Free GAQM ISO-27005-LRM Exam Questions

A retail business is considering outsourcing its IT infrastructure to a cloud service provider. To assess the risk level after transferring some of the IT responsibilities to the third party, which type of risk rating should be evaluated?

A telecommunications company is conducting a risk analysis for its network infrastructure. What technique should be used to quantitatively assess the potential financial impact of a network outage?

An organization has recently experienced a data breach. The risk manager must develop a communication plan to inform internal and external stakeholders about the breach and the steps being taken to mitigate its impact. What should be a key consideration in this communication plan?

A financial institution is updating its risk management framework in response to emerging cyber threats. The risk manager is tasked with documenting the results of the updated risk assessment. What should be the focus of this documentation to enhance its usefulness for ongoing risk management?

A software development company faces the risk of code vulnerabilities leading to security breaches. They are contemplating conducting regular code reviews, implementing an automated vulnerability scanning tool, purchasing cyber liability insurance, or accepting the risk as the likelihood of exploitation is low. Which option is an example of risk modification?