CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 71
1. Risk assessment should be conducted on a continuing basis because:
A) controls change on a continuing basis
B) the number of hacking incidents is increasing
C) management should be updated about changes in risk
D) factors that affect information security change
2. Which of the following BEST illustrates residual risk within an organization?
A) Risk management framework
B) Risk register
C) Business impact analysis
D) Heat map
3. Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process.Which of the following would be the manager's BEST course of action?
A) Add the outstanding risk to the acquiring organization's risk registry.
B) Re-assess the outstanding risk of the acquired company.
C) Re-evaluate the risk treatment plan for the outstanding risk.
D) Perform a vulnerability assessment of the acquired company's infrastructure.
4. An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:
A) keep an inventory of network and hardware addresses of all systems connected to the network.
B) install a stateful inspection firewall to prevent unauthorized network traffic.
C) implement network-level authentication and login to regulate access of devices to the network.
D) deploy an automated asset inventory discovery tool to identify devices that access the network.
5. A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?
A) Document the deficiencies in the risk register.
B) Disconnect the legacy system from the rest of the network.
C) Require that new systems that can meet the standards be implemented.
D) Develop processes to compensate for the deficiencies.
A) controls change on a continuing basis
B) the number of hacking incidents is increasing
C) management should be updated about changes in risk
D) factors that affect information security change
2. Which of the following BEST illustrates residual risk within an organization?
A) Risk management framework
B) Risk register
C) Business impact analysis
D) Heat map
3. Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process.Which of the following would be the manager's BEST course of action?
A) Add the outstanding risk to the acquiring organization's risk registry.
B) Re-assess the outstanding risk of the acquired company.
C) Re-evaluate the risk treatment plan for the outstanding risk.
D) Perform a vulnerability assessment of the acquired company's infrastructure.
4. An organization has recently experienced unauthorized device access to its network. To proactively manage the problem and mitigate this risk, the BEST preventive control would be to:
A) keep an inventory of network and hardware addresses of all systems connected to the network.
B) install a stateful inspection firewall to prevent unauthorized network traffic.
C) implement network-level authentication and login to regulate access of devices to the network.
D) deploy an automated asset inventory discovery tool to identify devices that access the network.
5. A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?
A) Document the deficiencies in the risk register.
B) Disconnect the legacy system from the rest of the network.
C) Require that new systems that can meet the standards be implemented.
D) Develop processes to compensate for the deficiencies.
1. Right Answer: A
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment