IT-Risk-Fundamentals by ISACA Actual Free Exam Q&As

Question 1

Which of the following is the MOST likely reason that a list of control deficiencies identified in a recent security assessment would be excluded from an IT risk register?

A. The deficiencies have already been resolved. B. The deficiencies have no business relevance. C. The deficiencies are actual misconfigurations.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 2

To be effective, risk reporting and communication should provide:

A. stakeholders with concise information focused on key points. B. the same risk information for each decision-making stakeholder. C. risk reports to each business unit and groups of employees.

Discussion 0

Correct Answer: A Vote an answer

Question 3

An enterprise is currently experiencing an unacceptable 8% processing error rate and desires to manage risk by establishing a policy that error rates cannot exceed 5%. In addition, management wants to be alerted when error rates meet or exceed 4%. The enterprise should set a key performance indicator (KPI) metric at which of the following levels?

A. 5% B. 8% C. 4%

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 4

For risk reporting to adequately reflect current risk management capabilities, the risk report should be based on the enterprise:

A. risk appetite. B. risk management framework. C. risk profile.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 5

An enterprise recently implemented multi-factor authentication. During the most recent risk assessment, it was determined that cybersecurity risk is within the organization's risk appetite threshold. What is the MOST appropriate action for the organization to take regarding the remaining cybersecurity residual risk?

A. Mitigate B. Transfer C. Accept

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 6

An enterprise has moved its data center from a flood-prone area where it had experienced significant service disruptions to one that is not a flood zone. Which risk response strategy has the organization selected?

A. Risk transfer B. Risk avoidance C. Risk mitigation

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 7

Which of the following is the BEST control to prevent unauthorized user access in a remote work environment?

A. Read-only user privileges B. Monthly user access recertification C. Multi-factor authentication

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

ISACA IT Risk Fundamentals Certificate - IT-Risk-Fundamentals Exam Practice Test