Free Isaca IT-Risk-Fundamentals Exam Questions

Become Isaca Certified with updated IT-Risk-Fundamentals exam questions and correct answers

Page: 1 / 68

Total 336 Questions | Updated On: Dec 07, 2025

Add To Cart

Question 1

A bottom-up approach to developing I&T risk-related risk scenarios:

A : is a generic method that allows anyone in the organization to develop risk scenarios.

B : is based on hypothetical situations envisioned by people performing specific I&T functions.

C : should not be used in conjunction with other approaches to evaluate I&T related events.

Answer: B

Question 2

A risk practitioner has been tasked with analyzing new risk events added to the risk register. Which of the following analysis methods would BEST enable the risk practitioner to minimize ambiguity and subjectivity?

A : Annual loss expectancy (ALE)

B : Delphi method

C : Brainstorming

Answer: A

Question 3

Which of the following should be found in an I&T asset inventory to help inform the risk identification process?

A : Loss scenario information for assets

B : Security classification of assets

C : Regulatory requirements of assets

Answer: B

Question 4

What is a benefit of using the top-down approach in enterprise risk management?

A : cusing on hypothetical situations envisioned by the people performing job functions

B : entifying and analyzing risk events specific to individual enterprise situations

C : veloping concrete, customized scenarios based on enterprise context

D : ier to achieve management buy-in even if management is not interested in IT

Answer: D

Question 5

Which of the following is MOST important when defining an organization's risk scope?

A : Understanding the impacts of the risk environment to the organization

B : Developing a top-down approach to risk management

C : Developing requirements for risk reporting to executive management

Answer: A

Page: 1 / 68

Total 336 Questions | Updated On: Dec 07, 2025

Add To Cart