Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Mar 21, 2026

Add To Cart

Question 1

A retail business is considering outsourcing its IT infrastructure to a cloud service provider. To assess the risk level after transferring some of the IT responsibilities to the third party, which type of risk rating should be evaluated?

A : Target risk, as it reflects the desired risk level after outsourcing.

B : Inherent risk, as it represents the baseline risk without considering the outsourcing.

C : Residual risk, as it indicates the remaining risk after outsourcing.

D : Transferred risk, as it accounts for the risk shifted to the cloud service provider.

Answer: D

Question 2

A multinational corporation is implementing a new enterprise resource planning (ERP) system. During the risk identification phase, what should be the primary focus to ensure comprehensive coverage of potential risks?

A : Analyzing financial impacts of potential ERP system failures.

B : Focusing on the security of data transmission within the ERP system.

C : Identifying all assets associated with the ERP system, including hardware, software, and data.

D : Assessing the impact of the ERP system on employee productivity.

Answer: C

Question 3

A hospital's electronic health record (EHR) system is infected with ransomware, encrypting patient records. What is the primary consequence of this ransomware attack in terms of the CIA triad?

A : Financial losses due to paying the ransom.

B : Loss of availability of patient records for healthcare providers.

C : Unauthorized disclosure of patient health information.

D : Permanent deletion of patient records, impacting data integrity.

Answer: B

Question 4

A manufacturing company is establishing the scope of its risk management program. What should be the primary focus to support its manufacturing and supply chain operations?

A : Adopting a generic scope that does not consider the specific nature of the manufacturing industry.

B : Focusing only on external risks, such as market fluctuations, while ignoring internal operational risks.

C : Exclusively prioritizing risks related to office administrative functions.

D : Defining a scope that covers risks associated with production processes, supply chain disruptions, and technology used in manufacturing.

Answer: D

Question 5

An online retailer is evaluating the risk of data breaches in its customer database. They are considering implementing advanced encryption, increasing cybersecurity insurance coverage, conducting regular penetration testing, or retaining the risk as is. Which option represents risk sharing according to ISO/IEC 27005?

A : Conducting regular penetration testing.

B : Increasing cybersecurity insurance coverage.

C : Retaining the risk as is.

D : Implementing advanced encryption.

Answer: B

Page: 1 / 160

Total 796 Questions | Updated On: Mar 21, 2026

Add To Cart