Free PECB ISO-IEC-27005-Risk-Manager Exam Questions
Absolute Free ISO-IEC-27005-Risk-Manager Exam Practice for Comprehensive Preparation
-
PECB ISO-IEC-27005-Risk-Manager Exam Questions
-
Provided By: PECB
- Exam: PECB Certified ISO/IEC 27005 Risk Manager Certification
- Certification: PECB Auditor
-
Total Questions: 60
-
Updated On: Apr 07, 2025
-
Rated: 4.9 |
-
Online Users: 120
-
Question 1
-
Which activity below is NOT included in the information security risk assessment process?
Answer: C
-
Which activity below is NOT included in the information security risk assessment process?
-
Question 2
-
Scenario 7: Adstry is a business growth agency that specializes in digital marketing strategies. Adstry helpsorganizations redefine the relationships with their customers through innovative solutions. Adstry isheadquartered in San Francisco and recently opened two new offices in New York. The structure of thecompany is organized into teams which are led by project managers. The project manager has the full powerin any decision related to projects. The team members, on the other hand, report the project’s progress toproject managers.Considering that data breaches and ad fraud are common threats in the current business environment,managing risks is essential for Adstry. When planning new projects, each project manager is responsible forensuring that risks related to a particular project have been identified, assessed, and mitigated. This means thatproject managers have also the role of the risk manager in Adstry. Taking into account that Adstry heavilyrelies on technology to complete their projects, their risk assessment certainly involves identification of risksassociated with the use of information technology. At the earliest stages of each project, the project managercommunicates the risk assessment results to its team members.Adstry uses a risk management software which helps the project team to detect new potential risks duringeach phase of the project. This way, team members are informed in a timely manner for the new potentialrisks and are able to respond to them accordingly. The project managers are responsible forensuring that theinformation provided to the team members is communicated using an appropriate language so it can beunderstood by all of them.In addition, the project manager may include external interested parties affected by the project in the riskcommunication. If the project manager decides to include interested parties, the risk communication isthoroughly prepared. The project manager firstly identifies the interested parties that should be informed andtakes into account their concerns and possible conflicts that may arise due to risk communication. The risksare communicated to the identified interested parties while taking into consideration the confidentiality ofAdstry’s information and determining the level of detail that should be included in the risk communication.The project managers use the same risk management software for risk communication with external interestedparties since it provides a consistent view of risks. For each project, the project manager arranges regularmeetings with relevant interested parties of the project, they discuss the detected risks, their prioritization, anddetermine appropriate treatment solutions. The information taken from the risk management software and theresults of these meetings are documented and are used for decision-making processes. In addition, thecompany uses a computerized documented information management system for the acquisition, classification,storage, and archiving of its documents.Based on scenario 7, which principle of efficient communication strategy Adstry’s project managers followwhen communicating risks to team members?
Answer: A
-
Scenario 7: Adstry is a business growth agency that specializes in digital marketing strategies. Adstry helpsorganizations redefine the relationships with their customers through innovative solutions. Adstry isheadquartered in San Francisco and recently opened two new offices in New York. The structure of thecompany is organized into teams which are led by project managers. The project manager has the full powerin any decision related to projects. The team members, on the other hand, report the project’s progress toproject managers.Considering that data breaches and ad fraud are common threats in the current business environment,managing risks is essential for Adstry. When planning new projects, each project manager is responsible forensuring that risks related to a particular project have been identified, assessed, and mitigated. This means thatproject managers have also the role of the risk manager in Adstry. Taking into account that Adstry heavilyrelies on technology to complete their projects, their risk assessment certainly involves identification of risksassociated with the use of information technology. At the earliest stages of each project, the project managercommunicates the risk assessment results to its team members.Adstry uses a risk management software which helps the project team to detect new potential risks duringeach phase of the project. This way, team members are informed in a timely manner for the new potentialrisks and are able to respond to them accordingly. The project managers are responsible forensuring that theinformation provided to the team members is communicated using an appropriate language so it can beunderstood by all of them.In addition, the project manager may include external interested parties affected by the project in the riskcommunication. If the project manager decides to include interested parties, the risk communication isthoroughly prepared. The project manager firstly identifies the interested parties that should be informed andtakes into account their concerns and possible conflicts that may arise due to risk communication. The risksare communicated to the identified interested parties while taking into consideration the confidentiality ofAdstry’s information and determining the level of detail that should be included in the risk communication.The project managers use the same risk management software for risk communication with external interestedparties since it provides a consistent view of risks. For each project, the project manager arranges regularmeetings with relevant interested parties of the project, they discuss the detected risks, their prioritization, anddetermine appropriate treatment solutions. The information taken from the risk management software and theresults of these meetings are documented and are used for decision-making processes. In addition, thecompany uses a computerized documented information management system for the acquisition, classification,storage, and archiving of its documents.Based on scenario 7, which principle of efficient communication strategy Adstry’s project managers followwhen communicating risks to team members?
-
Question 3
-
Scenario 7: Adstry is a business growth agency that specializes in digital marketing strategies. Adstry helpsorganizations redefine the relationships with their customers through innovative solutions. Adstry isheadquartered in San Francisco and recently opened two new offices in New York. The structure of thecompany is organized into teams which are led by project managers. The project manager has the full powerin any decision related to projects. The team members, on the other hand, report the project’s progress toproject managers.Considering that data breaches and ad fraud are common threats in the current business environment,managing risks is essential for Adstry. When planning new projects, each project manager is responsible forensuring that risks related to a particular project have been identified, assessed, and mitigated. This means thatproject managers have also the role of the risk manager in Adstry. Taking into account that Adstry heavilyrelies on technology to complete their projects, their risk assessment certainly involves identification of risksassociated with the use of information technology. At the earliest stages of each project, the project managercommunicates the risk assessment results to its team members.Adstry uses a risk management software which helps the project team to detect new potential risks duringeach phase of the project. This way, team members are informed in a timely manner for the new potentialrisks and are able to respond to them accordingly. The project managers are responsible forensuring that theinformation provided to the team members is communicated using an appropriate language so it can beunderstood by all of them.In addition, the project manager may include external interested parties affected by the project in the riskcommunication. If the project manager decides to include interested parties, the risk communication isthoroughly prepared. The project manager firstly identifies the interested parties that should be informed andtakes into account their concerns and possible conflicts that may arise due to risk communication. The risksare communicated to the identified interested parties while taking into consideration the confidentiality ofAdstry’s information and determining the level of detail that should be included in the risk communication.The project managers use the same risk management software for risk communication with external interestedparties since it provides a consistent view of risks. For each project, the project manager arranges regularmeetings with relevant interested parties of the project, they discuss the detected risks, their prioritization, anddetermine appropriate treatment solutions. The information taken from the risk management software and theresults of these meetings are documented and are used for decision-making processes. In addition, thecompany uses a computerized documented information management system for the acquisition, classification,storage, and archiving of its documents.Based on scenario 7, which principle of efficient communication strategy Adstry’s project managers followwhen communicating risks to team members?
Answer: A
-
Scenario 7: Adstry is a business growth agency that specializes in digital marketing strategies. Adstry helpsorganizations redefine the relationships with their customers through innovative solutions. Adstry isheadquartered in San Francisco and recently opened two new offices in New York. The structure of thecompany is organized into teams which are led by project managers. The project manager has the full powerin any decision related to projects. The team members, on the other hand, report the project’s progress toproject managers.Considering that data breaches and ad fraud are common threats in the current business environment,managing risks is essential for Adstry. When planning new projects, each project manager is responsible forensuring that risks related to a particular project have been identified, assessed, and mitigated. This means thatproject managers have also the role of the risk manager in Adstry. Taking into account that Adstry heavilyrelies on technology to complete their projects, their risk assessment certainly involves identification of risksassociated with the use of information technology. At the earliest stages of each project, the project managercommunicates the risk assessment results to its team members.Adstry uses a risk management software which helps the project team to detect new potential risks duringeach phase of the project. This way, team members are informed in a timely manner for the new potentialrisks and are able to respond to them accordingly. The project managers are responsible forensuring that theinformation provided to the team members is communicated using an appropriate language so it can beunderstood by all of them.In addition, the project manager may include external interested parties affected by the project in the riskcommunication. If the project manager decides to include interested parties, the risk communication isthoroughly prepared. The project manager firstly identifies the interested parties that should be informed andtakes into account their concerns and possible conflicts that may arise due to risk communication. The risksare communicated to the identified interested parties while taking into consideration the confidentiality ofAdstry’s information and determining the level of detail that should be included in the risk communication.The project managers use the same risk management software for risk communication with external interestedparties since it provides a consistent view of risks. For each project, the project manager arranges regularmeetings with relevant interested parties of the project, they discuss the detected risks, their prioritization, anddetermine appropriate treatment solutions. The information taken from the risk management software and theresults of these meetings are documented and are used for decision-making processes. In addition, thecompany uses a computerized documented information management system for the acquisition, classification,storage, and archiving of its documents.Based on scenario 7, which principle of efficient communication strategy Adstry’s project managers followwhen communicating risks to team members?
-
Question 4
-
Scenario 3: Printary is an American company that offers digital printing services. Creating cost-effective andcreative products, the company has been part of the printing industry for more than 30 years. Three years ago,the company started to operate online, providing greater flexibility for its clients. Through the website, clientscould find information about all services offered by Printary and order personalized products. However,operating online increased the risk of cyber threats, consequently, impacting the business functions of thecompany. Thus, along with the decision of creating an online business, the company focused on managinginformation security risks. Their risk management program was established based on ISO/IEC 27005guidelines and industry best practices.Last year, the company considered the integration of an online payment system on its website in order toprovide more flexibility and transparency to customers. Printary analyzed various available solutions andselected Pay0, a payment processing solution that allows any company to easily collect payments on theirwebsite. Before making the decision, Printary conducted a risk assessment to identify and analyze informationsecurity risks associated with the software. The risk assessment process involved three phases: identification,analysis, and evaluation. During risk identification, the company inspected assets, threats, and vulnerabilities.In addition, to identify the information security risks, Printary used a list of the identified events that couldnegatively affect the achievement of information security objectives. The risk identification phase highlightedtwo main threats associated with the online payment system: error in use and data corruption After conductinga gap analysis, the company concluded that the existing security controls were sufficient to mitigate the threatof data corruption. However, the user interface of the payment solution was complicated, which couldincrease the risk associated with user errors, and, as a result, impact data integrity and confidentiality.Subsequently, the risk identification results were analyzed. The company conducted risk analysis in order tounderstand the nature of the identified risks. They decided to use a quantitative risk analysis methodologybecause it would provide more detailed information. The selected risk analysis methodology was consistentwith the risk evaluation criteria. Firstly, they used a list of potential incident scenarios to assess their potentialimpact. In addition, the likelihood of incident scenarios was defined and assessed. Finally, the level of riskwas defined as low.In the end, the level of risk was compared to the risk evaluation and acceptance criteria and was prioritizedaccordingly.Based on the scenario above, answer the following question:What type of risk identification approach did Printary use?
Answer: B
-
Scenario 3: Printary is an American company that offers digital printing services. Creating cost-effective andcreative products, the company has been part of the printing industry for more than 30 years. Three years ago,the company started to operate online, providing greater flexibility for its clients. Through the website, clientscould find information about all services offered by Printary and order personalized products. However,operating online increased the risk of cyber threats, consequently, impacting the business functions of thecompany. Thus, along with the decision of creating an online business, the company focused on managinginformation security risks. Their risk management program was established based on ISO/IEC 27005guidelines and industry best practices.Last year, the company considered the integration of an online payment system on its website in order toprovide more flexibility and transparency to customers. Printary analyzed various available solutions andselected Pay0, a payment processing solution that allows any company to easily collect payments on theirwebsite. Before making the decision, Printary conducted a risk assessment to identify and analyze informationsecurity risks associated with the software. The risk assessment process involved three phases: identification,analysis, and evaluation. During risk identification, the company inspected assets, threats, and vulnerabilities.In addition, to identify the information security risks, Printary used a list of the identified events that couldnegatively affect the achievement of information security objectives. The risk identification phase highlightedtwo main threats associated with the online payment system: error in use and data corruption After conductinga gap analysis, the company concluded that the existing security controls were sufficient to mitigate the threatof data corruption. However, the user interface of the payment solution was complicated, which couldincrease the risk associated with user errors, and, as a result, impact data integrity and confidentiality.Subsequently, the risk identification results were analyzed. The company conducted risk analysis in order tounderstand the nature of the identified risks. They decided to use a quantitative risk analysis methodologybecause it would provide more detailed information. The selected risk analysis methodology was consistentwith the risk evaluation criteria. Firstly, they used a list of potential incident scenarios to assess their potentialimpact. In addition, the likelihood of incident scenarios was defined and assessed. Finally, the level of riskwas defined as low.In the end, the level of risk was compared to the risk evaluation and acceptance criteria and was prioritizedaccordingly.Based on the scenario above, answer the following question:What type of risk identification approach did Printary use?
-
Question 5
-
Which activity below is NOT included in the information security risk assessment process?
Answer: C
-
Which activity below is NOT included in the information security risk assessment process?