-id-830402' id='answer-label-830402' class=' answer'><span>An increase in the number of incidents reported<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-207895'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which of the following tools is MOST effective in identifying trends in the IT risk profile?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='207895' \/><input type='hidden' id='answerType207895' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207895[]' id='answer-id-830403' class='answer   answerof-207895 ' value='830403'   \/><label for='answer-id-830403' id='answer-label-830403' class=' answer'><span>Risk self-assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207895[]' id='answer-id-830404' class='answer   answerof-207895 ' value='830404'   \/><label for='answer-id-830404' id='answer-label-830404' class=' answer'><span>Risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207895[]' id='answer-id-830405' class='answer   answerof-207895 ' value='830405'   \/><label for='answer-id-830405' id='answer-label-830405' class=' answer'><span>Risk dashboard<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207895[]' id='answer-id-830406' class='answer   answerof-207895 ' value='830406'   \/><label for='answer-id-830406' id='answer-label-830406' class=' answer'><span>Risk map<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-207896'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>A risk practitioner has determined that a key control does not meet design expectations . <br \/>\r<br>Which of the following should be done NEXT?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='207896' \/><input type='hidden' id='answerType207896' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207896[]' id='answer-id-830407' class='answer   answerof-207896 ' value='830407'   \/><label for='answer-id-830407' id='answer-label-830407' class=' answer'><span>Document the finding in the risk register.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207896[]' id='answer-id-830408' class='answer   answerof-207896 ' value='830408'   \/><label for='answer-id-830408' id='answer-label-830408' class=' answer'><span>Invoke the incident response plan.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207896[]' id='answer-id-830409' class='answer   answerof-207896 ' value='830409'   \/><label for='answer-id-830409' id='answer-label-830409' class=' answer'><span>Re-evaluate key risk indicators.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207896[]' id='answer-id-830410' class='answer   answerof-207896 ' value='830410'   \/><label for='answer-id-830410' id='answer-label-830410' class=' answer'><span>Modify the design of the control.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-207897'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='207897' \/><input type='hidden' id='answerType207897' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207897[]' id='answer-id-830411' class='answer   answerof-207897 ' value='830411'   \/><label for='answer-id-830411' id='answer-label-830411' class=' answer'><span>Maintain and review the classified data inventor.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207897[]' id='answer-id-830412' class='answer   answerof-207897 ' value='830412'   \/><label for='answer-id-830412' id='answer-label-830412' class=' answer'><span>Implement mandatory encryption on data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207897[]' id='answer-id-830413' class='answer   answerof-207897 ' value='830413'   \/><label for='answer-id-830413' id='answer-label-830413' class=' answer'><span>Conduct an awareness program for data owners and users.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207897[]' id='answer-id-830414' class='answer   answerof-207897 ' value='830414'   \/><label for='answer-id-830414' id='answer-label-830414' class=' answer'><span>Define and implement a data classification policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-207898'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>Which of the following is the PRIMARY reason to perform ongoing risk assessments?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='207898' \/><input type='hidden' id='answerType207898' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207898[]' id='answer-id-830415' class='answer   answerof-207898 ' value='830415'   \/><label for='answer-id-830415' id='answer-label-830415' class=' answer'><span>Emerging risk must be continuously reported to management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207898[]' id='answer-id-830416' class='answer   answerof-207898 ' value='830416'   \/><label for='answer-id-830416' id='answer-label-830416' class=' answer'><span>New system vulnerabilities emerge at frequent intervals.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207898[]' id='answer-id-830417' class='answer   answerof-207898 ' value='830417'   \/><label for='answer-id-830417' id='answer-label-830417' class=' answer'><span>The risk environment is subject to change.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207898[]' id='answer-id-830418' class='answer   answerof-207898 ' value='830418'   \/><label for='answer-id-830418' id='answer-label-830418' class=' answer'><span>The information security budget must be justified.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-207899'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited . <br \/>\r<br>Which of the following would be the BEST response to this scenario?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='207899' \/><input type='hidden' id='answerType207899' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207899[]' id='answer-id-830419' class='answer   answerof-207899 ' value='830419'   \/><label for='answer-id-830419' id='answer-label-830419' class=' answer'><span>Assess the vulnerability management process.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207899[]' id='answer-id-830420' class='answer   answerof-207899 ' value='830420'   \/><label for='answer-id-830420' id='answer-label-830420' class=' answer'><span>Conduct a control serf-assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207899[]' id='answer-id-830421' class='answer   answerof-207899 ' value='830421'   \/><label for='answer-id-830421' id='answer-label-830421' class=' answer'><span>Conduct a vulnerability assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207899[]' id='answer-id-830422' class='answer   answerof-207899 ' value='830422'   \/><label for='answer-id-830422' id='answer-label-830422' class=' answer'><span>Reassess the inherent risk of the target.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-207900'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='207900' \/><input type='hidden' id='answerType207900' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207900[]' id='answer-id-830423' class='answer   answerof-207900 ' value='830423'   \/><label for='answer-id-830423' id='answer-label-830423' class=' answer'><span>Updating multi-factor authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207900[]' id='answer-id-830424' class='answer   answerof-207900 ' value='830424'   \/><label for='answer-id-830424' id='answer-label-830424' class=' answer'><span>Monitoring key access control performance indicators<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207900[]' id='answer-id-830425' class='answer   answerof-207900 ' value='830425'   \/><label for='answer-id-830425' id='answer-label-830425' class=' answer'><span>Analyzing access control logs for suspicious activity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207900[]' id='answer-id-830426' class='answer   answerof-207900 ' value='830426'   \/><label for='answer-id-830426' id='answer-label-830426' class=' answer'><span>Revising the service level agreement (SLA)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-207901'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network . <br \/>\r<br>Which of the following would be MOST important to include in a report to senior management?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='207901' \/><input type='hidden' id='answerType207901' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207901[]' id='answer-id-830427' class='answer   answerof-207901 ' value='830427'   \/><label for='answer-id-830427' id='answer-label-830427' class=' answer'><span>The network security policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207901[]' id='answer-id-830428' class='answer   answerof-207901 ' value='830428'   \/><label for='answer-id-830428' id='answer-label-830428' class=' answer'><span>Potential business impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207901[]' id='answer-id-830429' class='answer   answerof-207901 ' value='830429'   \/><label for='answer-id-830429' id='answer-label-830429' class=' answer'><span>The WiFi access point configuration<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207901[]' id='answer-id-830430' class='answer   answerof-207901 ' value='830430'   \/><label for='answer-id-830430' id='answer-label-830430' class=' answer'><span>Planned remediation actions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-207902'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>Which of the following is the MOST important element of a successful risk awareness training program?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='207902' \/><input type='hidden' id='answerType207902' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207902[]' id='answer-id-830431' class='answer   answerof-207902 ' value='830431'   \/><label for='answer-id-830431' id='answer-label-830431' class=' answer'><span>Customizing content for the audience<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207902[]' id='answer-id-830432' class='answer   answerof-207902 ' value='830432'   \/><label for='answer-id-830432' id='answer-label-830432' class=' answer'><span>Providing incentives to participants<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207902[]' id='answer-id-830433' class='answer   answerof-207902 ' value='830433'   \/><label for='answer-id-830433' id='answer-label-830433' class=' answer'><span>Mapping to a recognized standard<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207902[]' id='answer-id-830434' class='answer   answerof-207902 ' value='830434'   \/><label for='answer-id-830434' id='answer-label-830434' class=' answer'><span>Providing metrics for measurement<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-207903'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>The number of tickets to rework application code has significantly exceeded the established threshold . <br \/>\r<br>Which of the following would be the risk practitioner s BEST recommendation?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='207903' \/><input type='hidden' id='answerType207903' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207903[]' id='answer-id-830435' class='answer   answerof-207903 ' value='830435'   \/><label for='answer-id-830435' id='answer-label-830435' class=' answer'><span>Perform a root cause analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207903[]' id='answer-id-830436' class='answer   answerof-207903 ' value='830436'   \/><label for='answer-id-830436' id='answer-label-830436' class=' answer'><span>Perform a code review<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207903[]' id='answer-id-830437' class='answer   answerof-207903 ' value='830437'   \/><label for='answer-id-830437' id='answer-label-830437' class=' answer'><span>Implement version control software.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207903[]' id='answer-id-830438' class='answer   answerof-207903 ' value='830438'   \/><label for='answer-id-830438' id='answer-label-830438' class=' answer'><span>Implement training on coding best practices<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-207904'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>An effective control environment is BEST indicated by controls that:<\/div><input type='hidden' name='question_id[]' id='qID_27' value='207904' \/><input type='hidden' id='answerType207904' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207904[]' id='answer-id-830439' class='answer   answerof-207904 ' value='830439'   \/><label for='answer-id-830439' id='answer-label-830439' class=' answer'><span>minimize senior management's risk tolerance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207904[]' id='answer-id-830440' class='answer   answerof-207904 ' value='830440'   \/><label for='answer-id-830440' id='answer-label-830440' class=' answer'><span>manage risk within the organization's risk appetite.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207904[]' id='answer-id-830441' class='answer   answerof-207904 ' value='830441'   \/><label for='answer-id-830441' id='answer-label-830441' class=' answer'><span>reduce the thresholds of key risk indicators (KRIs).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207904[]' id='answer-id-830442' class='answer   answerof-207904 ' value='830442'   \/><label for='answer-id-830442' id='answer-label-830442' class=' answer'><span>are cost-effective to implement<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-207905'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='207905' \/><input type='hidden' id='answerType207905' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207905[]' id='answer-id-830443' class='answer   answerof-207905 ' value='830443'   \/><label for='answer-id-830443' id='answer-label-830443' class=' answer'><span>To build an organizational risk-aware culture<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207905[]' id='answer-id-830444' class='answer   answerof-207905 ' value='830444'   \/><label for='answer-id-830444' id='answer-label-830444' class=' answer'><span>To continuously improve risk management processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207905[]' id='answer-id-830445' class='answer   answerof-207905 ' value='830445'   \/><label for='answer-id-830445' id='answer-label-830445' class=' answer'><span>To comply with legal and regulatory requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207905[]' id='answer-id-830446' class='answer   answerof-207905 ' value='830446'   \/><label for='answer-id-830446' id='answer-label-830446' class=' answer'><span>To identify gaps in risk management practices<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-207906'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='207906' \/><input type='hidden' id='answerType207906' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207906[]' id='answer-id-830447' class='answer   answerof-207906 ' value='830447'   \/><label for='answer-id-830447' id='answer-label-830447' class=' answer'><span>Digital signatures<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207906[]' id='answer-id-830448' class='answer   answerof-207906 ' value='830448'   \/><label for='answer-id-830448' id='answer-label-830448' class=' answer'><span>Encrypted passwords<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207906[]' id='answer-id-830449' class='answer   answerof-207906 ' value='830449'   \/><label for='answer-id-830449' id='answer-label-830449' class=' answer'><span>One-time passwords<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207906[]' id='answer-id-830450' class='answer   answerof-207906 ' value='830450'   \/><label for='answer-id-830450' id='answer-label-830450' class=' answer'><span>Digital certificates<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-207907'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Establishing and organizational code of conduct is an example of which type of control?