CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 75
1. After undertaking a security assessment of a production system, the information security manager is MOST likely to:
A) inform the system owner of any residual risks and propose measures to reduce them.
B) inform the development team of any residual risks, and together formulate risk reduction measures.
C) inform the IT manager of the residual risks and propose measures to reduce them.
D) establish an overall security program that minimizes the residual risks of that production system.
2. Mitigating technology risks to acceptable levels should be based PRIMARILY upon:
A) business process reengineering.
B) business process requirement.
C) legal and regulatory requirements.
D) information security budget.
3. After assessing risk, the decision to treat the risk should be based PRIMARILY on:
A) availability of financial resources.
B) whether the level of risk exceeds risk appetite.
C) whether the level of risk exceeds inherent risk.
D) the criticality of the risk.
4. Which of the following is the MOST important prerequisite to performing an information security risk assessment?
A) Classifying assets
B) Determining risk tolerance
C) Reviewing the business impact analysis
D) Assessing threats and vulnerabilities
5. When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A) Assess vulnerabilities.
B) Manage the impact.
C) Evaluate potential threats.
D) Identify unacceptable risk levels.
A) inform the system owner of any residual risks and propose measures to reduce them.
B) inform the development team of any residual risks, and together formulate risk reduction measures.
C) inform the IT manager of the residual risks and propose measures to reduce them.
D) establish an overall security program that minimizes the residual risks of that production system.
2. Mitigating technology risks to acceptable levels should be based PRIMARILY upon:
A) business process reengineering.
B) business process requirement.
C) legal and regulatory requirements.
D) information security budget.
3. After assessing risk, the decision to treat the risk should be based PRIMARILY on:
A) availability of financial resources.
B) whether the level of risk exceeds risk appetite.
C) whether the level of risk exceeds inherent risk.
D) the criticality of the risk.
4. Which of the following is the MOST important prerequisite to performing an information security risk assessment?
A) Classifying assets
B) Determining risk tolerance
C) Reviewing the business impact analysis
D) Assessing threats and vulnerabilities
5. When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A) Assess vulnerabilities.
B) Manage the impact.
C) Evaluate potential threats.
D) Identify unacceptable risk levels.
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment