Free GAQM ISO-27005-LRM Exam Questions

Question 1

In the context of the PDCA cycle, an organization is facing rapidly evolving cyber threats. Which of the following best demonstrates the integration of the PDCA cycle into their information security risk management program to address this challenge?

A : Regularly updating the risk management program to reflect changes in the threat landscape.

B : Conducting annual risk assessments to update the risk profile.

C : Implementing state-of-the-art security technologies to mitigate all potential risks.

D : Focusing solely on the "Do" phase to quickly implement controls.

Answer: A

Question 2

A manufacturing company is evaluating the risk associated with outdated machinery. On a numerical rating scale from 1 to 5, how should the consequence of machinery failure be rated, taking into account production disruption and repair costs?

A : 3 - Moderate, considering some production disruption and manageable repair costs.

B : 4 - High, due to significant production disruption and high repair costs.

C : 2 - Low, since production can be temporarily shifted to other facilities.

D : 1 - Negligible, as there are backup machines available.

Answer: B

Question 3

A manufacturing company is evaluating the risk associated with outdated machinery. On a numerical rating scale from 1 to 5, how should the consequence of machinery failure be rated, taking into account production disruption and repair costs?

A : 3 - Moderate, considering some production disruption and manageable repair costs.

B : 4 - High, due to significant production disruption and high repair costs.

C : 2 - Low, since production can be temporarily shifted to other facilities.

D : 1 - Negligible, as there are backup machines available.

Answer: B

Question 4

A software company is expanding its operations globally and faces various information security risks associated with different regions. The CISO wants to utilize ISO/IEC 27005 to manage these risks effectively. How does the application of ISO/IEC 27005 specifically support the company in this global expansion in terms of risk management?

A : By replacing the need for regional compliance and security laws with a single framework.

B : By focusing solely on the technical aspects of security risks in global operations.

C : By emphasizing financial risk management strategies suitable for global expansion.

D : By providing a standardized approach for risk management that is universally applicable across all regions.

Answer: D

Question 5

A manufacturing company identifies a high risk of equipment failure. After applying maintenance and monitoring controls, the risk is reassessed. What type of risk rating does this reassessment represent?

A : Transferred risk, as it considers the outsourcing of equipment maintenance.

B : Residual risk, as it reflects the risk level after applying controls.

C : Target risk, as it indicates the risk level the company aims for.

D : Inherent risk, as it is the initial risk level.

Answer: B