CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 70
1. Which of the following is an indicator of improvement in the ability to identify security risks?
A) Increased number of reported security incidents.
B) Decreased number of staff requiring information security training.
C) Decreased number of information security risk assessments.
D) Increased number of security audit issues resolved.
2. Which of the following is the -important step in risk ranking?
A) Impact assessment
B) Mitigation cost
C) Threat assessment
D) Vulnerability analysis
3. An organization is considering moving one of its critical business applications to a cloud hosting service. The cloud provider may not provide the same level ofBEST -security for this application as the organization. Which of the following will provide the information to help maintain the security posture?
A) Risk assessment
B) Cloud security strategy
C) Vulnerability assessment
D) Risk governance framework
4. Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
A) inform senior management
B) update the risk assessment
C) validate the user acceptance testing
D) modify key risk indicators
5. Which of the following would BEST mitigate identified vulnerabilities in a timely manner?
A) Continuous vulnerability monitoring tool
B) Categorization of the vulnerabilities based on system's criticality
C) Monitoring of key risk indicators (KRIs)
D) Action plan with responsibilities and deadlines
A) Increased number of reported security incidents.
B) Decreased number of staff requiring information security training.
C) Decreased number of information security risk assessments.
D) Increased number of security audit issues resolved.
2. Which of the following is the -important step in risk ranking?
A) Impact assessment
B) Mitigation cost
C) Threat assessment
D) Vulnerability analysis
3. An organization is considering moving one of its critical business applications to a cloud hosting service. The cloud provider may not provide the same level ofBEST -security for this application as the organization. Which of the following will provide the information to help maintain the security posture?
A) Risk assessment
B) Cloud security strategy
C) Vulnerability assessment
D) Risk governance framework
4. Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:
A) inform senior management
B) update the risk assessment
C) validate the user acceptance testing
D) modify key risk indicators
5. Which of the following would BEST mitigate identified vulnerabilities in a timely manner?
A) Continuous vulnerability monitoring tool
B) Categorization of the vulnerabilities based on system's criticality
C) Monitoring of key risk indicators (KRIs)
D) Action plan with responsibilities and deadlines
1. Right Answer: D
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation: Explanations -One approach seeing increasing use is to report and monitor risk through the use of key risk indicators (KRIs). KRIs can be defined as measures that, in some manner, indicate when an enterprise is subject to risk that exceeds a defined risk level. Typically, these indicators are trends in factors known to increase risk and are generally developed based on experience. They can be as diverse as increasing absenteeism or increased turnover in key employees to rising levels of security events or incidents.
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation: Explanations -One approach seeing increasing use is to report and monitor risk through the use of key risk indicators (KRIs). KRIs can be defined as measures that, in some manner, indicate when an enterprise is subject to risk that exceeds a defined risk level. Typically, these indicators are trends in factors known to increase risk and are generally developed based on experience. They can be as diverse as increasing absenteeism or increased turnover in key employees to rising levels of security events or incidents.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment