Question 1

An e-commerce company has identified risks related to customer data privacy. As part of the risk treatment plan, the risk manager has recommended encrypting sensitive customer data. What factor is crucial for the successful implementation of this corrective action?

Options :

A : The impact of data encryption on system performance and the balance between security and usability.

B : Implementing data encryption as a one-time activity without future reviews or updates.

C : The encryption method-s popularity among other e-commerce companies.

D : Choosing encryption software based solely on the lowest cost option.

Answer: A

Question 2

An e-commerce company is establishing risk acceptance criteria. What is an important factor to consider when defining these criteria?

Options :

A : Copying risk acceptance criteria from a different industry without modification.

B : Defining criteria based on the company-s risk appetite and the potential impact on its online business operations.

C : Setting criteria that accept all risks to expedite the decision-making process.

D : Basing criteria solely on the personal preferences of the risk manager.

Answer: B

Question 3

A government agency is implementing a risk management program. What factor should be emphasized in the risk management method to align with public sector requirements?

Options :

A : Emphasizing only the risks related to the agency-s internal IT systems, ignoring external factors.

B : Focusing solely on risks that have a direct financial impact and ignoring other types of risks.

C : Adopting a method that is exclusively used in the private sector without any adaptation.

D : Prioritizing the protection of public data and continuity of government services in the risk management method.

Answer: D

Question 4

A financial services firm is implementing a risk assessment program for its digital banking services. What factor is important to consider when selecting a risk assessment methodology?

Options :

A : Using an outdated risk assessment methodology that does not consider current digital banking trends and threats.

B : Selecting a methodology that disregards the specific risks associated with digital banking.

C : Focusing only on quantitative analysis and disregarding the qualitative aspects of risk.

D : Choosing a methodology that aligns with the firm-s digital banking services and regulatory compliance requirements.

Answer: D

Question 5

A company's main website is hosted on an external cloud server. In terms of primary and supporting assets, how should the website and the cloud server be classified?

Options :

A : The cloud server as a primary asset; the website as a supporting asset.

B : Both the website and the cloud server as supporting assets.

C : Both the website and the cloud server as primary assets.

D : The website as a primary asset; the cloud server as a supporting asset.

Answer: D

Free ISO-27005-LRM Mock Exam – Practice Online Confidently

Buying Options: