Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Dec 16, 2025

Add To Cart

Question 1

An organization is transitioning to cloud-based services and has conducted a risk assessment to identify related security risks. The risk manager must report the results to different departments within the organization. How should the risk manager tailor the reports to be relevant to each department?

A : Customize the reports to highlight risks and treatments pertinent to each department’s functions.

B : Deliver oral summaries without providing written reports to save time.

C : Focus the reports only on the most severe risks to avoid overwhelming the departments.

D : Provide the same detailed report to all departments for consistency.

Answer: A

Question 2

A software company is implementing the Harmonized TRA methodology for its product development process. In the first phase of Harmonized TRA, what should be the primary focus, and how does it contribute to the risk assessment process?

A : Identifying the context and objectives for the risk assessment, including defining the scope and assets to be assessed.

B : Outsourcing risk assessment to an external cybersecurity firm.

C : Immediately implementing security controls based on industry best practices.

D : Conducting a financial analysis to estimate potential losses from security incidents.

Answer: A

Question 3

A manufacturing company is establishing the scope of its risk management program. What should be the primary focus to support its manufacturing and supply chain operations?

A : Adopting a generic scope that does not consider the specific nature of the manufacturing industry.

B : Focusing only on external risks, such as market fluctuations, while ignoring internal operational risks.

C : Exclusively prioritizing risks related to office administrative functions.

D : Defining a scope that covers risks associated with production processes, supply chain disruptions, and technology used in manufacturing.

Answer: D

Question 4

A healthcare provider is evaluating the risk of unauthorized access to electronic health records (EHRs). The provider's risk criteria prioritize patient confidentiality and regulatory compliance. How should the risk level be assessed in this scenario?

A : Moderate, given the presence of basic access controls.

B : High, due to the critical importance of maintaining patient confidentiality and meeting regulatory requirements.

C : Low, as there is a low probability of such an incident occurring.

D : Negligible, assuming the healthcare provider conducts regular security audits.

Answer: B

Question 5

A government agency is evaluating the risk of cyber-attacks on its critical infrastructure systems. They are considering upgrading their cybersecurity software, establishing a dedicated cybersecurity incident response team, conducting regular vulnerability assessments, or implementing a comprehensive network segmentation strategy. Which option most effectively reduces the risk level of cyber-attacks on critical infrastructure?

A : Implementing a comprehensive network segmentation strategy.

B : Conducting regular vulnerability assessments.

C : Establishing a dedicated cybersecurity incident response team.

D : Upgrading their cybersecurity software.

Answer: A

Page: 1 / 160

Total 796 Questions | Updated On: Dec 16, 2025

Add To Cart