- (Exam Topic 2)
Which of The following is the PRIMARY consideration when establishing an organization's risk management methodology?

1. A. Business context
2. B. Risk tolerance level
3. C. Resource requirements
4. D. Benchmarking information

Correct Answer: A

- (Exam Topic 4)
A poster has been displayed in a data center that reads. "Anyone caught taking photographs in the data center may be subject to disciplinary action." Which of the following control types has been implemented?

1. A. Corrective
2. B. Detective
3. C. Deterrent
4. D. Preventative

Correct Answer: A

- (Exam Topic 4)
A segregation of duties control was found to be ineffective because it did not account for all applicable functions when evaluating access. Who is responsible for ensuring the control is designed to effectively address risk?

1. A. Risk manager
2. B. Control owner
3. C. Control tester
4. D. Risk owner

Correct Answer: B

- (Exam Topic 3)
Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

1. A. Conduct a comprehensive compliance review.
2. B. Develop incident response procedures for noncompliance.
3. C. Investigate the root cause of noncompliance.
4. D. Declare a security breach and Inform management.

Correct Answer: C

- (Exam Topic 3)
To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

1. A. require the vendor to sign a nondisclosure agreement
2. B. clearly define the project scope.
3. C. perform background checks on the vendor.
4. D. notify network administrators before testing

Correct Answer: A