The BEST time to perform a penetration test is after:
Give this one a try later!
various infrastructure changes are made.
Which of the following activities is related to the use of key performance indicators
for management of technology controls?
,Give this one a try later!
Measurement of control effectiveness to determine that business
requirements are being met
Which of the following is an example of a key performance indicator?
Give this one a try later!
Average network availability uptime
Which of the following is the MOST important consideration for an enterprise
structuring a contract with a third party? The inclusion of a:
Give this one a try later!
confidentiality clause.
Purchasing insurance is a form of:
Give this one a try later!
risk transfer.
A risk practitioner receives a message late at night that critical IT equipment will be
delivered several days late due to flooding. Fortunately, a reciprocal agreement exists
,with another company for a replacement until the equipment arrives. This is an
example of risk:
Give this one a try later!
mitigation.
Which of the following controls is an example of one that reduces the probability of a
risk event?
Give this one a try later!
A change management process requires that intersystem dependencies be
considered prior to approval of system downtime.
Which of the following is MOST important prior to conducting a penetration test?
Give this one a try later!
Senior management approval of exercise parameters
Maintaining a set of decryption keys with an escrow service is MOST likely an
example of:
Give this one a try later!
mitigating risk with the use of encryption keys.
, Which of the following actions is the BEST when a critical risk has been identified and
the resources to mitigate are not immediately available?
Give this one a try later!
Escalate the risk report to senior management to obtain the resources to
mitigate the risk.
Which of the following activities is an example of risk sharing?
Give this one a try later!
Contracting with a third party
An enterprise is implementing controls to protect a list of employee details from
being exposed to unauthorized individuals. The internal control requirements will
come from:
Give this one a try later!
process owners.
Faced with numerous risk scenarios, the prioritization of treatment options will be
MOST effective when based on:
Give this one a try later!
Give this one a try later!
various infrastructure changes are made.
Which of the following activities is related to the use of key performance indicators
for management of technology controls?
,Give this one a try later!
Measurement of control effectiveness to determine that business
requirements are being met
Which of the following is an example of a key performance indicator?
Give this one a try later!
Average network availability uptime
Which of the following is the MOST important consideration for an enterprise
structuring a contract with a third party? The inclusion of a:
Give this one a try later!
confidentiality clause.
Purchasing insurance is a form of:
Give this one a try later!
risk transfer.
A risk practitioner receives a message late at night that critical IT equipment will be
delivered several days late due to flooding. Fortunately, a reciprocal agreement exists
,with another company for a replacement until the equipment arrives. This is an
example of risk:
Give this one a try later!
mitigation.
Which of the following controls is an example of one that reduces the probability of a
risk event?
Give this one a try later!
A change management process requires that intersystem dependencies be
considered prior to approval of system downtime.
Which of the following is MOST important prior to conducting a penetration test?
Give this one a try later!
Senior management approval of exercise parameters
Maintaining a set of decryption keys with an escrow service is MOST likely an
example of:
Give this one a try later!
mitigating risk with the use of encryption keys.
, Which of the following actions is the BEST when a critical risk has been identified and
the resources to mitigate are not immediately available?
Give this one a try later!
Escalate the risk report to senior management to obtain the resources to
mitigate the risk.
Which of the following activities is an example of risk sharing?
Give this one a try later!
Contracting with a third party
An enterprise is implementing controls to protect a list of employee details from
being exposed to unauthorized individuals. The internal control requirements will
come from:
Give this one a try later!
process owners.
Faced with numerous risk scenarios, the prioritization of treatment options will be
MOST effective when based on:
Give this one a try later!