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='207907' \/><input type='hidden' id='answerType207907' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207907[]' id='answer-id-830451' class='answer   answerof-207907 ' value='830451'   \/><label for='answer-id-830451' id='answer-label-830451' class=' answer'><span>Preventive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207907[]' id='answer-id-830452' class='answer   answerof-207907 ' value='830452'   \/><label for='answer-id-830452' id='answer-label-830452' class=' answer'><span>Directive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207907[]' id='answer-id-830453' class='answer   answerof-207907 ' value='830453'   \/><label for='answer-id-830453' id='answer-label-830453' class=' answer'><span>Detective<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207907[]' id='answer-id-830454' class='answer   answerof-207907 ' value='830454'   \/><label for='answer-id-830454' id='answer-label-830454' class=' answer'><span>Compensating<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-207908'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails . <br \/>\r<br>Which of the following can BEST alleviate this issue while not sacrificing security?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='207908' \/><input type='hidden' id='answerType207908' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207908[]' id='answer-id-830455' class='answer   answerof-207908 ' value='830455'   \/><label for='answer-id-830455' id='answer-label-830455' class=' answer'><span>Implementing record retention tools and techniques<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207908[]' id='answer-id-830456' class='answer   answerof-207908 ' value='830456'   \/><label for='answer-id-830456' id='answer-label-830456' class=' answer'><span>Establishing e-discovery and data loss prevention (DLP)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207908[]' id='answer-id-830457' class='answer   answerof-207908 ' value='830457'   \/><label for='answer-id-830457' id='answer-label-830457' class=' answer'><span>Sending notifications when near storage quota<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207908[]' id='answer-id-830458' class='answer   answerof-207908 ' value='830458'   \/><label for='answer-id-830458' id='answer-label-830458' class=' answer'><span>Implementing a bring your own device 1BVOD) policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-207909'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>Malware has recently affected an organization. <br \/>\r<br>The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:<\/div><input type='hidden' name='question_id[]' id='qID_32' value='207909' \/><input type='hidden' id='answerType207909' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207909[]' id='answer-id-830459' class='answer   answerof-207909 ' value='830459'   \/><label for='answer-id-830459' id='answer-label-830459' class=' answer'><span>a gap analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207909[]' id='answer-id-830460' class='answer   answerof-207909 ' value='830460'   \/><label for='answer-id-830460' id='answer-label-830460' class=' answer'><span>a root cause analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207909[]' id='answer-id-830461' class='answer   answerof-207909 ' value='830461'   \/><label for='answer-id-830461' id='answer-label-830461' class=' answer'><span>an impact assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207909[]' id='answer-id-830462' class='answer   answerof-207909 ' value='830462'   \/><label for='answer-id-830462' id='answer-label-830462' class=' answer'><span>a vulnerability assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-207910'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>Calculation of the recovery time objective (RTO) is necessary to determine the:<\/div><input type='hidden' name='question_id[]' id='qID_33' value='207910' \/><input type='hidden' id='answerType207910' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207910[]' id='answer-id-830463' class='answer   answerof-207910 ' value='830463'   \/><label for='answer-id-830463' id='answer-label-830463' class=' answer'><span>time required to restore files.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207910[]' id='answer-id-830464' class='answer   answerof-207910 ' value='830464'   \/><label for='answer-id-830464' id='answer-label-830464' class=' answer'><span>point of synchronization<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207910[]' id='answer-id-830465' class='answer   answerof-207910 ' value='830465'   \/><label for='answer-id-830465' id='answer-label-830465' class=' answer'><span>priority of restoration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207910[]' id='answer-id-830466' class='answer   answerof-207910 ' value='830466'   \/><label for='answer-id-830466' id='answer-label-830466' class=' answer'><span>annual loss expectancy (ALE).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-207911'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP) . <br \/>\r<br>Which of the following should be done NEXT?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='207911' \/><input type='hidden' id='answerType207911' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207911[]' id='answer-id-830467' class='answer   answerof-207911 ' value='830467'   \/><label for='answer-id-830467' id='answer-label-830467' class=' answer'><span>Report the gap to senior management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207911[]' id='answer-id-830468' class='answer   answerof-207911 ' value='830468'   \/><label for='answer-id-830468' id='answer-label-830468' class=' answer'><span>Consult with the IT department to update the RTO<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207911[]' id='answer-id-830469' class='answer   answerof-207911 ' value='830469'   \/><label for='answer-id-830469' id='answer-label-830469' class=' answer'><span>Complete a risk exception form.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207911[]' id='answer-id-830470' class='answer   answerof-207911 ' value='830470'   \/><label for='answer-id-830470' id='answer-label-830470' class=' answer'><span>Consult with the business owner to update the BCP<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-207912'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='207912' \/><input type='hidden' id='answerType207912' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207912[]' id='answer-id-830471' class='answer   answerof-207912 ' value='830471'   \/><label for='answer-id-830471' id='answer-label-830471' class=' answer'><span>Percentage of systems included in recovery processes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207912[]' id='answer-id-830472' class='answer   answerof-207912 ' value='830472'   \/><label for='answer-id-830472' id='answer-label-830472' class=' answer'><span>Number of key systems hosted<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207912[]' id='answer-id-830473' class='answer   answerof-207912 ' value='830473'   \/><label for='answer-id-830473' id='answer-label-830473' class=' answer'><span>Average response time to resolve system incidents<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207912[]' id='answer-id-830474' class='answer   answerof-207912 ' value='830474'   \/><label for='answer-id-830474' id='answer-label-830474' class=' answer'><span>Percentage of system availability<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-207913'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>Which of the following is the MOST important factor affecting risk management in an organization?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='207913' \/><input type='hidden' id='answerType207913' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207913[]' id='answer-id-830475' class='answer   answerof-207913 ' value='830475'   \/><label for='answer-id-830475' id='answer-label-830475' class=' answer'><span>The risk manager's expertise<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207913[]' id='answer-id-830476' class='answer   answerof-207913 ' value='830476'   \/><label for='answer-id-830476' id='answer-label-830476' class=' answer'><span>Regulatory requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207913[]' id='answer-id-830477' class='answer   answerof-207913 ' value='830477'   \/><label for='answer-id-830477' id='answer-label-830477' class=' answer'><span>Board of directors' expertise<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207913[]' id='answer-id-830478' class='answer   answerof-207913 ' value='830478'   \/><label for='answer-id-830478' id='answer-label-830478' class=' answer'><span>The organization's culture<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-207914'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization . <br \/>\r<br>Which of the following components of this review would provide the MOST useful information?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='207914' \/><input type='hidden' id='answerType207914' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207914[]' id='answer-id-830479' class='answer   answerof-207914 ' value='830479'   \/><label for='answer-id-830479' id='answer-label-830479' class=' answer'><span>Risk appetite statement<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207914[]' id='answer-id-830480' class='answer   answerof-207914 ' value='830480'   \/><label for='answer-id-830480' id='answer-label-830480' class=' answer'><span>Enterprise risk management framework<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207914[]' id='answer-id-830481' class='answer   answerof-207914 ' value='830481'   \/><label for='answer-id-830481' id='answer-label-830481' class=' answer'><span>Risk management policies<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207914[]' id='answer-id-830482' class='answer   answerof-207914 ' value='830482'   \/><label for='answer-id-830482' id='answer-label-830482' class=' answer'><span>Risk register<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-207915'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>Which of the following should be the PRIMARY input when designing IT controls?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='207915' \/><input type='hidden' id='answerType207915' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207915[]' id='answer-id-830483' class='answer   answerof-207915 ' value='830483'   \/><label for='answer-id-830483' id='answer-label-830483' class=' answer'><span>Benchmark of industry standards<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207915[]' id='answer-id-830484' class='answer   answerof-207915 ' value='830484'   \/><label for='answer-id-830484' id='answer-label-830484' class=' answer'><span>Internal and external risk reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207915[]' id='answer-id-830485' class='answer   answerof-207915 ' value='830485'   \/><label for='answer-id-830485' id='answer-label-830485' class=' answer'><span>Recommendations from IT risk experts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207915[]' id='answer-id-830486' class='answer   answerof-207915 ' value='830486'   \/><label for='answer-id-830486' id='answer-label-830486' class=' answer'><span>Outcome of control self-assessments<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-207916'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage . <br \/>\r<br>Which of the following is MOST likely to change as a result of this implementation?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='207916' \/><input type='hidden' id='answerType207916' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207916[]' id='answer-id-830487' class='answer   answerof-207916 ' value='830487'   \/><label for='answer-id-830487' id='answer-label-830487' class=' answer'><span>Risk likelihood<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207916[]' id='answer-id-830488' class='answer   answerof-207916 ' value='830488'   \/><label for='answer-id-830488' id='answer-label-830488' class=' answer'><span>Risk velocity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207916[]' id='answer-id-830489' class='answer   answerof-207916 ' value='830489'   \/><label for='answer-id-830489' id='answer-label-830489' class=' answer'><span>Risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207916[]' id='answer-id-830490' class='answer   answerof-207916 ' value='830490'   \/><label for='answer-id-830490' id='answer-label-830490' class=' answer'><span>Risk impact<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-207917'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>The PRIMARY objective of testing the effectiveness of a new control before implementation is to:<\/div><input type='hidden' name='question_id[]' id='qID_40' value='207917' \/><input type='hidden' id='answerType207917' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207917[]' id='answer-id-830491' class='answer   answerof-207917 ' value='830491'   \/><label for='answer-id-830491' id='answer-label-830491' class=' answer'><span>ensure that risk is mitigated by the control.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207917[]' id='answer-id-830492' class='answer   answerof-207917 ' value='830492'   \/><label for='answer-id-830492' id='answer-label-830492' class=' answer'><span>measure efficiency of the control process.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207917[]' id='answer-id-830493' class='answer   answerof-207917 ' value='830493'   \/><label for='answer-id-830493' id='answer-label-830493' class=' answer'><span>confirm control alignment with business objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207917[]' id='answer-id-830494' class='answer   answerof-207917 ' value='830494'   \/><label for='answer-id-830494' id='answer-label-830494' class=' answer'><span>comply with the organization's policy.