Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Jun 15, 2026

Add To Cart

Question 1

An IT manager at a government agency is tasked with implementing a risk management framework that aligns with federal requirements for information security. Which NIST publication should they use as a primary reference to ensure compliance with federal standards, and what is its significance in this context?

A : NIST Cybersecurity Framework (CSF).

B : NIST SP 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations."

C : NIST SP 800-34, "Contingency Planning Guide for Federal Information Systems."

D : NIST SP 800-30, "Guide for Conducting Risk Assessments."

Answer: B

Question 2

A company's main website is hosted on an external cloud server. In terms of primary and supporting assets, how should the website and the cloud server be classified?

A : The cloud server as a primary asset; the website as a supporting asset.

B : Both the website and the cloud server as supporting assets.

C : Both the website and the cloud server as primary assets.

D : The website as a primary asset; the cloud server as a supporting asset.

Answer: D

Question 3

A financial services firm is updating its cybersecurity policies. The risk manager must communicate these changes to all employees to ensure compliance and awareness of new security protocols. What should be the primary objective of this risk communication?

A : To focus solely on the penalties for non-compliance with the new policies.

B : To ensure employees understand how the policy changes affect their day-to-day activities.

C : To provide a high-level overview of the policy changes without details.

D : To inform employees about the technical aspects of the new cybersecurity policies.

Answer: B

Question 4

A manufacturing company is assessing risks in its supply chain. What is the importance of the risk manager understanding the company's supply chain processes?

A : So the risk manager can take over the supply chain management role.

B : It is not important as long as the company has insurance for supply chain disruptions.

C : To identify and manage risks related to supplier reliability, logistics, and external dependencies.

D : Understanding supply chain processes is solely the responsibility of the procurement department.

Answer: C

Question 5

In a retail organization, how can quantitative risk analysis be effectively utilized to establish risk acceptance criteria?

A : Utilizing quantitative analysis to assess the financial impact of risks like inventory theft or supply chain disruptions.

B : Avoiding quantitative methods due to their complexity and relying only on qualitative assessments.

C : Applying a single quantitative measure to all types of risks, irrespective of their nature.

D : By exclusively focusing on non-financial aspects of risks, such as customer satisfaction.

Answer: A

Page: 1 / 160

Total 796 Questions | Updated On: Jun 15, 2026

Add To Cart