- (Exam Topic 3)
For a large software development project, risk assessments are MOST effective when performed:

1. A. before system development begins.
2. B. at system development.
3. C. at each stage of the system development life cycle (SDLC).
4. D. during the development of the business case.

Correct Answer: C

- (Exam Topic 4)
An organization has decided to commit to a business activity with the knowledge that the risk exposure is higher than the risk appetite. Which of the following is the risk practitioner's MOST important action related to this decision?

1. A. Recommend risk remediation
2. B. Change the level of risk appetite
3. C. Document formal acceptance of the risk
4. D. Reject the business initiative

Correct Answer: C

- (Exam Topic 3)
Which of the following is MOST important to compare against the corporate risk profile?

1. A. Industry benchmarks
2. B. Risk tolerance
3. C. Risk appetite
4. D. Regulatory compliance

Correct Answer: D

- (Exam Topic 4)
An organization control environment is MOST effective when:

1. A. control designs are reviewed periodically
2. B. controls perform as intended.
3. C. controls are implemented consistently.
4. D. controls operate efficiently

Correct Answer: B

- (Exam Topic 3)
A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

1. A. Monitor the databases for abnormal activity
2. B. Approve exception to allow the software to continue operating
3. C. Require the software vendor to remediate the vulnerabilities
4. D. Accept the risk and let the vendor run the software as is

Correct Answer: C