CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 72
1. Which of the following is the PRIMARY goal of a risk management program?
A) Implement preventive controls against threats.
B) Manage the business impact of inherent risks.
C) Manage compliance with organizational policies.
D) Reduce the organization's risk appetite.
2. A risk management program will be MOST effective when:
A) risk appetite is sustained for a long period
B) risk assessments are repeated periodically
C) risk assessments are conducted by a third party
D) business units are involved in risk assessments
3. The objective of risk management is to reduce risk to the minimum level that is:
A) compliant with security policies
B) practical given industry and regulatory environments.
C) achievable from technical and financial perspectives.
D) acceptable given the preference of the organization.
4. The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
A) identify change in security exposures.
B) reduce risk management costs.
C) meet regulatory compliance requirements.
D) minimize the loss from security incidents.
5. Which of the following would be MOST helpful in determining an organization's current capacity to mitigate risk?
A) Capability maturity model
B) Business impact analysis
C) IT security risk and exposure
D) Vulnerability assessment
A) Implement preventive controls against threats.
B) Manage the business impact of inherent risks.
C) Manage compliance with organizational policies.
D) Reduce the organization's risk appetite.
2. A risk management program will be MOST effective when:
A) risk appetite is sustained for a long period
B) risk assessments are repeated periodically
C) risk assessments are conducted by a third party
D) business units are involved in risk assessments
3. The objective of risk management is to reduce risk to the minimum level that is:
A) compliant with security policies
B) practical given industry and regulatory environments.
C) achievable from technical and financial perspectives.
D) acceptable given the preference of the organization.
4. The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:
A) identify change in security exposures.
B) reduce risk management costs.
C) meet regulatory compliance requirements.
D) minimize the loss from security incidents.
5. Which of the following would be MOST helpful in determining an organization's current capacity to mitigate risk?
A) Capability maturity model
B) Business impact analysis
C) IT security risk and exposure
D) Vulnerability assessment
1. Right Answer: B
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment