Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Sep 09, 2025

Add To Cart

Question 1

A financial services firm is assessing the risk of fraud in its new online payment system. Which information gathering technique would be most effective to understand the types of fraud risks?

A : Organizing focus groups with customers who use the online payment system.

B : Reviewing financial reports to identify patterns of fraudulent transactions.

C : Conducting a Delphi study with fraud prevention experts.

D : Analyzing industry reports on trends in online payment fraud.

Answer: D

Question 2

In the context of the PDCA cycle, an organization is facing rapidly evolving cyber threats. Which of the following best demonstrates the integration of the PDCA cycle into their information security risk management program to address this challenge?

A : Regularly updating the risk management program to reflect changes in the threat landscape.

B : Conducting annual risk assessments to update the risk profile.

C : Implementing state-of-the-art security technologies to mitigate all potential risks.

D : Focusing solely on the "Do" phase to quickly implement controls.

Answer: A

Question 3

A company is undergoing a major IT infrastructure upgrade, and the risk manager needs to communicate the associated security risks to a diverse group of stakeholders, including technical staff, senior management, and non-technical employees. What is the most effective communication approach to ensure all stakeholders understand the risks and their implications?

A : Provide a general overview of risks without delving into specific details.

B : Prepare different versions of the communication tailored to each group's level of understanding.

C : Use highly technical language to convey the complexity of the risks.

D : Focus the communication solely on the most severe risks.

Answer: B

Question 4

An e-commerce company is establishing risk acceptance criteria. What is an important factor to consider when defining these criteria?

A : Copying risk acceptance criteria from a different industry without modification.

B : Defining criteria based on the company's risk appetite and the potential impact on its online business operations.

C : Setting criteria that accept all risks to expedite the decision-making process.

D : Basing criteria solely on the personal preferences of the risk manager.

Answer: B

Question 5

An organization identifies a high inherent risk of data breaches in its customer database. Despite implementing strong encryption and access controls, the residual risk is still above the organization's risk appetite. What should be the next course of action?

A : Transfer the residual risk through an insurance policy.

B : Increase the organization's risk appetite to align with the residual risk.

C : Accept the residual risk as it cannot be further reduced.

D : Implement additional controls to reduce the residual risk to the target risk level.

Answer: D

Page: 1 / 160

Total 796 Questions | Updated On: Sep 09, 2025

Add To Cart