CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 110
1. Which of the following if the MOST significant advantage of developing a well-defined information security strategy?
A) Support for buy-in from organizational employees
B) Allocation of resources to highest priorities
C) Prevention of deviations from risk tolerance thresholds
D) Increased maturity of incident response processes
2. Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
A) The indicator should possess a high correlation with a specific risk and be measured on a regular basis.
B) The indicator should focus on IT and accurately represent risk variances.
C) The indicator should align with key performance indicators and measure root causes of process performance issues.
D) The indicator should provide a retrospective view of risk impacts and be measured annually.
3. When implementing security architecture, an information security manager MUST ensure that security controls:
A) form multiple barriers against threats.
B) are transparent.
C) are the least expensive.
D) are communicated through security policies.
4. An information security manager is reviewing the business case for a security project that is entering the development phase. It is determined that the estimated cost of the controls is now greater than the risk being mitigated.The information security manager's BEST recommendation would be to:
A) eliminate some of the controls from the project scope.
B) discontinue the project to release funds for other efforts.
C) pursue the project until the benefits cover the costs.
D) slow the pace of the project to spread costs over a longer period.
5. The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy.Which of the following is the MOST likely reason?
A) The strategy does not include a cost-benefit analysis.
B) The CISO reports to the CIO.
C) There was a lack of engagement with the business during development.
D) The strategy does not comply with security standards.
A) Support for buy-in from organizational employees
B) Allocation of resources to highest priorities
C) Prevention of deviations from risk tolerance thresholds
D) Increased maturity of incident response processes
2. Which of the following is an important criterion for developing effective key risk indicators (KRIs) to monitor information security risk?
A) The indicator should possess a high correlation with a specific risk and be measured on a regular basis.
B) The indicator should focus on IT and accurately represent risk variances.
C) The indicator should align with key performance indicators and measure root causes of process performance issues.
D) The indicator should provide a retrospective view of risk impacts and be measured annually.
3. When implementing security architecture, an information security manager MUST ensure that security controls:
A) form multiple barriers against threats.
B) are transparent.
C) are the least expensive.
D) are communicated through security policies.
4. An information security manager is reviewing the business case for a security project that is entering the development phase. It is determined that the estimated cost of the controls is now greater than the risk being mitigated.The information security manager's BEST recommendation would be to:
A) eliminate some of the controls from the project scope.
B) discontinue the project to release funds for other efforts.
C) pursue the project until the benefits cover the costs.
D) slow the pace of the project to spread costs over a longer period.
5. The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy.Which of the following is the MOST likely reason?
A) The strategy does not include a cost-benefit analysis.
B) The CISO reports to the CIO.
C) There was a lack of engagement with the business during development.
D) The strategy does not comply with security standards.
1. Right Answer: C
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment