Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Jun 15, 2026

Add To Cart

Question 1

A financial institution is evaluating the risks of implementing a new mobile banking application. The risk manager must gather input from various departments, including IT, compliance, and customer service. How should the risk manager facilitate the risk identification process to ensure all relevant risks are captured?

A : Organize a workshop where representatives from all departments can discuss and identify risks together.

B : Assume the most significant risks based on industry standards and inform the departments of these risks.

C : Rely solely on the IT department's assessment, as they are most familiar with the technical aspects of the application.

D : Ask each department to independently submit their risk assessments and then compile them without further discussion.

Answer: A

Question 2

A software company is expanding its operations globally and faces various information security risks associated with different regions. The CISO wants to utilize ISO/IEC 27005 to manage these risks effectively. How does the application of ISO/IEC 27005 specifically support the company in this global expansion in terms of risk management?

A : By replacing the need for regional compliance and security laws with a single framework.

B : By focusing solely on the technical aspects of security risks in global operations.

C : By emphasizing financial risk management strategies suitable for global expansion.

D : By providing a standardized approach for risk management that is universally applicable across all regions.

Answer: D

Question 3

A healthcare organization is evaluating risks to its patient data management system. To effectively identify risks, what approach should be used?

A : Conducting a comprehensive audit of the IT infrastructure.

B : Asset-based risk identification, including hardware, software, and data assets.

C : Focusing on the legal and regulatory compliance aspects of patient data.

D : Engaging external experts to perform a risk assessment.

Answer: B

Question 4

An organization identifies a high inherent risk of data breaches in its customer database. Despite implementing strong encryption and access controls, the residual risk is still above the organization's risk appetite. What should be the next course of action?

A : Transfer the residual risk through an insurance policy.

B : Increase the organization's risk appetite to align with the residual risk.

C : Accept the residual risk as it cannot be further reduced.

D : Implement additional controls to reduce the residual risk to the target risk level.

Answer: D

Question 5

A telecommunications company is conducting a risk analysis for its network infrastructure. What technique should be used to quantitatively assess the potential financial impact of a network outage?

A : Quantitative risk analysis using historical outage data and financial loss estimates.

B : SWOT analysis focusing on strengths, weaknesses, opportunities, and threats.

C : Qualitative risk analysis based on expert judgment.

D : Checklist analysis based on a standard set of network security criteria.

Answer: A

Page: 1 / 160

Total 796 Questions | Updated On: Jun 15, 2026

Add To Cart