Free GAQM ISO-27005-LRM Exam Questions

Become GAQM Certified with updated ISO-27005-LRM exam questions and correct answers

Page: 1 / 160

Total 796 Questions | Updated On: Feb 18, 2025

Add To Cart

Question 1

In the context of the PDCA cycle, an organization is facing rapidly evolving cyber threats. Which of the following best demonstrates the integration of the PDCA cycle into their information security risk management program to address this challenge?

A : Regularly updating the risk management program to reflect changes in the threat landscape.

B : Conducting annual risk assessments to update the risk profile.

C : Implementing state-of-the-art security technologies to mitigate all potential risks.

D : Focusing solely on the "Do" phase to quickly implement controls.

Answer: A

Question 2

A multinational corporation is looking to maintain the agility of its information security risk management program in a rapidly changing global business environment. The risk manager is selecting tools to support this goal. Which tool would best support the agility of the risk management program?

A : A set of predefined, unchangeable risk management templates.

B : An internal survey tool used once every few years.

C : A static annual risk report.

D : A project management tool that integrates risk management activities with overall business processes.

Answer: D

Question 3

A software development firm adopts risk management practices to identify and address security vulnerabilities in its products. What is a primary advantage of this approach as per ISO 27005?

A : It ensures the firm will never face any software vulnerabilities in the future.

B : It completely removes the need for testing and quality assurance processes.

C : It allows the firm to avoid responsibility for any security issues that may arise in its products.

D : It facilitates early identification and remediation of vulnerabilities, improving product quality and customer satisfaction.

Answer: D

Question 4

A manufacturing company is establishing the scope of its risk management program. What should be the primary focus to support its manufacturing and supply chain operations?

A : Adopting a generic scope that does not consider the specific nature of the manufacturing industry.

B : Focusing only on external risks, such as market fluctuations, while ignoring internal operational risks.

C : Exclusively prioritizing risks related to office administrative functions.

D : Defining a scope that covers risks associated with production processes, supply chain disruptions, and technology used in manufacturing.

Answer: D

Question 5

A software company is implementing the Harmonized TRA methodology for its product development process. In the first phase of Harmonized TRA, what should be the primary focus, and how does it contribute to the risk assessment process?

A : Identifying the context and objectives for the risk assessment, including defining the scope and assets to be assessed.

B : Outsourcing risk assessment to an external cybersecurity firm.

C : Immediately implementing security controls based on industry best practices.

D : Conducting a financial analysis to estimate potential losses from security incidents.

Answer: A

Page: 1 / 160

Total 796 Questions | Updated On: Feb 18, 2025

Add To Cart