CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 69
1. Which of the following should an information security manager perform FIRST when an organization's residual risk has increased?
A) Implement security measures to reduce the risk.
B) Communicate the information to senior management.
C) Transfer the risk to third parties.
D) Assess the business impact.
2. Which of the following approaches is BEST for selecting controls to minimize information security risks?
A) Cost-benefit analysis
B) Control-effectiveness
C) Risk assessment
D) Industry best practices
3. Which of the following is the MOST appropriate course of action when the risk occurrence rate is low but the impact is high?
A) Risk transfer
B) Risk acceptance
C) Risk mitigation
D) Risk avoidance
4. Which of the following is the MOST effective way to communicate information security risk to senior management?
A) Business impact analysis
B) Balanced scorecard
C) Key performance indicators (KPIs)
D) Heat map
5. Security risk assessments should cover only information assets that:
A) are classified and labeled.
B) are inside the organization.
C) support business processes.
D) have tangible value.
A) Implement security measures to reduce the risk.
B) Communicate the information to senior management.
C) Transfer the risk to third parties.
D) Assess the business impact.
2. Which of the following approaches is BEST for selecting controls to minimize information security risks?
A) Cost-benefit analysis
B) Control-effectiveness
C) Risk assessment
D) Industry best practices
3. Which of the following is the MOST appropriate course of action when the risk occurrence rate is low but the impact is high?
A) Risk transfer
B) Risk acceptance
C) Risk mitigation
D) Risk avoidance
4. Which of the following is the MOST effective way to communicate information security risk to senior management?
A) Business impact analysis
B) Balanced scorecard
C) Key performance indicators (KPIs)
D) Heat map
5. Security risk assessments should cover only information assets that:
A) are classified and labeled.
B) are inside the organization.
C) support business processes.
D) have tangible value.
1. Right Answer: D
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment