- (Exam Topic 4)
Which of the following would be the result of a significant increase in the motivation of a malicious threat actor?

1. A. Increase in mitigating control costs
2. B. Increase in risk event impact
3. C. Increase in risk event likelihood
4. D. Increase in cybersecurity premium

Correct Answer: C

- (Exam Topic 3)
Which of the following MUST be updated to maintain an IT risk register?

1. A. Expected frequency and potential impact
2. B. Risk tolerance
3. C. Enterprise-wide IT risk assessment
4. D. Risk appetite

Correct Answer: C

- (Exam Topic 4)
An organization recently configured a new business division Which of the following is MOST likely to be affected?

1. A. Risk profile
2. B. Risk culture
3. C. Risk appetite
4. D. Risk tolerance

Correct Answer: A

- (Exam Topic 2)
Which of the following would be the GREATEST concern related to data privacy when implementing an Internet of Things (loT) solution that collects personally identifiable information (Pll)?

1. A. A privacy impact assessment has not been completed.
2. B. Data encryption methods apply to a subset of Pll obtained.
3. C. The data privacy officer was not consulted.
4. D. Insufficient access controls are used on the loT devices.

Correct Answer: A

- (Exam Topic 2)
Which of the following is MOST important to review when determining whether a potential IT service provider’s control environment is effective?

1. A. Independent audit report
2. B. Control self-assessment
3. C. MOST important to update when an
4. D. Service level agreements (SLAs)

Correct Answer: A