KT-CG Risk management alignment

Annual risk register omits cloud misconfiguration threats. Update?

Multiple choice — select one answer

Answer choices

  1. a. Ignore cloud because it is virtual, without security or identity team coordination per policy.
  2. b. Only track physical risks, without security or identity team coordination per policy.
  3. c. Delete cloud accounts, using shared credentials instead of individual accountability.
  4. d. Add CSPM findings and top cloud ATT&CK techniques to enterprise risk register

Architectural breakdown & explanation

Risk registers should reflect current attack surfaces including cloud.

Correct answer(s): d. Add CSPM findings and top cloud ATT&CK techniques to enterprise risk register

Exam domain: Risk management alignment (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Compliance & Governance bank. Run a full timed practice exam with domain-weighted random questions in your browser.