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-207918'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>Which of the following is the MOST important benefit of key risk indicators (KRIs)'<\/div><input type='hidden' name='question_id[]' id='qID_41' value='207918' \/><input type='hidden' id='answerType207918' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207918[]' id='answer-id-830495' class='answer   answerof-207918 ' value='830495'   \/><label for='answer-id-830495' id='answer-label-830495' class=' answer'><span>Assisting in continually optimizing risk governance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207918[]' id='answer-id-830496' class='answer   answerof-207918 ' value='830496'   \/><label for='answer-id-830496' id='answer-label-830496' class=' answer'><span>Enabling the documentation and analysis of trends<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207918[]' id='answer-id-830497' class='answer   answerof-207918 ' value='830497'   \/><label for='answer-id-830497' id='answer-label-830497' class=' answer'><span>Ensuring compliance with regulatory requirements<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207918[]' id='answer-id-830498' class='answer   answerof-207918 ' value='830498'   \/><label for='answer-id-830498' id='answer-label-830498' class=' answer'><span>Providing an early warning to take proactive actions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-207919'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='207919' \/><input type='hidden' id='answerType207919' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207919[]' id='answer-id-830499' class='answer   answerof-207919 ' value='830499'   \/><label for='answer-id-830499' id='answer-label-830499' class=' answer'><span>Align business objectives to the risk profile.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207919[]' id='answer-id-830500' class='answer   answerof-207919 ' value='830500'   \/><label for='answer-id-830500' id='answer-label-830500' class=' answer'><span>Assess risk against business objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207919[]' id='answer-id-830501' class='answer   answerof-207919 ' value='830501'   \/><label for='answer-id-830501' id='answer-label-830501' class=' answer'><span>Implement an organization-specific risk taxonomy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207919[]' id='answer-id-830502' class='answer   answerof-207919 ' value='830502'   \/><label for='answer-id-830502' id='answer-label-830502' class=' answer'><span>Explain risk details to management.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-207920'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='207920' \/><input type='hidden' id='answerType207920' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207920[]' id='answer-id-830503' class='answer   answerof-207920 ' value='830503'   \/><label for='answer-id-830503' id='answer-label-830503' class=' answer'><span>Risk mitigation budget<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207920[]' id='answer-id-830504' class='answer   answerof-207920 ' value='830504'   \/><label for='answer-id-830504' id='answer-label-830504' class=' answer'><span>Business Impact analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207920[]' id='answer-id-830505' class='answer   answerof-207920 ' value='830505'   \/><label for='answer-id-830505' id='answer-label-830505' class=' answer'><span>Cost-benefit analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207920[]' id='answer-id-830506' class='answer   answerof-207920 ' value='830506'   \/><label for='answer-id-830506' id='answer-label-830506' class=' answer'><span>Return on investment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-207921'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. <br \/>\r<br>Of the following, who should be accountable?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='207921' \/><input type='hidden' id='answerType207921' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207921[]' id='answer-id-830507' class='answer   answerof-207921 ' value='830507'   \/><label for='answer-id-830507' id='answer-label-830507' class=' answer'><span>Business continuity manager (BCM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207921[]' id='answer-id-830508' class='answer   answerof-207921 ' value='830508'   \/><label for='answer-id-830508' id='answer-label-830508' class=' answer'><span>Human resources manager (HRM)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207921[]' id='answer-id-830509' class='answer   answerof-207921 ' value='830509'   \/><label for='answer-id-830509' id='answer-label-830509' class=' answer'><span>Chief risk officer (CRO)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207921[]' id='answer-id-830510' class='answer   answerof-207921 ' value='830510'   \/><label for='answer-id-830510' id='answer-label-830510' class=' answer'><span>Chief information officer (CIO)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-207922'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security . <br \/>\r<br>Which of the following observations would be MOST relevant to escalate to senior management?<\/div><input type='hidden' name='question_id[]' id='qID_45' value='207922' \/><input type='hidden' id='answerType207922' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207922[]' id='answer-id-830511' class='answer   answerof-207922 ' value='830511'   \/><label for='answer-id-830511' id='answer-label-830511' class=' answer'><span>An increase in attempted distributed denial of service (DDoS) attacks<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207922[]' id='answer-id-830512' class='answer   answerof-207922 ' value='830512'   \/><label for='answer-id-830512' id='answer-label-830512' class=' answer'><span>An increase in attempted website phishing attacks<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207922[]' id='answer-id-830513' class='answer   answerof-207922 ' value='830513'   \/><label for='answer-id-830513' id='answer-label-830513' class=' answer'><span>A decrease in achievement of service level agreements (SLAs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207922[]' id='answer-id-830514' class='answer   answerof-207922 ' value='830514'   \/><label for='answer-id-830514' id='answer-label-830514' class=' answer'><span>A decrease in remediated web security vulnerabilities<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-207923'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?<\/div><input type='hidden' name='question_id[]' id='qID_46' value='207923' \/><input type='hidden' id='answerType207923' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207923[]' id='answer-id-830515' class='answer   answerof-207923 ' value='830515'   \/><label for='answer-id-830515' id='answer-label-830515' class=' answer'><span>Key risk indicator (KRI) thresholds<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207923[]' id='answer-id-830516' class='answer   answerof-207923 ' value='830516'   \/><label for='answer-id-830516' id='answer-label-830516' class=' answer'><span>Inherent risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207923[]' id='answer-id-830517' class='answer   answerof-207923 ' value='830517'   \/><label for='answer-id-830517' id='answer-label-830517' class=' answer'><span>Risk likelihood and impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207923[]' id='answer-id-830518' class='answer   answerof-207923 ' value='830518'   \/><label for='answer-id-830518' id='answer-label-830518' class=' answer'><span>Risk velocity<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-207924'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?<\/div><input type='hidden' name='question_id[]' id='qID_47' value='207924' \/><input type='hidden' id='answerType207924' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207924[]' id='answer-id-830519' class='answer   answerof-207924 ' value='830519'   \/><label for='answer-id-830519' id='answer-label-830519' class=' answer'><span>Establish a cyber response plan<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207924[]' id='answer-id-830520' class='answer   answerof-207924 ' value='830520'   \/><label for='answer-id-830520' id='answer-label-830520' class=' answer'><span>Implement data loss prevention (DLP) tools.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207924[]' id='answer-id-830521' class='answer   answerof-207924 ' value='830521'   \/><label for='answer-id-830521' id='answer-label-830521' class=' answer'><span>Implement network segregation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207924[]' id='answer-id-830522' class='answer   answerof-207924 ' value='830522'   \/><label for='answer-id-830522' id='answer-label-830522' class=' answer'><span>Strengthen vulnerability remediation efforts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-207925'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>An organization wants to assess the maturity of its internal control environment. <br \/>\r<br>The FIRST step should be to:<\/div><input type='hidden' name='question_id[]' id='qID_48' value='207925' \/><input type='hidden' id='answerType207925' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207925[]' id='answer-id-830523' class='answer   answerof-207925 ' value='830523'   \/><label for='answer-id-830523' id='answer-label-830523' class=' answer'><span>validate control process execution.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207925[]' id='answer-id-830524' class='answer   answerof-207925 ' value='830524'   \/><label for='answer-id-830524' id='answer-label-830524' class=' answer'><span>determine if controls are effective.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207925[]' id='answer-id-830525' class='answer   answerof-207925 ' value='830525'   \/><label for='answer-id-830525' id='answer-label-830525' class=' answer'><span>identify key process owners.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207925[]' id='answer-id-830526' class='answer   answerof-207925 ' value='830526'   \/><label for='answer-id-830526' id='answer-label-830526' class=' answer'><span>conduct a baseline assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-207926'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>Which of the following roles would provide the MOST important input when identifying IT risk scenarios?<\/div><input type='hidden' name='question_id[]' id='qID_49' value='207926' \/><input type='hidden' id='answerType207926' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207926[]' id='answer-id-830527' class='answer   answerof-207926 ' value='830527'   \/><label for='answer-id-830527' id='answer-label-830527' class=' answer'><span>Information security managers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207926[]' id='answer-id-830528' class='answer   answerof-207926 ' value='830528'   \/><label for='answer-id-830528' id='answer-label-830528' class=' answer'><span>Internal auditors<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207926[]' id='answer-id-830529' class='answer   answerof-207926 ' value='830529'   \/><label for='answer-id-830529' id='answer-label-830529' class=' answer'><span>Business process owners<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207926[]' id='answer-id-830530' class='answer   answerof-207926 ' value='830530'   \/><label for='answer-id-830530' id='answer-label-830530' class=' answer'><span>Operational risk managers<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-207927'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>Which of the following risk register updates is MOST important for senior management to review?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='207927' \/><input type='hidden' id='answerType207927' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207927[]' id='answer-id-830531' class='answer   answerof-207927 ' value='830531'   \/><label for='answer-id-830531' id='answer-label-830531' class=' answer'><span>Extending the date of a future action plan by two months<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207927[]' id='answer-id-830532' class='answer   answerof-207927 ' value='830532'   \/><label for='answer-id-830532' id='answer-label-830532' class=' answer'><span>Retiring a risk scenario no longer used<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207927[]' id='answer-id-830533' class='answer   answerof-207927 ' value='830533'   \/><label for='answer-id-830533' id='answer-label-830533' class=' answer'><span>Avoiding a risk that was previously accepted<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207927[]' id='answer-id-830534' class='answer   answerof-207927 ' value='830534'   \/><label for='answer-id-830534' id='answer-label-830534' class=' answer'><span>Changing a risk owner<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-207928'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>Which of the following is the BEST method for assessing control effectiveness?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='207928' \/><input type='hidden' id='answerType207928' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207928[]' id='answer-id-830535' class='answer   answerof-207928 ' value='830535'   \/><label for='answer-id-830535' id='answer-label-830535' class=' answer'><span>Ad hoc control reporting<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207928[]' id='answer-id-830536' class='answer   answerof-207928 ' value='830536'   \/><label for='answer-id-830536' id='answer-label-830536' class=' answer'><span>Control self-assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207928[]' id='answer-id-830537' class='answer   answerof-207928 ' value='830537'   \/><label for='answer-id-830537' id='answer-label-830537' class=' answer'><span>Continuous monitoring<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207928[]' id='answer-id-830538' class='answer   answerof-207928 ' value='830538'   \/><label for='answer-id-830538' id='answer-label-830538' class=' answer'><span>Predictive analytics<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-207929'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>The MOST effective way to increase the likelihood that risk responses will be implemented is to:<\/div><input type='hidden' name='question_id[]' id='qID_52' value='207929' \/><input type='hidden' id='answerType207929' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207929[]' id='answer-id-830539' class='answer   answerof-207929 ' value='830539'   \/><label for='answer-id-830539' id='answer-label-830539' class=' answer'><span>create an action plan<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207929[]' id='answer-id-830540' class='answer   answerof-207929 ' value='830540'   \/><label for='answer-id-830540' id='answer-label-830540' class=' answer'><span>assign ownership<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207929[]' id='answer-id-830541' class='answer   answerof-207929 ' value='830541'   \/><label for='answer-id-830541' id='answer-label-830541' class=' answer'><span>review progress reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207929[]' id='answer-id-830542' class='answer   answerof-207929 ' value='830542'   \/><label for='answer-id-830542' id='answer-label-830542' class=' answer'><span>perform regular audits.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-207930'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT . <br \/>\r<br>Which of the following is the BEST way for the risk practitioner to address these concerns?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='207930' \/><input type='hidden' id='answerType207930' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207930[]' id='answer-id-830543' class='answer   answerof-207930 ' value='830543'   \/><label for='answer-id-830543' id='answer-label-830543' class=' answer'><span>Describe IT risk scenarios in terms of business risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207930[]' id='answer-id-830544' class='answer   answerof-207930 ' value='830544'   \/><label for='answer-id-830544' id='answer-label-830544' class=' answer'><span>Recommend the formation of an executive risk council to oversee IT risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207930[]' id='answer-id-830545' class='answer   answerof-207930 ' value='830545'   \/><label for='answer-id-830545' id='answer-label-830545' class=' answer'><span>Provide an estimate of IT system downtime if IT risk materializes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207930[]' id='answer-id-830546' class='answer   answerof-207930 ' value='830546'   \/><label for='answer-id-830546' id='answer-label-830546' class=' answer'><span>Educate business executives on IT risk concepts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-207931'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>Which of the following would BEST help to ensure that identified risk is efficiently managed?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='207931' \/><input type='hidden' id='answerType207931' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207931[]' id='answer-id-830547' class='answer   answerof-207931 ' value='830547'   \/><label for='answer-id-830547' id='answer-label-830547' class=' answer'><span>Reviewing the maturity of the control environment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207931[]' id='answer-id-830548' class='answer   answerof-207931 ' value='830548'   \/><label for='answer-id-830548' id='answer-label-830548' class=' answer'><span>Regularly monitoring the project plan<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207931[]' id='answer-id-830549' class='answer   answerof-207931 ' value='830549'   \/><label for='answer-id-830549' id='answer-label-830549' class=' answer'><span>Maintaining a key risk indicator for each asset in the risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207931[]' id='answer-id-830550' class='answer   answerof-207931 ' value='830550'   \/><label for='answer-id-830550' id='answer-label-830550' class=' answer'><span>Periodically reviewing controls per the risk treatment plan<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-207932'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?<\/div><input type='hidden' name='question_id[]' id='qID_55' value='207932' \/><input type='hidden' id='answerType207932' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207932[]' id='answer-id-830551' class='answer   answerof-207932 ' value='830551'   \/><label for='answer-id-830551' id='answer-label-830551' class=' answer'><span>Identify the potential risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207932[]' id='answer-id-830552' class='answer   answerof-207932 ' value='830552'   \/><label for='answer-id-830552' id='answer-label-830552' class=' answer'><span>Monitor employee usage.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207932[]' id='answer-id-830553' class='answer   answerof-207932 ' value='830553'   \/><label for='answer-id-830553' id='answer-label-830553' class=' answer'><span>Assess the potential risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207932[]' id='answer-id-830554' class='answer   answerof-207932 ' value='830554'   \/><label for='answer-id-830554' id='answer-label-830554' class=' answer'><span>Develop risk awareness training.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-56' style=';'><div id='questionWrap-56'  class='   watupro-question-id-207933'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>56. <\/span>Which of the following is the BEST way to identify changes to the risk landscape?<\/div><input type='hidden' name='question_id[]' id='qID_56' value='207933' \/><input type='hidden' id='answerType207933' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207933[]' id='answer-id-830555' class='answer   answerof-207933 ' value='830555'   \/><label for='answer-id-830555' id='answer-label-830555' class=' answer'><span>Internal audit reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207933[]' id='answer-id-830556' class='answer   answerof-207933 ' value='830556'   \/><label for='answer-id-830556' id='answer-label-830556' class=' answer'><span>Access reviews<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207933[]' id='answer-id-830557' class='answer   answerof-207933 ' value='830557'   \/><label for='answer-id-830557' id='answer-label-830557' class=' answer'><span>Threat modeling<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207933[]' id='answer-id-830558' class='answer   answerof-207933 ' value='830558'   \/><label for='answer-id-830558' id='answer-label-830558' class=' answer'><span>Root cause analysis<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-57' style=';'><div id='questionWrap-57'  class='   watupro-question-id-207934'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>57. <\/span>In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?<\/div><input type='hidden' name='question_id[]' id='qID_57' value='207934' \/><input type='hidden' id='answerType207934' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207934[]' id='answer-id-830559' class='answer   answerof-207934 ' value='830559'   \/><label for='answer-id-830559' id='answer-label-830559' class=' answer'><span>Risk questionnaire<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207934[]' id='answer-id-830560' class='answer   answerof-207934 ' value='830560'   \/><label for='answer-id-830560' id='answer-label-830560' class=' answer'><span>Risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207934[]' id='answer-id-830561' class='answer   answerof-207934 ' value='830561'   \/><label for='answer-id-830561' id='answer-label-830561' class=' answer'><span>Management assertion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207934[]' id='answer-id-830562' class='answer   answerof-207934 ' value='830562'   \/><label for='answer-id-830562' id='answer-label-830562' class=' answer'><span>Compliance manual<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-58' style=';'><div id='questionWrap-58'  class='   watupro-question-id-207935'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>58. <\/span>The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:<\/div><input type='hidden' name='question_id[]' id='qID_58' value='207935' \/><input type='hidden' id='answerType207935' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207935[]' id='answer-id-830563' class='answer   answerof-207935 ' value='830563'   \/><label for='answer-id-830563' id='answer-label-830563' class=' answer'><span>implement uniform controls for common risk scenarios.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207935[]' id='answer-id-830564' class='answer   answerof-207935 ' value='830564'   \/><label for='answer-id-830564' id='answer-label-830564' class=' answer'><span>ensure business unit risk is uniformly distributed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207935[]' id='answer-id-830565' class='answer   answerof-207935 ' value='830565'   \/><label for='answer-id-830565' id='answer-label-830565' class=' answer'><span>build a risk profile for management review.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207935[]' id='answer-id-830566' class='answer   answerof-207935 ' value='830566'   \/><label for='answer-id-830566' id='answer-label-830566' class=' answer'><span>quantify the organization's risk appetite.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-59' style=';'><div id='questionWrap-59'  class='   watupro-question-id-207936'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>59. <\/span>Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?<\/div><input type='hidden' name='question_id[]' id='qID_59' value='207936' \/><input type='hidden' id='answerType207936' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207936[]' id='answer-id-830567' class='answer   answerof-207936 ' value='830567'   \/><label for='answer-id-830567' id='answer-label-830567' class=' answer'><span>The number of security incidents escalated to senior management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207936[]' id='answer-id-830568' class='answer   answerof-207936 ' value='830568'   \/><label for='answer-id-830568' id='answer-label-830568' class=' answer'><span>The number of resolved security incidents<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207936[]' id='answer-id-830569' class='answer   answerof-207936 ' value='830569'   \/><label for='answer-id-830569' id='answer-label-830569' class=' answer'><span>The number of newly identified security incidents<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207936[]' id='answer-id-830570' class='answer   answerof-207936 ' value='830570'   \/><label for='answer-id-830570' id='answer-label-830570' class=' answer'><span>The number of recurring security incidents<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-60' style=';'><div id='questionWrap-60'  class='   watupro-question-id-207937'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>60. <\/span>Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?<\/div><input type='hidden' name='question_id[]' id='qID_60' value='207937' \/><input type='hidden' id='answerType207937' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207937[]' id='answer-id-830571' class='answer   answerof-207937 ' value='830571'   \/><label for='answer-id-830571' id='answer-label-830571' class=' answer'><span>Sensitivity analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207937[]' id='answer-id-830572' class='answer   answerof-207937 ' value='830572'   \/><label for='answer-id-830572' id='answer-label-830572' class=' answer'><span>Level of residual risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207937[]' id='answer-id-830573' class='answer   answerof-207937 ' value='830573'   \/><label for='answer-id-830573' id='answer-label-830573' class=' answer'><span>Cost-benefit analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207937[]' id='answer-id-830574' class='answer   answerof-207937 ' value='830574'   \/><label for='answer-id-830574' id='answer-label-830574' class=' answer'><span>Risk appetite<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-61' style=';'><div id='questionWrap-61'  class='   watupro-question-id-207938'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>61. <\/span>From a business perspective, which of the following is the MOST important objective of a disaster recovery test?<\/div><input type='hidden' name='question_id[]' id='qID_61' value='207938' \/><input type='hidden' id='answerType207938' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207938[]' id='answer-id-830575' class='answer   answerof-207938 ' value='830575'   \/><label for='answer-id-830575' id='answer-label-830575' class=' answer'><span>The organization gains assurance it can recover from a disaster<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207938[]' id='answer-id-830576' class='answer   answerof-207938 ' value='830576'   \/><label for='answer-id-830576' id='answer-label-830576' class=' answer'><span>Errors are discovered in the disaster recovery process.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207938[]' id='answer-id-830577' class='answer   answerof-207938 ' value='830577'   \/><label for='answer-id-830577' id='answer-label-830577' class=' answer'><span>All business critical systems are successfully tested.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207938[]' id='answer-id-830578' class='answer   answerof-207938 ' value='830578'   \/><label for='answer-id-830578' id='answer-label-830578' class=' answer'><span>All critical data is recovered within recovery time objectives (RTOs).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-62' style=';'><div id='questionWrap-62'  class='   watupro-question-id-207939'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>62. <\/span>Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?<\/div><input type='hidden' name='question_id[]' id='qID_62' value='207939' \/><input type='hidden' id='answerType207939' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207939[]' id='answer-id-830579' class='answer   answerof-207939 ' value='830579'   \/><label for='answer-id-830579' id='answer-label-830579' class=' answer'><span>Cost of offsite backup premises<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207939[]' id='answer-id-830580' class='answer   answerof-207939 ' value='830580'   \/><label for='answer-id-830580' id='answer-label-830580' class=' answer'><span>Cost of downtime due to a disaster<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207939[]' id='answer-id-830581' class='answer   answerof-207939 ' value='830581'   \/><label for='answer-id-830581' id='answer-label-830581' class=' answer'><span>Cost of testing the business continuity plan<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207939[]' id='answer-id-830582' class='answer   answerof-207939 ' value='830582'   \/><label for='answer-id-830582' id='answer-label-830582' class=' answer'><span>Response time of the emergency action plan<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-63' style=';'><div id='questionWrap-63'  class='   watupro-question-id-207940'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>63. <\/span>A risk assessment has identified that an organization may not be in compliance with industry regulations. <br \/>\r<br>The BEST course of action would be to:<\/div><input type='hidden' name='question_id[]' id='qID_63' value='207940' \/><input type='hidden' id='answerType207940' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207940[]' id='answer-id-830583' class='answer   answerof-207940 ' value='830583'   \/><label for='answer-id-830583' id='answer-label-830583' class=' answer'><span>conduct a gap analysis against compliance criteria.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207940[]' id='answer-id-830584' class='answer   answerof-207940 ' value='830584'   \/><label for='answer-id-830584' id='answer-label-830584' class=' answer'><span>identify necessary controls to ensure compliance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207940[]' id='answer-id-830585' class='answer   answerof-207940 ' value='830585'   \/><label for='answer-id-830585' id='answer-label-830585' class=' answer'><span>modify internal assurance activities to include control validation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207940[]' id='answer-id-830586' class='answer   answerof-207940 ' value='830586'   \/><label for='answer-id-830586' id='answer-label-830586' class=' answer'><span>collaborate with management to meet compliance requirements.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-64' style=';'><div id='questionWrap-64'  class='   watupro-question-id-207941'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>64. <\/span>A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. <br \/>\r<br>The BEST way to support risk-based decisions by senior management would be to:<\/div><input type='hidden' name='question_id[]' id='qID_64' value='207941' \/><input type='hidden' id='answerType207941' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207941[]' id='answer-id-830587' class='answer   answerof-207941 ' value='830587'   \/><label for='answer-id-830587' id='answer-label-830587' class=' answer'><span>map findings to objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207941[]' id='answer-id-830588' class='answer   answerof-207941 ' value='830588'   \/><label for='answer-id-830588' id='answer-label-830588' class=' answer'><span>provide a quantified detailed analysts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207941[]' id='answer-id-830589' class='answer   answerof-207941 ' value='830589'   \/><label for='answer-id-830589' id='answer-label-830589' class=' answer'><span>recommend risk tolerance thresholds.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207941[]' id='answer-id-830590' class='answer   answerof-207941 ' value='830590'   \/><label for='answer-id-830590' id='answer-label-830590' class=' answer'><span>quantify key risk indicators (KRls).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-65' style=';'><div id='questionWrap-65'  class='   watupro-question-id-207942'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>65. <\/span>Which of the following is the BEST way to determine the ongoing efficiency of control processes?<\/div><input type='hidden' name='question_id[]' id='qID_65' value='207942' \/><input type='hidden' id='answerType207942' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207942[]' id='answer-id-830591' class='answer   answerof-207942 ' value='830591'   \/><label for='answer-id-830591' id='answer-label-830591' class=' answer'><span>Perform annual risk assessments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207942[]' id='answer-id-830592' class='answer   answerof-207942 ' value='830592'   \/><label for='answer-id-830592' id='answer-label-830592' class=' answer'><span>Interview process owners.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207942[]' id='answer-id-830593' class='answer   answerof-207942 ' value='830593'   \/><label for='answer-id-830593' id='answer-label-830593' class=' answer'><span>Review the risk register.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207942[]' id='answer-id-830594' class='answer   answerof-207942 ' value='830594'   \/><label for='answer-id-830594' id='answer-label-830594' class=' answer'><span>Analyze key performance indicators (KPIs).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-66' style=';'><div id='questionWrap-66'  class='   watupro-question-id-207943'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>66. <\/span>An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application . <br \/>\r<br>Which of the following should be the NEXT course of action?<\/div><input type='hidden' name='question_id[]' id='qID_66' value='207943' \/><input type='hidden' id='answerType207943' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207943[]' id='answer-id-830595' class='answer   answerof-207943 ' value='830595'   \/><label for='answer-id-830595' id='answer-label-830595' class=' answer'><span>Invoke the disaster recovery plan during an incident.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207943[]' id='answer-id-830596' class='answer   answerof-207943 ' value='830596'   \/><label for='answer-id-830596' id='answer-label-830596' class=' answer'><span>Prepare a cost-benefit analysis of alternatives available<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207943[]' id='answer-id-830597' class='answer   answerof-207943 ' value='830597'   \/><label for='answer-id-830597' id='answer-label-830597' class=' answer'><span>Implement redundant infrastructure for the application.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207943[]' id='answer-id-830598' class='answer   answerof-207943 ' value='830598'   \/><label for='answer-id-830598' id='answer-label-830598' class=' answer'><span>Reduce the recovery time by strengthening the response team.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-67' style=';'><div id='questionWrap-67'  class='   watupro-question-id-207944'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>67. <\/span>Which of the following is the MOST important consideration when sharing risk management updates with executive management?<\/div><input type='hidden' name='question_id[]' id='qID_67' value='207944' \/><input type='hidden' id='answerType207944' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207944[]' id='answer-id-830599' class='answer   answerof-207944 ' value='830599'   \/><label for='answer-id-830599' id='answer-label-830599' class=' answer'><span>Using an aggregated view of organizational risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207944[]' id='answer-id-830600' class='answer   answerof-207944 ' value='830600'   \/><label for='answer-id-830600' id='answer-label-830600' class=' answer'><span>Ensuring relevance to organizational goals<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207944[]' id='answer-id-830601' class='answer   answerof-207944 ' value='830601'   \/><label for='answer-id-830601' id='answer-label-830601' class=' answer'><span>Relying on key risk indicator (KRI) data Including<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207944[]' id='answer-id-830602' class='answer   answerof-207944 ' value='830602'   \/><label for='answer-id-830602' id='answer-label-830602' class=' answer'><span>Trend analysis of risk metrics<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-68' style=';'><div id='questionWrap-68'  class='   watupro-question-id-207945'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>68. <\/span>Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?<\/div><input type='hidden' name='question_id[]' id='qID_68' value='207945' \/><input type='hidden' id='answerType207945' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207945[]' id='answer-id-830603' class='answer   answerof-207945 ' value='830603'   \/><label for='answer-id-830603' id='answer-label-830603' class=' answer'><span>Performing a benchmark analysis and evaluating gaps<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207945[]' id='answer-id-830604' class='answer   answerof-207945 ' value='830604'   \/><label for='answer-id-830604' id='answer-label-830604' class=' answer'><span>Conducting risk assessments and implementing controls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207945[]' id='answer-id-830605' class='answer   answerof-207945 ' value='830605'   \/><label for='answer-id-830605' id='answer-label-830605' class=' answer'><span>Communicating components of risk and their acceptable levels<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207945[]' id='answer-id-830606' class='answer   answerof-207945 ' value='830606'   \/><label for='answer-id-830606' id='answer-label-830606' class=' answer'><span>Participating in peer reviews and implementing best practices<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-69' style=';'><div id='questionWrap-69'  class='   watupro-question-id-207946'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>69. <\/span>Which of the following would be MOST helpful when estimating the likelihood of negative events?<\/div><input type='hidden' name='question_id[]' id='qID_69' value='207946' \/><input type='hidden' id='answerType207946' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207946[]' id='answer-id-830607' class='answer   answerof-207946 ' value='830607'   \/><label for='answer-id-830607' id='answer-label-830607' class=' answer'><span>Business impact analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207946[]' id='answer-id-830608' class='answer   answerof-207946 ' value='830608'   \/><label for='answer-id-830608' id='answer-label-830608' class=' answer'><span>Threat analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207946[]' id='answer-id-830609' class='answer   answerof-207946 ' value='830609'   \/><label for='answer-id-830609' id='answer-label-830609' class=' answer'><span>Risk response analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207946[]' id='answer-id-830610' class='answer   answerof-207946 ' value='830610'   \/><label for='answer-id-830610' id='answer-label-830610' class=' answer'><span>Cost-benefit analysis<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-70' style=';'><div id='questionWrap-70'  class='   watupro-question-id-207947'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>70. <\/span>A risk practitioner is organizing risk awareness training for senior management . <br \/>\r<br>Which of the following is the MOST important topic to cover in the training session?<\/div><input type='hidden' name='question_id[]' id='qID_70' value='207947' \/><input type='hidden' id='answerType207947' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207947[]' id='answer-id-830611' class='answer   answerof-207947 ' value='830611'   \/><label for='answer-id-830611' id='answer-label-830611' class=' answer'><span>The organization's strategic risk management projects<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207947[]' id='answer-id-830612' class='answer   answerof-207947 ' value='830612'   \/><label for='answer-id-830612' id='answer-label-830612' class=' answer'><span>Senior management roles and responsibilities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207947[]' id='answer-id-830613' class='answer   answerof-207947 ' value='830613'   \/><label for='answer-id-830613' id='answer-label-830613' class=' answer'><span>The organizations risk appetite and tolerance<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207947[]' id='answer-id-830614' class='answer   answerof-207947 ' value='830614'   \/><label for='answer-id-830614' id='answer-label-830614' class=' answer'><span>Senior management allocation of risk management resources<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-71' style=';'><div id='questionWrap-71'  class='   watupro-question-id-207948'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>71. <\/span>An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. <br \/>\r<br>The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:<\/div><input type='hidden' name='question_id[]' id='qID_71' value='207948' \/><input type='hidden' id='answerType207948' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207948[]' id='answer-id-830615' class='answer   answerof-207948 ' value='830615'   \/><label for='answer-id-830615' id='answer-label-830615' class=' answer'><span>chief risk officer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207948[]' id='answer-id-830616' class='answer   answerof-207948 ' value='830616'   \/><label for='answer-id-830616' id='answer-label-830616' class=' answer'><span>project manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207948[]' id='answer-id-830617' class='answer   answerof-207948 ' value='830617'   \/><label for='answer-id-830617' id='answer-label-830617' class=' answer'><span>chief information officer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207948[]' id='answer-id-830618' class='answer   answerof-207948 ' value='830618'   \/><label for='answer-id-830618' id='answer-label-830618' class=' answer'><span>business process owner.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-72' style=';'><div id='questionWrap-72'  class='   watupro-question-id-207949'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>72. <\/span>When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?<\/div><input type='hidden' name='question_id[]' id='qID_72' value='207949' \/><input type='hidden' id='answerType207949' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207949[]' id='answer-id-830619' class='answer   answerof-207949 ' value='830619'   \/><label for='answer-id-830619' id='answer-label-830619' class=' answer'><span>Perform a background check on the vendor.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207949[]' id='answer-id-830620' class='answer   answerof-207949 ' value='830620'   \/><label for='answer-id-830620' id='answer-label-830620' class=' answer'><span>Require the vendor to sign a nondisclosure agreement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207949[]' id='answer-id-830621' class='answer   answerof-207949 ' value='830621'   \/><label for='answer-id-830621' id='answer-label-830621' class=' answer'><span>Require the vendor to have liability insurance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207949[]' id='answer-id-830622' class='answer   answerof-207949 ' value='830622'   \/><label for='answer-id-830622' id='answer-label-830622' class=' answer'><span>Clearly define the project scope<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-73' style=';'><div id='questionWrap-73'  class='   watupro-question-id-207950'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>73. <\/span>Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?<\/div><input type='hidden' name='question_id[]' id='qID_73' value='207950' \/><input type='hidden' id='answerType207950' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207950[]' id='answer-id-830623' class='answer   answerof-207950 ' value='830623'   \/><label for='answer-id-830623' id='answer-label-830623' class=' answer'><span>Continuous monitoring<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207950[]' id='answer-id-830624' class='answer   answerof-207950 ' value='830624'   \/><label for='answer-id-830624' id='answer-label-830624' class=' answer'><span>A control self-assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207950[]' id='answer-id-830625' class='answer   answerof-207950 ' value='830625'   \/><label for='answer-id-830625' id='answer-label-830625' class=' answer'><span>Transaction logging<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207950[]' id='answer-id-830626' class='answer   answerof-207950 ' value='830626'   \/><label for='answer-id-830626' id='answer-label-830626' class=' answer'><span>Benchmarking against peers<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-74' style=';'><div id='questionWrap-74'  class='   watupro-question-id-207951'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>74. <\/span>The MOST important characteristic of an organization s policies is to reflect the organization's:<\/div><input type='hidden' name='question_id[]' id='qID_74' value='207951' \/><input type='hidden' id='answerType207951' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207951[]' id='answer-id-830627' class='answer   answerof-207951 ' value='830627'   \/><label for='answer-id-830627' id='answer-label-830627' class=' answer'><span>risk assessment methodology.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207951[]' id='answer-id-830628' class='answer   answerof-207951 ' value='830628'   \/><label for='answer-id-830628' id='answer-label-830628' class=' answer'><span>risk appetite.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207951[]' id='answer-id-830629' class='answer   answerof-207951 ' value='830629'   \/><label for='answer-id-830629' id='answer-label-830629' class=' answer'><span>capabilities<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207951[]' id='answer-id-830630' class='answer   answerof-207951 ' value='830630'   \/><label for='answer-id-830630' id='answer-label-830630' class=' answer'><span>asset value.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-75' style=';'><div id='questionWrap-75'  class='   watupro-question-id-207952'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>75. <\/span>A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:<\/div><input type='hidden' name='question_id[]' id='qID_75' value='207952' \/><input type='hidden' id='answerType207952' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207952[]' id='answer-id-830631' class='answer   answerof-207952 ' value='830631'   \/><label for='answer-id-830631' id='answer-label-830631' class=' answer'><span>communication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207952[]' id='answer-id-830632' class='answer   answerof-207952 ' value='830632'   \/><label for='answer-id-830632' id='answer-label-830632' class=' answer'><span>identification.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207952[]' id='answer-id-830633' class='answer   answerof-207952 ' value='830633'   \/><label for='answer-id-830633' id='answer-label-830633' class=' answer'><span>treatment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207952[]' id='answer-id-830634' class='answer   answerof-207952 ' value='830634'   \/><label for='answer-id-830634' id='answer-label-830634' class=' answer'><span>assessment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-76' style=';'><div id='questionWrap-76'  class='   watupro-question-id-207953'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>76. <\/span>A trusted third party service provider has determined that the risk of a client's systems being hacked is low . <br \/>\r<br>Which of the following would be the client's BEST course of action?<\/div><input type='hidden' name='question_id[]' id='qID_76' value='207953' \/><input type='hidden' id='answerType207953' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207953[]' id='answer-id-830635' class='answer   answerof-207953 ' value='830635'   \/><label for='answer-id-830635' id='answer-label-830635' class=' answer'><span>Perform their own risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207953[]' id='answer-id-830636' class='answer   answerof-207953 ' value='830636'   \/><label for='answer-id-830636' id='answer-label-830636' class=' answer'><span>Implement additional controls to address the risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207953[]' id='answer-id-830637' class='answer   answerof-207953 ' value='830637'   \/><label for='answer-id-830637' id='answer-label-830637' class=' answer'><span>Accept the risk based on the third party's risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207953[]' id='answer-id-830638' class='answer   answerof-207953 ' value='830638'   \/><label for='answer-id-830638' id='answer-label-830638' class=' answer'><span>Perform an independent audit of the third party.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-77' style=';'><div id='questionWrap-77'  class='   watupro-question-id-207954'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>77. <\/span>Which of the following is the BEST course of action to reduce risk impact?<\/div><input type='hidden' name='question_id[]' id='qID_77' value='207954' \/><input type='hidden' id='answerType207954' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207954[]' id='answer-id-830639' class='answer   answerof-207954 ' value='830639'   \/><label for='answer-id-830639' id='answer-label-830639' class=' answer'><span>Create an IT security policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207954[]' id='answer-id-830640' class='answer   answerof-207954 ' value='830640'   \/><label for='answer-id-830640' id='answer-label-830640' class=' answer'><span>Implement corrective measures.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207954[]' id='answer-id-830641' class='answer   answerof-207954 ' value='830641'   \/><label for='answer-id-830641' id='answer-label-830641' class=' answer'><span>Implement detective controls.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207954[]' id='answer-id-830642' class='answer   answerof-207954 ' value='830642'   \/><label for='answer-id-830642' id='answer-label-830642' class=' answer'><span>Leverage existing technology<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-78' style=';'><div id='questionWrap-78'  class='   watupro-question-id-207955'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>78. <\/span>Improvements in the design and implementation of a control will MOST likely result in an update to:<\/div><input type='hidden' name='question_id[]' id='qID_78' value='207955' \/><input type='hidden' id='answerType207955' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207955[]' id='answer-id-830643' class='answer   answerof-207955 ' value='830643'   \/><label for='answer-id-830643' id='answer-label-830643' class=' answer'><span>inherent risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207955[]' id='answer-id-830644' class='answer   answerof-207955 ' value='830644'   \/><label for='answer-id-830644' id='answer-label-830644' class=' answer'><span>residual risk.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207955[]' id='answer-id-830645' class='answer   answerof-207955 ' value='830645'   \/><label for='answer-id-830645' id='answer-label-830645' class=' answer'><span>risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207955[]' id='answer-id-830646' class='answer   answerof-207955 ' value='830646'   \/><label for='answer-id-830646' id='answer-label-830646' class=' answer'><span>risk tolerance<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-79' style=';'><div id='questionWrap-79'  class='   watupro-question-id-207956'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>79. <\/span>A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:<\/div><input type='hidden' name='question_id[]' id='qID_79' value='207956' \/><input type='hidden' id='answerType207956' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207956[]' id='answer-id-830647' class='answer   answerof-207956 ' value='830647'   \/><label for='answer-id-830647' id='answer-label-830647' class=' answer'><span>a root cause analysis is required<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207956[]' id='answer-id-830648' class='answer   answerof-207956 ' value='830648'   \/><label for='answer-id-830648' id='answer-label-830648' class=' answer'><span>controls are effective for ensuring continuity<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207956[]' id='answer-id-830649' class='answer   answerof-207956 ' value='830649'   \/><label for='answer-id-830649' id='answer-label-830649' class=' answer'><span>hardware needs to be upgraded<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207956[]' id='answer-id-830650' class='answer   answerof-207956 ' value='830650'   \/><label for='answer-id-830650' id='answer-label-830650' class=' answer'><span>no action is required as there was no impact<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-80' style=';'><div id='questionWrap-80'  class='   watupro-question-id-207957'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>80. <\/span>A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet . <br \/>\r<br>What should be the risk practitioner's FIRST course of action?<\/div><input type='hidden' name='question_id[]' id='qID_80' value='207957' \/><input type='hidden' id='answerType207957' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207957[]' id='answer-id-830651' class='answer   answerof-207957 ' value='830651'   \/><label for='answer-id-830651' id='answer-label-830651' class=' answer'><span>invoke the established incident response plan.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207957[]' id='answer-id-830652' class='answer   answerof-207957 ' value='830652'   \/><label for='answer-id-830652' id='answer-label-830652' class=' answer'><span>Inform internal audit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207957[]' id='answer-id-830653' class='answer   answerof-207957 ' value='830653'   \/><label for='answer-id-830653' id='answer-label-830653' class=' answer'><span>Perform a root cause analysis<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207957[]' id='answer-id-830654' class='answer   answerof-207957 ' value='830654'   \/><label for='answer-id-830654' id='answer-label-830654' class=' answer'><span>Conduct an immediate risk assessment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-81' style=';'><div id='questionWrap-81'  class='   watupro-question-id-207958'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>81. <\/span>During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. <br \/>\r<br>The overall control environment may still be effective if:<\/div><input type='hidden' name='question_id[]' id='qID_81' value='207958' \/><input type='hidden' id='answerType207958' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207958[]' id='answer-id-830655' class='answer   answerof-207958 ' value='830655'   \/><label for='answer-id-830655' id='answer-label-830655' class=' answer'><span>compensating controls are in place.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207958[]' id='answer-id-830656' class='answer   answerof-207958 ' value='830656'   \/><label for='answer-id-830656' id='answer-label-830656' class=' answer'><span>a control mitigation plan is in place.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207958[]' id='answer-id-830657' class='answer   answerof-207958 ' value='830657'   \/><label for='answer-id-830657' id='answer-label-830657' class=' answer'><span>risk management is effective.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207958[]' id='answer-id-830658' class='answer   answerof-207958 ' value='830658'   \/><label for='answer-id-830658' id='answer-label-830658' class=' answer'><span>residual risk is accepted.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-82' style=';'><div id='questionWrap-82'  class='   watupro-question-id-207959'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>82. <\/span>After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?<\/div><input type='hidden' name='question_id[]' id='qID_82' value='207959' \/><input type='hidden' id='answerType207959' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207959[]' id='answer-id-830659' class='answer   answerof-207959 ' value='830659'   \/><label for='answer-id-830659' id='answer-label-830659' class=' answer'><span>The risk practitioner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207959[]' id='answer-id-830660' class='answer   answerof-207959 ' value='830660'   \/><label for='answer-id-830660' id='answer-label-830660' class=' answer'><span>The business process owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207959[]' id='answer-id-830661' class='answer   answerof-207959 ' value='830661'   \/><label for='answer-id-830661' id='answer-label-830661' class=' answer'><span>The risk owner<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207959[]' id='answer-id-830662' class='answer   answerof-207959 ' value='830662'   \/><label for='answer-id-830662' id='answer-label-830662' class=' answer'><span>The control owner<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-83' style=';'><div id='questionWrap-83'  class='   watupro-question-id-207960'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>83. <\/span>A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches . <br \/>\r<br>Which of the following elements of the risk register is MOST important to update to reflect this change?<\/div><input type='hidden' name='question_id[]' id='qID_83' value='207960' \/><input type='hidden' id='answerType207960' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207960[]' id='answer-id-830663' class='answer   answerof-207960 ' value='830663'   \/><label for='answer-id-830663' id='answer-label-830663' class=' answer'><span>Risk impact<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207960[]' id='answer-id-830664' class='answer   answerof-207960 ' value='830664'   \/><label for='answer-id-830664' id='answer-label-830664' class=' answer'><span>Risk trend<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207960[]' id='answer-id-830665' class='answer   answerof-207960 ' value='830665'   \/><label for='answer-id-830665' id='answer-label-830665' class=' answer'><span>Risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207960[]' id='answer-id-830666' class='answer   answerof-207960 ' value='830666'   \/><label for='answer-id-830666' id='answer-label-830666' class=' answer'><span>Risk likelihood<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-84' style=';'><div id='questionWrap-84'  class='   watupro-question-id-207961'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>84. <\/span>Which of the following would BEST provide early warning of a high-risk condition?<\/div><input type='hidden' name='question_id[]' id='qID_84' value='207961' \/><input type='hidden' id='answerType207961' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207961[]' id='answer-id-830667' class='answer   answerof-207961 ' value='830667'   \/><label for='answer-id-830667' id='answer-label-830667' class=' answer'><span>Risk register<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207961[]' id='answer-id-830668' class='answer   answerof-207961 ' value='830668'   \/><label for='answer-id-830668' id='answer-label-830668' class=' answer'><span>Risk assessment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207961[]' id='answer-id-830669' class='answer   answerof-207961 ' value='830669'   \/><label for='answer-id-830669' id='answer-label-830669' class=' answer'><span>Key risk indicator (KRI)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207961[]' id='answer-id-830670' class='answer   answerof-207961 ' value='830670'   \/><label for='answer-id-830670' id='answer-label-830670' class=' answer'><span>Key performance indicator (KPI)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-85' style=';'><div id='questionWrap-85'  class='   watupro-question-id-207962'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>85. <\/span>What is the BEST information to present to business control owners when justifying costs related to controls?<\/div><input type='hidden' name='question_id[]' id='qID_85' value='207962' \/><input type='hidden' id='answerType207962' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207962[]' id='answer-id-830671' class='answer   answerof-207962 ' value='830671'   \/><label for='answer-id-830671' id='answer-label-830671' class=' answer'><span>Loss event frequency and magnitude<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207962[]' id='answer-id-830672' class='answer   answerof-207962 ' value='830672'   \/><label for='answer-id-830672' id='answer-label-830672' class=' answer'><span>The previous year's budget and actuals<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207962[]' id='answer-id-830673' class='answer   answerof-207962 ' value='830673'   \/><label for='answer-id-830673' id='answer-label-830673' class=' answer'><span>Industry benchmarks and standards<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207962[]' id='answer-id-830674' class='answer   answerof-207962 ' value='830674'   \/><label for='answer-id-830674' id='answer-label-830674' class=' answer'><span>Return on IT security-related investments<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-86' style=';'><div id='questionWrap-86'  class='   watupro-question-id-207963'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>86. <\/span>Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?<\/div><input type='hidden' name='question_id[]' id='qID_86' value='207963' \/><input type='hidden' id='answerType207963' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207963[]' id='answer-id-830675' class='answer   answerof-207963 ' value='830675'   \/><label for='answer-id-830675' id='answer-label-830675' class=' answer'><span>impact due to failure of control<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207963[]' id='answer-id-830676' class='answer   answerof-207963 ' value='830676'   \/><label for='answer-id-830676' id='answer-label-830676' class=' answer'><span>Frequency of failure of control<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207963[]' id='answer-id-830677' class='answer   answerof-207963 ' value='830677'   \/><label for='answer-id-830677' id='answer-label-830677' class=' answer'><span>Contingency plan for residual risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207963[]' id='answer-id-830678' class='answer   answerof-207963 ' value='830678'   \/><label for='answer-id-830678' id='answer-label-830678' class=' answer'><span>Cost-benefit analysis of automation<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-87' style=';'><div id='questionWrap-87'  class='   watupro-question-id-207964'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>87. <\/span>An organization has determined a risk scenario is outside the defined risk tolerance level . <br \/>\r<br>What should be the NEXT course of action?<\/div><input type='hidden' name='question_id[]' id='qID_87' value='207964' \/><input type='hidden' id='answerType207964' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207964[]' id='answer-id-830679' class='answer   answerof-207964 ' value='830679'   \/><label for='answer-id-830679' id='answer-label-830679' class=' answer'><span>Develop a compensating control.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207964[]' id='answer-id-830680' class='answer   answerof-207964 ' value='830680'   \/><label for='answer-id-830680' id='answer-label-830680' class=' answer'><span>Allocate remediation resources.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207964[]' id='answer-id-830681' class='answer   answerof-207964 ' value='830681'   \/><label for='answer-id-830681' id='answer-label-830681' class=' answer'><span>Perform a cost-benefit analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207964[]' id='answer-id-830682' class='answer   answerof-207964 ' value='830682'   \/><label for='answer-id-830682' id='answer-label-830682' class=' answer'><span>Identify risk responses<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-88' style=';'><div id='questionWrap-88'  class='   watupro-question-id-207965'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>88. <\/span>A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization. <br \/>\r<br>Which of the following i&lt; the MOST important topic to cover in this training?<\/div><input type='hidden' name='question_id[]' id='qID_88' value='207965' \/><input type='hidden' id='answerType207965' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207965[]' id='answer-id-830683' class='answer   answerof-207965 ' value='830683'   \/><label for='answer-id-830683' id='answer-label-830683' class=' answer'><span>Applying risk appetite<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207965[]' id='answer-id-830684' class='answer   answerof-207965 ' value='830684'   \/><label for='answer-id-830684' id='answer-label-830684' class=' answer'><span>Applying risk factors<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207965[]' id='answer-id-830685' class='answer   answerof-207965 ' value='830685'   \/><label for='answer-id-830685' id='answer-label-830685' class=' answer'><span>Referencing risk event data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207965[]' id='answer-id-830686' class='answer   answerof-207965 ' value='830686'   \/><label for='answer-id-830686' id='answer-label-830686' class=' answer'><span>Understanding risk culture<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-89' style=';'><div id='questionWrap-89'  class='   watupro-question-id-207966'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>89. <\/span>Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?<\/div><input type='hidden' name='question_id[]' id='qID_89' value='207966' \/><input type='hidden' id='answerType207966' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207966[]' id='answer-id-830687' class='answer   answerof-207966 ' value='830687'   \/><label for='answer-id-830687' id='answer-label-830687' class=' answer'><span>Perform an m-depth code review with an expert<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207966[]' id='answer-id-830688' class='answer   answerof-207966 ' value='830688'   \/><label for='answer-id-830688' id='answer-label-830688' class=' answer'><span>Validate functionality by running in a test environment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207966[]' id='answer-id-830689' class='answer   answerof-207966 ' value='830689'   \/><label for='answer-id-830689' id='answer-label-830689' class=' answer'><span>Implement a service level agreement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207966[]' id='answer-id-830690' class='answer   answerof-207966 ' value='830690'   \/><label for='answer-id-830690' id='answer-label-830690' class=' answer'><span>Utilize the change management process.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-90' style=';'><div id='questionWrap-90'  class='   watupro-question-id-207967'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>90. <\/span>Which of the following would be MOST useful when measuring the progress of a risk response action plan?<\/div><input type='hidden' name='question_id[]' id='qID_90' value='207967' \/><input type='hidden' id='answerType207967' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207967[]' id='answer-id-830691' class='answer   answerof-207967 ' value='830691'   \/><label for='answer-id-830691' id='answer-label-830691' class=' answer'><span>Percentage of mitigated risk scenarios<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207967[]' id='answer-id-830692' class='answer   answerof-207967 ' value='830692'   \/><label for='answer-id-830692' id='answer-label-830692' class=' answer'><span>Annual loss expectancy (ALE) changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207967[]' id='answer-id-830693' class='answer   answerof-207967 ' value='830693'   \/><label for='answer-id-830693' id='answer-label-830693' class=' answer'><span>Resource expenditure against budget<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207967[]' id='answer-id-830694' class='answer   answerof-207967 ' value='830694'   \/><label for='answer-id-830694' id='answer-label-830694' class=' answer'><span>An up-to-date risk register<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-91' style=';'><div id='questionWrap-91'  class='   watupro-question-id-207968'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>91. <\/span>An unauthorized individual has socially engineered entry into an organization's secured physical premises . <br \/>\r<br>Which of the following is the BEST way to prevent future occurrences?<\/div><input type='hidden' name='question_id[]' id='qID_91' value='207968' \/><input type='hidden' id='answerType207968' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207968[]' id='answer-id-830695' class='answer   answerof-207968 ' value='830695'   \/><label for='answer-id-830695' id='answer-label-830695' class=' answer'><span>Employ security guards.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207968[]' id='answer-id-830696' class='answer   answerof-207968 ' value='830696'   \/><label for='answer-id-830696' id='answer-label-830696' class=' answer'><span>Conduct security awareness training.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207968[]' id='answer-id-830697' class='answer   answerof-207968 ' value='830697'   \/><label for='answer-id-830697' id='answer-label-830697' class=' answer'><span>Install security cameras.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207968[]' id='answer-id-830698' class='answer   answerof-207968 ' value='830698'   \/><label for='answer-id-830698' id='answer-label-830698' class=' answer'><span>Require security access badges.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-92' style=';'><div id='questionWrap-92'  class='   watupro-question-id-207969'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>92. <\/span>The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?<\/div><input type='hidden' name='question_id[]' id='qID_92' value='207969' \/><input type='hidden' id='answerType207969' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207969[]' id='answer-id-830699' class='answer   answerof-207969 ' value='830699'   \/><label for='answer-id-830699' id='answer-label-830699' class=' answer'><span>Logs and system events<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207969[]' id='answer-id-830700' class='answer   answerof-207969 ' value='830700'   \/><label for='answer-id-830700' id='answer-label-830700' class=' answer'><span>Intrusion detection system (IDS) rules<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207969[]' id='answer-id-830701' class='answer   answerof-207969 ' value='830701'   \/><label for='answer-id-830701' id='answer-label-830701' class=' answer'><span>Vulnerability assessment reports<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207969[]' id='answer-id-830702' class='answer   answerof-207969 ' value='830702'   \/><label for='answer-id-830702' id='answer-label-830702' class=' answer'><span>Penetration test reports<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-93' style=';'><div id='questionWrap-93'  class='   watupro-question-id-207970'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>93. <\/span>Which of the following is the MOST important outcome of reviewing the risk management process?<\/div><input type='hidden' name='question_id[]' id='qID_93' value='207970' \/><input type='hidden' id='answerType207970' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207970[]' id='answer-id-830703' class='answer   answerof-207970 ' value='830703'   \/><label for='answer-id-830703' id='answer-label-830703' class=' answer'><span>Assuring the risk profile supports the IT objectives<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207970[]' id='answer-id-830704' class='answer   answerof-207970 ' value='830704'   \/><label for='answer-id-830704' id='answer-label-830704' class=' answer'><span>Improving the competencies of employees who performed the review<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207970[]' id='answer-id-830705' class='answer   answerof-207970 ' value='830705'   \/><label for='answer-id-830705' id='answer-label-830705' class=' answer'><span>Determining what changes should be nude to IS policies to reduce risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207970[]' id='answer-id-830706' class='answer   answerof-207970 ' value='830706'   \/><label for='answer-id-830706' id='answer-label-830706' class=' answer'><span>Determining that procedures used in risk assessment are appropriate<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-94' style=';'><div id='questionWrap-94'  class='   watupro-question-id-207971'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>94. <\/span>Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?<\/div><input type='hidden' name='question_id[]' id='qID_94' value='207971' \/><input type='hidden' id='answerType207971' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207971[]' id='answer-id-830707' class='answer   answerof-207971 ' value='830707'   \/><label for='answer-id-830707' id='answer-label-830707' class=' answer'><span>Increase in the frequency of changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207971[]' id='answer-id-830708' class='answer   answerof-207971 ' value='830708'   \/><label for='answer-id-830708' id='answer-label-830708' class=' answer'><span>Percent of unauthorized changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207971[]' id='answer-id-830709' class='answer   answerof-207971 ' value='830709'   \/><label for='answer-id-830709' id='answer-label-830709' class=' answer'><span>Increase in the number of emergency changes<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207971[]' id='answer-id-830710' class='answer   answerof-207971 ' value='830710'   \/><label for='answer-id-830710' id='answer-label-830710' class=' answer'><span>Average time to complete changes<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-95' style=';'><div id='questionWrap-95'  class='   watupro-question-id-207972'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>95. <\/span>The PRIMARY advantage of implementing an IT risk management framework is the:<\/div><input type='hidden' name='question_id[]' id='qID_95' value='207972' \/><input type='hidden' id='answerType207972' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207972[]' id='answer-id-830711' class='answer   answerof-207972 ' value='830711'   \/><label for='answer-id-830711' id='answer-label-830711' class=' answer'><span>establishment of a reliable basis for risk-aware decision making.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207972[]' id='answer-id-830712' class='answer   answerof-207972 ' value='830712'   \/><label for='answer-id-830712' id='answer-label-830712' class=' answer'><span>compliance with relevant legal and regulatory requirements.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207972[]' id='answer-id-830713' class='answer   answerof-207972 ' value='830713'   \/><label for='answer-id-830713' id='answer-label-830713' class=' answer'><span>improvement of controls within the organization and minimized losses.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207972[]' id='answer-id-830714' class='answer   answerof-207972 ' value='830714'   \/><label for='answer-id-830714' id='answer-label-830714' class=' answer'><span>alignment of business goals with IT objectives.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-96' style=';'><div id='questionWrap-96'  class='   watupro-question-id-207973'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>96. <\/span>During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall . <br \/>\r<br>Which of the following controls has MOST likely been compromised?<\/div><input type='hidden' name='question_id[]' id='qID_96' value='207973' \/><input type='hidden' id='answerType207973' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207973[]' id='answer-id-830715' class='answer   answerof-207973 ' value='830715'   \/><label for='answer-id-830715' id='answer-label-830715' class=' answer'><span>Data validation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207973[]' id='answer-id-830716' class='answer   answerof-207973 ' value='830716'   \/><label for='answer-id-830716' id='answer-label-830716' class=' answer'><span>Identification<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207973[]' id='answer-id-830717' class='answer   answerof-207973 ' value='830717'   \/><label for='answer-id-830717' id='answer-label-830717' class=' answer'><span>Authentication<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207973[]' id='answer-id-830718' class='answer   answerof-207973 ' value='830718'   \/><label for='answer-id-830718' id='answer-label-830718' class=' answer'><span>Data integrity<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-97' style=';'><div id='questionWrap-97'  class='   watupro-question-id-207974'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>97. <\/span>Which of the following will BEST mitigate the risk associated with IT and business misalignment?<\/div><input type='hidden' name='question_id[]' id='qID_97' value='207974' \/><input type='hidden' id='answerType207974' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207974[]' id='answer-id-830719' class='answer   answerof-207974 ' value='830719'   \/><label for='answer-id-830719' id='answer-label-830719' class=' answer'><span>Establishing business key performance indicators (KPIs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207974[]' id='answer-id-830720' class='answer   answerof-207974 ' value='830720'   \/><label for='answer-id-830720' id='answer-label-830720' class=' answer'><span>Introducing an established framework for IT architecture<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207974[]' id='answer-id-830721' class='answer   answerof-207974 ' value='830721'   \/><label for='answer-id-830721' id='answer-label-830721' class=' answer'><span>Establishing key risk indicators (KRIs)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207974[]' id='answer-id-830722' class='answer   answerof-207974 ' value='830722'   \/><label for='answer-id-830722' id='answer-label-830722' class=' answer'><span>Involving the business process owner in IT strategy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-98' style=';'><div id='questionWrap-98'  class='   watupro-question-id-207975'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>98. <\/span>Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?<\/div><input type='hidden' name='question_id[]' id='qID_98' value='207975' \/><input type='hidden' id='answerType207975' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207975[]' id='answer-id-830723' class='answer   answerof-207975 ' value='830723'   \/><label for='answer-id-830723' id='answer-label-830723' class=' answer'><span>Corporate incident escalation protocols are established.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207975[]' id='answer-id-830724' class='answer   answerof-207975 ' value='830724'   \/><label for='answer-id-830724' id='answer-label-830724' class=' answer'><span>Exposure is integrated into the organization's risk profile.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207975[]' id='answer-id-830725' class='answer   answerof-207975 ' value='830725'   \/><label for='answer-id-830725' id='answer-label-830725' class=' answer'><span>Risk appetite cascades to business unit management<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207975[]' id='answer-id-830726' class='answer   answerof-207975 ' value='830726'   \/><label for='answer-id-830726' id='answer-label-830726' class=' answer'><span>The organization-wide control budget is expanded.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-99' style=';'><div id='questionWrap-99'  class='   watupro-question-id-207976'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>99. <\/span>An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. <br \/>\r<br>The PRIMARY goal of this program should be to:<\/div><input type='hidden' name='question_id[]' id='qID_99' value='207976' \/><input type='hidden' id='answerType207976' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207976[]' id='answer-id-830727' class='answer   answerof-207976 ' value='830727'   \/><label for='answer-id-830727' id='answer-label-830727' class=' answer'><span>reduce the risk to an acceptable level.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207976[]' id='answer-id-830728' class='answer   answerof-207976 ' value='830728'   \/><label for='answer-id-830728' id='answer-label-830728' class=' answer'><span>communicate the consequences for violations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207976[]' id='answer-id-830729' class='answer   answerof-207976 ' value='830729'   \/><label for='answer-id-830729' id='answer-label-830729' class=' answer'><span>implement industry best practices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207976[]' id='answer-id-830730' class='answer   answerof-207976 ' value='830730'   \/><label for='answer-id-830730' id='answer-label-830730' class=' answer'><span>reduce the organization's risk appetite<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-100' style=';'><div id='questionWrap-100'  class='   watupro-question-id-207977'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>100. <\/span>Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?<\/div><input type='hidden' name='question_id[]' id='qID_100' value='207977' \/><input type='hidden' id='answerType207977' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207977[]' id='answer-id-830731' class='answer   answerof-207977 ' value='830731'   \/><label for='answer-id-830731' id='answer-label-830731' class=' answer'><span>Aligning risk ownership and control ownership<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207977[]' id='answer-id-830732' class='answer   answerof-207977 ' value='830732'   \/><label for='answer-id-830732' id='answer-label-830732' class=' answer'><span>Developing risk escalation and reporting procedures<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207977[]' id='answer-id-830733' class='answer   answerof-207977 ' value='830733'   \/><label for='answer-id-830733' id='answer-label-830733' class=' answer'><span>Maintaining up-to-date risk treatment plans<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-207977[]' id='answer-id-830734' class='answer   answerof-207977 ' value='830734'   \/><label for='answer-id-830734' id='answer-label-830734' class=' answer'><span>Using a consistent method for risk assessment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-101'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons6043\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"6043\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-07 19:22:26\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778181746\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"207878:830335,830336,830337,830338 | 207879:830339,830340,830341,830342 | 207880:830343,830344,830345,830346 | 207881:830347,830348,830349,830350 | 207882:830351,830352,830353,830354 | 207883:830355,830356,830357,830358 | 207884:830359,830360,830361,830362 | 207885:830363,830364,830365,830366 | 207886:830367,830368,830369,830370 | 207887:830371,830372,830373,830374 | 207888:830375,830376,830377,830378 | 207889:830379,830380,830381,830382 | 207890:830383,830384,830385,830386 | 207891:830387,830388,830389,830390 | 207892:830391,830392,830393,830394 | 207893:830395,830396,830397,830398 | 207894:830399,830400,830401,830402 | 207895:830403,830404,830405,830406 | 207896:830407,830408,830409,830410 | 207897:830411,830412,830413,830414 | 207898:830415,830416,830417,830418 | 207899:830419,830420,830421,830422 | 207900:830423,830424,830425,830426 | 207901:830427,830428,830429,830430 | 207902:830431,830432,830433,830434 | 207903:830435,830436,830437,830438 | 207904:830439,830440,830441,830442 | 207905:830443,830444,830445,830446 | 207906:830447,830448,830449,830450 | 207907:830451,830452,830453,830454 | 207908:830455,830456,830457,830458 | 207909:830459,830460,830461,830462 | 207910:830463,830464,830465,830466 | 207911:830467,830468,830469,830470 | 207912:830471,830472,830473,830474 | 207913:830475,830476,830477,830478 | 207914:830479,830480,830481,830482 | 207915:830483,830484,830485,830486 | 207916:830487,830488,830489,830490 | 207917:830491,830492,830493,830494 | 207918:830495,830496,830497,830498 | 207919:830499,830500,830501,830502 | 207920:830503,830504,830505,830506 | 207921:830507,830508,830509,830510 | 207922:830511,830512,830513,830514 | 207923:830515,830516,830517,830518 | 207924:830519,830520,830521,830522 | 207925:830523,830524,830525,830526 | 207926:830527,830528,830529,830530 | 207927:830531,830532,830533,830534 | 207928:830535,830536,830537,830538 | 207929:830539,830540,830541,830542 | 207930:830543,830544,830545,830546 | 207931:830547,830548,830549,830550 | 207932:830551,830552,830553,830554 | 207933:830555,830556,830557,830558 | 207934:830559,830560,830561,830562 | 207935:830563,830564,830565,830566 | 207936:830567,830568,830569,830570 | 207937:830571,830572,830573,830574 | 207938:830575,830576,830577,830578 | 207939:830579,830580,830581,830582 | 207940:830583,830584,830585,830586 | 207941:830587,830588,830589,830590 | 207942:830591,830592,830593,830594 | 207943:830595,830596,830597,830598 | 207944:830599,830600,830601,830602 | 207945:830603,830604,830605,830606 | 207946:830607,830608,830609,830610 | 207947:830611,830612,830613,830614 | 207948:830615,830616,830617,830618 | 207949:830619,830620,830621,830622 | 207950:830623,830624,830625,830626 | 207951:830627,830628,830629,830630 | 207952:830631,830632,830633,830634 | 207953:830635,830636,830637,830638 | 207954:830639,830640,830641,830642 | 207955:830643,830644,830645,830646 | 207956:830647,830648,830649,830650 | 207957:830651,830652,830653,830654 | 207958:830655,830656,830657,830658 | 207959:830659,830660,830661,830662 | 207960:830663,830664,830665,830666 | 207961:830667,830668,830669,830670 | 207962:830671,830672,830673,830674 | 207963:830675,830676,830677,830678 | 207964:830679,830680,830681,830682 | 207965:830683,830684,830685,830686 | 207966:830687,830688,830689,830690 | 207967:830691,830692,830693,830694 | 207968:830695,830696,830697,830698 | 207969:830699,830700,830701,830702 | 207970:830703,830704,830705,830706 | 207971:830707,830708,830709,830710 | 207972:830711,830712,830713,830714 | 207973:830715,830716,830717,830718 | 207974:830719,830720,830721,830722 | 207975:830723,830724,830725,830726 | 207976:830727,830728,830729,830730 | 207977:830731,830732,830733,830734\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"207878,207879,207880,207881,207882,207883,207884,207885,207886,207887,207888,207889,207890,207891,207892,207893,207894,207895,207896,207897,207898,207899,207900,207901,207902,207903,207904,207905,207906,207907,207908,207909,207910,207911,207912,207913,207914,207915,207916,207917,207918,207919,207920,207921,207922,207923,207924,207925,207926,207927,207928,207929,207930,207931,207932,207933,207934,207935,207936,207937,207938,207939,207940,207941,207942,207943,207944,207945,207946,207947,207948,207949,207950,207951,207952,207953,207954,207955,207956,207957,207958,207959,207960,207961,207962,207963,207964,207965,207966,207967,207968,207969,207970,207971,207972,207973,207974,207975,207976,207977\";\nWatuPROSettings[6043] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 6043;\t    \nWatuPRO.post_id = 35194;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.50437500 1778181746\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(6043);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\r\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[429,431],"tags":[10588,10589,10591,10590,10593],"class_list":["post-35194","post","type-post","status-publish","format-standard","hentry","category-isaca","category-isaca-certificaton","tag-crisc","tag-crisc-dumps","tag-crisc-dumps-questions","tag-crisc-exam-dumps","tag-crisc-free-dumps"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/35194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=35194"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/35194\/revisions"}],"predecessor-version":[{"id":35198,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/35194\/revisions\/35198"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=35194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=35194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=35194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}