CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 37
1. Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?
A) Risk assessment
B) Business impact analysis (BIA)
C) Vulnerability assessment
D) Gap analysis
2. A new version of an information security regulation is published that requires an organization's compliance. The information security manager should FIRST:
A) perform an audit based on the new version of the regulation.
B) conduct a risk assessment to determine the risk of noncompliance.
C) conduct benchmarking against similar organizations.
D) perform a gap analysis against the new regulation.
3. When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A) details of expected security metrics.
B) each party's security responsibilities.
C) penalties for noncompliance with security policy.
D) recovery time objectives (RTOs).
4. Which of the following would be MOST useful to help senior management understand the status of information security compliance?
A) Industry benchmarks
B) Risk assessment results
C) Business impact analysis (BIA) results
D) Key performance indicators (KPIs)
5. Which of the following is MOST likely to be included in an enterprise information security policy?
A) Security monitoring strategy
B) Audit trail review requirements
C) Password composition requirements
D) Consequences of noncompliance
A) Risk assessment
B) Business impact analysis (BIA)
C) Vulnerability assessment
D) Gap analysis
2. A new version of an information security regulation is published that requires an organization's compliance. The information security manager should FIRST:
A) perform an audit based on the new version of the regulation.
B) conduct a risk assessment to determine the risk of noncompliance.
C) conduct benchmarking against similar organizations.
D) perform a gap analysis against the new regulation.
3. When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A) details of expected security metrics.
B) each party's security responsibilities.
C) penalties for noncompliance with security policy.
D) recovery time objectives (RTOs).
4. Which of the following would be MOST useful to help senior management understand the status of information security compliance?
A) Industry benchmarks
B) Risk assessment results
C) Business impact analysis (BIA) results
D) Key performance indicators (KPIs)
5. Which of the following is MOST likely to be included in an enterprise information security policy?
A) Security monitoring strategy
B) Audit trail review requirements
C) Password composition requirements
D) Consequences of noncompliance
1. Right Answer: D
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: D
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment