KT-CG Risk management alignment

Leadership accepts ransomware risk without backup testing or IR exercises. Problem?

Multiple choice — select one answer

Answer choices

  1. a. Exercises are optional if endpoint antivirus is installed, without security or identity team coordination per policy.
  2. b. Acceptance automatically transfers liability to the cyber insurance carrier, without security or identity team coordination per policy.
  3. c. Risk register entries never need review once leadership signs them, without security or identity team coordination per policy.
  4. d. Risk acceptance lacks controls and testing; likely ineffective during real events

Architectural breakdown & explanation

Accepted risks still need compensating controls and validation.

Correct answer(s): d. Risk acceptance lacks controls and testing; likely ineffective during real events

Exam domain: Risk management alignment (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Compliance & Governance bank. Run a full timed practice exam with domain-weighted random questions in your browser.