CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 38
1. A risk mitigation report would include recommendations for:
A) assessment.
B) acceptance.
C) evaluation.
D) quantification.
2. A risk management program should reduce risk to:
A) zero.
B) an acceptable level.
C) an acceptable percent of revenue.
D) an acceptable probability of occurrence.
3. The MOST important reason for conducting periodic risk assessments is because:
A) risk assessments are not always precise.
B) security risks are subject to frequent change.
C) reviewers can optimize and reduce the cost of controls.
D) it demonstrates to senior management that the security function can add value.
4. Which of the following BEST indicates a successful risk management practice?
A) Overall risk is quantified
B) Inherent risk is eliminated
C) Residual risk is minimized
D) Control risk is tied to business units
5. Which of the following would generally have the GREATEST negative impact on an organization?
A) Theft of computer software
B) Interruption of utility services
C) Loss of customer confidence
D) Internal fraud resulting in monetary loss
A) assessment.
B) acceptance.
C) evaluation.
D) quantification.
2. A risk management program should reduce risk to:
A) zero.
B) an acceptable level.
C) an acceptable percent of revenue.
D) an acceptable probability of occurrence.
3. The MOST important reason for conducting periodic risk assessments is because:
A) risk assessments are not always precise.
B) security risks are subject to frequent change.
C) reviewers can optimize and reduce the cost of controls.
D) it demonstrates to senior management that the security function can add value.
4. Which of the following BEST indicates a successful risk management practice?
A) Overall risk is quantified
B) Inherent risk is eliminated
C) Residual risk is minimized
D) Control risk is tied to business units
5. Which of the following would generally have the GREATEST negative impact on an organization?
A) Theft of computer software
B) Interruption of utility services
C) Loss of customer confidence
D) Internal fraud resulting in monetary loss
1. Right Answer: B
Explanation: Acceptance of a risk is an alternative to be considered in the risk mitigation process. Assessment. evaluation and risk quantification are components of the risk analysis process that are completed prior to determining risk mitigation solutions.
2. Right Answer: B
Explanation: Risk should be reduced to an acceptable level based on the risk preference of the organization. Reducing risk to zero is impractical and could be cost-prohibitive.Tying risk to a percentage of revenue is inadvisable since there is no direct correlation between the two. Reducing the probability of risk occurrence may not always be possible, as in the ease of natural disasters. The focus should be on reducing the impact to an acceptable level to the organization, not reducing the probability of the risk.
3. Right Answer: B
Explanation: Risks are constantly changing. A previously conducted risk assessment may not include measured risks that have been introduced since the last assessment.Although an assessment can never be perfect and invariably contains some errors, this is not the most important reason for periodic reassessment. The fact that controls can be made more efficient to reduce costs is not sufficient. Finally, risk assessments should not be performed merely to justify the existence of the security function.
4. Right Answer: C
Explanation: A successful risk management practice minimizes the residual risk to the organization. Choice A is incorrect because the fact that overall risk has been quantified does not necessarily indicate the existence of a successful risk management practice. Choice B is incorrect since it is virtually impossible to eliminate inherent risk.Choice D is incorrect because, although the tying of control risks to business may improve accountability, this is not as desirable as minimizing residual risk.
5. Right Answer: C
Explanation: Although the theft of software, interruption of utility services and internal frauds are all significant, the loss of customer confidence is the most damaging and could cause the business to fail.
Explanation: Acceptance of a risk is an alternative to be considered in the risk mitigation process. Assessment. evaluation and risk quantification are components of the risk analysis process that are completed prior to determining risk mitigation solutions.
2. Right Answer: B
Explanation: Risk should be reduced to an acceptable level based on the risk preference of the organization. Reducing risk to zero is impractical and could be cost-prohibitive.Tying risk to a percentage of revenue is inadvisable since there is no direct correlation between the two. Reducing the probability of risk occurrence may not always be possible, as in the ease of natural disasters. The focus should be on reducing the impact to an acceptable level to the organization, not reducing the probability of the risk.
3. Right Answer: B
Explanation: Risks are constantly changing. A previously conducted risk assessment may not include measured risks that have been introduced since the last assessment.Although an assessment can never be perfect and invariably contains some errors, this is not the most important reason for periodic reassessment. The fact that controls can be made more efficient to reduce costs is not sufficient. Finally, risk assessments should not be performed merely to justify the existence of the security function.
4. Right Answer: C
Explanation: A successful risk management practice minimizes the residual risk to the organization. Choice A is incorrect because the fact that overall risk has been quantified does not necessarily indicate the existence of a successful risk management practice. Choice B is incorrect since it is virtually impossible to eliminate inherent risk.Choice D is incorrect because, although the tying of control risks to business may improve accountability, this is not as desirable as minimizing residual risk.
5. Right Answer: C
Explanation: Although the theft of software, interruption of utility services and internal frauds are all significant, the loss of customer confidence is the most damaging and could cause the business to fail.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment