×

Special Offer! November Sale at DumpsCity! Get 20% Off on All Certification Exam Questions. Use Code: DC20OFF

Email Us [email protected]
LOG IN SIGN UP 0

Free PECB ISO-IEC-27005-Risk-Manager Exam Questions

Try our Free Demo Practice Tests for Comprehensive ISO-IEC-27005-Risk-Manager Exam Preparation

  • PECB ISO-IEC-27005-Risk-Manager Exam Questions
  • Provided By: PECB
  • Exam: PECB Certified ISO/IEC 27005 Risk Manager Certification
  • Certification: PECB Auditor
  • Total Questions: 60
  • Updated On: Nov 11, 2024
  • Rated: 4.9 |
  • Online Users: 120
Page No. 1 of 12
   
Add To Cart
  • Question 1
    • Scenario 7: Adstry is a business growth agency that specializes in digital marketing strategies. Adstry helpsorganizations redefine the relationships with their customers through innovative solutions. Adstry isheadquartered in San Francisco and recently opened two new offices in New York. The structure of thecompany is organized into teams which are led by project managers. The project manager has the full powerin any decision related to projects. The team members, on the other hand, report the project’s progress toproject managers.Considering that data breaches and ad fraud are common threats in the current business environment,managing risks is essential for Adstry. When planning new projects, each project manager is responsible forensuring that risks related to a particular project have been identified, assessed, and mitigated. This means thatproject managers have also the role of the risk manager in Adstry. Taking into account that Adstry heavilyrelies on technology to complete their projects, their risk assessment certainly involves identification of risksassociated with the use of information technology. At the earliest stages of each project, the project managercommunicates the risk assessment results to its team members.Adstry uses a risk management software which helps the project team to detect new potential risks duringeach phase of the project. This way, team members are informed in a timely manner for the new potentialrisks and are able to respond to them accordingly. The project managers are responsible forensuring that theinformation provided to the team members is communicated using an appropriate language so it can beunderstood by all of them.In addition, the project manager may include external interested parties affected by the project in the riskcommunication. If the project manager decides to include interested parties, the risk communication isthoroughly prepared. The project manager firstly identifies the interested parties that should be informed andtakes into account their concerns and possible conflicts that may arise due to risk communication. The risksare communicated to the identified interested parties while taking into consideration the confidentiality ofAdstry’s information and determining the level of detail that should be included in the risk communication.The project managers use the same risk management software for risk communication with external interestedparties since it provides a consistent view of risks. For each project, the project manager arranges regularmeetings with relevant interested parties of the project, they discuss the detected risks, their prioritization, anddetermine appropriate treatment solutions. The information taken from the risk management software and theresults of these meetings are documented and are used for decision-making processes. In addition, thecompany uses a computerized documented information management system for the acquisition, classification,storage, and archiving of its documents.Based on scenario 7, which principle of efficient communication strategy Adstry’s project managers followwhen communicating risks to team members?

      Answer: A
  • Question 2
    • Which activity below is NOT included in the information security risk assessment process? 

      Answer: C
  • Question 3
    • Which statement regarding information gathering techniques is correct? 

      Answer: B
  • Question 4
    • Scenario 5: Detika is a private cardiology clinic in Pennsylvania, the US. Detika has one of the most advancedhealthcare systems for treating heart diseases. The clinic uses sophisticated apparatus that detects heartdiseases in early stages. Since 2010, medical information of Detika’s patients is stored on the organization’sdigital systems. Electronic health records (EHR), among others, include patients’ diagnosis, treatment plan,and laboratory results.Storing and accessing patient and other medical data digitally was a huge and a risky step for Detika.Considering the sensitivity of information stored in their systems, Detika conducts regular risk assessments toensure that all information security risks are identified and managed. Last month, Detika conducted a riskassessment which was focused on the EHR system. During risk identification, the IT team found out thatsome employees were not updating the operating systems regularly. This could cause major problems such asa data breach or loss of software compatibility. In addition, the IT team tested the software and detected aflaw in one of the software modules used. Both issues were reported to the top management and they decidedto implement appropriate controls for treating the identified risks. They decided to organize training sessionsfor all employees in order to make them aware of the importance of the system updates. In addition, themanager of the IT Department was appointed as the person responsible for ensuring that the software isregularly tested.Another risk identified during the risk assessment was the risk of a potential ransomware attack. This risk wasdefined as low because all their data was backed up daily. The IT team decided to accept the actual risk ofransomware attacks and concluded that additional measures were not required. This decision was documentedin the risk treatment plan and communicated to the risk owner. The risk owner approved the risk treatmentplan and documented the risk assessment results.Following that, Detika initiated the implementation of new controls. In addition, one of the employees of theIT Department was assigned the responsibility for monitoring the implementation process and ensure theeffectiveness of the security controls. The IT team, on the other hand, was responsible for allocating theresources needed to effectively implement the new controls.How should Detika define which of the identified risks should be treated first? Refer to scenario 5

      Answer: A
  • Question 5
    • Scenario 5: Detika is a private cardiology clinic in Pennsylvania, the US. Detika has one of the most advancedhealthcare systems for treating heart diseases. The clinic uses sophisticated apparatus that detects heartdiseases in early stages. Since 2010, medical information of Detika’s patients is stored on the organization’sdigital systems. Electronic health records (EHR), among others, include patients’ diagnosis, treatment plan,and laboratory results.Storing and accessing patient and other medical data digitally was a huge and a risky step for Detika.Considering the sensitivity of information stored in their systems, Detika conducts regular risk assessments toensure that all information security risks are identified and managed. Last month, Detika conducted a riskassessment which was focused on the EHR system. During risk identification, the IT team found out thatsome employees were not updating the operating systems regularly. This could cause major problems such asa data breach or loss of software compatibility. In addition, the IT team tested the software and detected aflaw in one of the software modules used. Both issues were reported to the top management and they decidedto implement appropriate controls for treating the identified risks. They decided to organize training sessionsfor all employees in order to make them aware of the importance of the system updates. In addition, themanager of the IT Department was appointed as the person responsible for ensuring that the software isregularly tested.Another risk identified during the risk assessment was the risk of a potential ransomware attack. This risk wasdefined as low because all their data was backed up daily. The IT team decided to accept the actual risk ofransomware attacks and concluded that additional measures were not required. This decision was documentedin the risk treatment plan and communicated to the risk owner. The risk owner approved the risk treatmentplan and documented the risk assessment results.Following that, Detika initiated the implementation of new controls. In addition, one of the employees of theIT Department was assigned the responsibility for monitoring the implementation process and ensure theeffectiveness of the security controls. The IT team, on the other hand, was responsible for allocating theresources needed to effectively implement the new controls.How should Detika define which of the identified risks should be treated first? Refer to scenario 5

      Answer: A
PAGE: 1 - 12
   
Add To Cart

© Copyrights Dumpscity 2024. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.