- (Exam Topic 1)
Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

1. A. Risk mitigation budget
2. B. Business Impact analysis
3. C. Cost-benefit analysis
4. D. Return on investment

Correct Answer: C

- (Exam Topic 1)
Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

1. A. The number of security incidents escalated to senior management
2. B. The number of resolved security incidents
3. C. The number of newly identified security incidents
4. D. The number of recurring security incidents

Correct Answer: C

- (Exam Topic 4)
Which of the following BEST enables effective IT control implementation?

1. A. Key risk indicators (KRIs)
2. B. Documented procedures
3. C. Information security policies
4. D. Information security standards

Correct Answer: B

- (Exam Topic 4)
Which of the following roles should be assigned accountability for monitoring risk levels?

1. A. Risk practitioner
2. B. Business manager
3. C. Risk owner
4. D. Control owner

Correct Answer: C

- (Exam Topic 2)
An organization's HR department has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

1. A. Number of malicious activities occurring during staff members leave
2. B. Percentage of staff members seeking exception to the policy
3. C. Percentage of staff members taking leave according to the policy
4. D. Financial loss incurred due to malicious activities during staff members' leave

Correct Answer: B