Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Apr 29, 2026

Add To Cart

Question 1

A manufacturing company is establishing the scope of its risk management program. What should be the primary focus to support its manufacturing and supply chain operations?

A : Adopting a generic scope that does not consider the specific nature of the manufacturing industry.

B : Focusing only on external risks, such as market fluctuations, while ignoring internal operational risks.

C : Exclusively prioritizing risks related to office administrative functions.

D : Defining a scope that covers risks associated with production processes, supply chain disruptions, and technology used in manufacturing.

Answer: D

Question 2

A technology firm is using the NIST framework for risk assessment of its cloud services. The firm has multiple cloud service models (IaaS, PaaS, SaaS) in operation. In this scenario, what should be the focus of the risk assessment process according to the NIST framework, and why is this focus important?

A : Assessing risks based only on the highest level of service model (SaaS).

B : Evaluating risks for each service model separately, considering their specific characteristics and threat landscapes.

C : Concentrating solely on physical security risks of cloud infrastructure.

D : Delegating the risk assessment process entirely to the cloud service provider.

Answer: B

Question 3

A university is updating its information security risk assessment for its research data storage systems. To identify risks effectively, what method should be emphasized?

A : Asset-based risk identification, including physical and digital data assets.

B : Conducting vulnerability scans of the data storage systems.

C : Reviewing compliance with academic data management standards.

D : Assessing the impact of potential data breaches on research integrity.

Answer: A

Question 4

An IT manager at a government agency is tasked with implementing a risk management framework that aligns with federal requirements for information security. Which NIST publication should they use as a primary reference to ensure compliance with federal standards, and what is its significance in this context?

A : NIST Cybersecurity Framework (CSF).

B : NIST SP 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations."

C : NIST SP 800-34, "Contingency Planning Guide for Federal Information Systems."

D : NIST SP 800-30, "Guide for Conducting Risk Assessments."

Answer: B

Question 5

An educational institution is implementing MEHARI to assess risks to its learning management system (LMS). The team is in the process of risk treatment decision-making. What approach should be taken in this stage according to MEHARI, and why is it important for the institution's risk management?

A : Automatically opting for the most advanced technological solutions for all identified risks.

B : Choosing risk treatment options by considering their effectiveness in reducing risk levels and their alignment with the institution's objectives and risk appetite.

C : Selecting risk treatment options based solely on their cost-effectiveness.

D : Delegating risk treatment decisions to the LMS vendor without internal analysis.

Answer: B

Page: 1 / 160

Total 796 Questions | Updated On: Apr 29, 2026

Add To Cart