Which of the following would be considered a cyber-risk?

1. A. A system that does not meet the needs of users
2. B. A change in security technology
3. C. Unauthorized use of information

Correct Answer: C

One of the PRIMARY purposes of threat intelligence is to understand:

1. A. zero-day threats.
2. B. breach likelihood.
3. C. asset vulnerabilities.

Correct Answer: B

Which of the following is of GREATEST concern when aggregating risk information in management reports?

1. A. Duplicating details of risk status
2. B. Obfuscating the reasons behind risk
3. C. Generalizing acceptable risk levels

Correct Answer: B

Which of the following is the MOST important aspect of key performance indicators (KPIs)?

1. A. KPIs identify underperforming assets that may impact the achievement of operational goals.
2. B. KPIs provide inputs for monitoring the usage of IT assets to determine return on investment (ROI).
3. C. KPIs aid management in monitoring the organization's IT infrastructure capacity.

Correct Answer: A

Which of the following is the MOST likely reason that a list of control deficiencies identified in a recent security assessment would be excluded from an IT risk register?

1. A. The deficiencies have no business relevance.
2. B. The deficiencies are actual misconfigurations.
3. C. The deficiencies have already been resolved.

Correct Answer: C