Skip to Content
Home Risk Management & Compliance Risk Management & Compliance

Risk Management & Compliance

0 %

Completed

Course content

Risk Management & Compliance

10 XP
Prev Next
Fullscreen Share
Rating
0 0

There are no comments for now.

Join this Course
to be the first to leave a comment.

1. What is the primary objective of risk management?
To eliminate all operational activity To identify, assess, and manage risks appropriately To avoid documenting security concerns To replace security controls entirely
2. Which of the following BEST describes risk?
Guaranteed operational failure The possibility that an event may negatively impact operations or security Only financial loss scenarios A security incident that has already occurred
3. Why is risk management considered a continuous process?
Risk assessments only occur during incidents Controls never require review once implemented Compliance obligations disappear after audits Risks, systems, and business environments change over time
4. Which of the following is an example of a security control?
Multi-Factor Authentication (MFA) Credential sharing between administrators Ignoring access review findings Disabling audit logging for convenience
5. A consultant identifies excessive privileged access within a client environment but delays escalation to avoid slowing delivery. Why is this problematic?
Client environments are excluded from governance requirements Risk escalation only applies after incidents occur Excessive access is acceptable during active projects Operational convenience should not override risk management responsibilities
6. Which of the following BEST describes residual risk?
Risks that have been completely eliminated Risks transferred entirely to suppliers Risks that remain after controls are applied Risks that only affect technical teams
7. Which risk treatment option involves implementing security controls to reduce risk?
Acceptance Mitigation Avoidance Transfer
8. Why are audits important for compliance and governance?
Audits remove the need for risk management Audits replace operational procedures They help identify weaknesses and verify control effectiveness Audits only review financial information
9. Which of the following is an example of poor compliance behaviour?
Following approved change management procedures Reporting security concerns promptly Ignoring policy violations to avoid operational delays Participating in audit activities appropriately
10. What should employees do if they identify a compliance concern?
Escalate the concern through approved procedures Ignore the issue unless legal action occurs Delay reporting until annual audits begin Attempt undocumented remediation without approval
11. Why are third-party suppliers included in risk management activities?
Suppliers automatically inherit internal security controls Third-party risks only affect procurement teams Suppliers may introduce security, operational, or compliance risks Vendor activities do not require governance oversight
12. Which statement about compliance is MOST accurate?
Compliance applies only to management teams Compliance responsibilities apply across the organisation Compliance activities only matter during audits Compliance obligations disappear during operational incidents
13. What is the BEST response if a control weakness is identified?
Delay remediation indefinitely to avoid operational disruption Disable monitoring to reduce audit visibility Assess the risk and implement corrective actions appropriately Ignore it if exploitation has not occurred yet
14. Why are human behaviours considered security risks?
Awareness training removes all human risk permanently Security incidents only result from technology failures Human actions cannot affect operational security Poor decisions or procedural failures may create vulnerabilities
15. Which behaviour BEST supports strong governance and compliance?
Prioritising convenience over operational controls Following policies, controls, and escalation procedures consistently Avoiding documentation to reduce administrative overhead Sharing privileged access informally during urgent work
16. What may happen if risks are poorly managed?
Data breaches, outages, or regulatory penalties may occur Compliance obligations reduce automatically Security controls become unnecessary Operational resilience improves naturally over time
17. Which of the following is a common risk management failure?
Reviewing privileged access regularly Performing supplier due diligence Ignoring known vulnerabilities or excessive permissions Applying MFA to administrator accounts
18. What is the purpose of corrective actions?
To address root causes and improve control effectiveness To assign blame publicly during incidents To eliminate the need for audits To reduce operational visibility into risks
19. Which statement about operational risk is MOST accurate?
Operational risks only affect technical systems Operational risks may affect security, resilience, compliance, and service delivery Operational risk disappears after ISO certification Operational risks are fully transferred to suppliers automatically
20. What is the BEST overall approach to risk management and compliance?
Prioritise operational speed over governance controls Treat compliance as an annual documentation exercise only Identify, assess, control, monitor, and escalate risks appropriately Limit risk management activities to audit periods only