Question 1

An organization is transitioning to cloud-based services and has conducted a risk assessment to identify related security risks. The risk manager must report the results to different departments within the organization. How should the risk manager tailor the reports to be relevant to each department?

Options :

A : Customize the reports to highlight risks and treatments pertinent to each department’s functions.

B : Deliver oral summaries without providing written reports to save time.

C : Focus the reports only on the most severe risks to avoid overwhelming the departments.

D : Provide the same detailed report to all departments for consistency.

Answer: A

Question 2

A financial services firm is implementing a risk assessment program for its digital banking services. What factor is important to consider when selecting a risk assessment methodology?

Options :

A : Using an outdated risk assessment methodology that does not consider current digital banking trends and threats.

B : Selecting a methodology that disregards the specific risks associated with digital banking.

C : Focusing only on quantitative analysis and disregarding the qualitative aspects of risk.

D : Choosing a methodology that aligns with the firm-s digital banking services and regulatory compliance requirements.

Answer: D

Question 3

An e-commerce company is developing a risk treatment plan to address the risk of DDoS attacks on its website. They are considering options such as upgrading their infrastructure, implementing a cloud-based DDoS protection service, establishing an incident response team, or a combination of these measures. Which option should be included in the risk treatment plan to effectively manage this risk?

Options :

A : Establishing an incident response team only.

B : A combination of infrastructure upgrade, cloud-based DDoS protection, and an incident response team.

C : Implementing a cloud-based DDoS protection service only.

D : Upgrading their infrastructure only.

Answer: B

Question 4

A financial institution is assessing the impact of a new regulatory requirement on its information security risk management program. Who is primarily responsible for ensuring that the program complies with these new regulatory requirements?

Options :

A : The information security team.

B : The legal and compliance department.

C : The risk management committee.

D : The internal audit team.

Answer: B

Question 5

An online retail company is using the OCTAVE-S method to assess risks to its e-commerce platform. The team has identified critical assets and is in the second phase of OCTAVE-S. What is the next step, and why is it important for the risk assessment of the e-commerce platform?

Options :

A : Implementing general security policies without further analysis.

B : Focusing only on compliance with e-commerce regulations.

C : Identifying threats to the critical assets and evaluating the likelihood and impact of these threats.

D : Purchasing cybersecurity insurance for all identified risks.

Answer: C

Confidently Practice Online with Free ISO-27005-LRM Exam Cram

Buying Options: