CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 43
1. When residual risk is minimized:
A) acceptable risk is probable.
B) transferred risk is acceptable.
C) control risk is reduced.
D) risk is transferable.
2. Quantitative risk analysis is MOST appropriate when assessment data:
A) include customer perceptions.
B) contain percentage estimates.
C) do not contain specific details.
D) contain subjective information.
3. Which of the following is the MOST appropriate use of gap analysis?
A) Evaluating a business impact analysis (BIA)
B) Developing a balanced business scorecard
C) Demonstrating the relationship between controls
D) Measuring current state vs. desired future state
4. Identification and prioritization of business risk enables project managers to:
A) establish implementation milestones.
B) reduce the overall amount of slack time.
C) address areas with most significance.
D) accelerate completion of critical paths.
5. The recovery point objective (RPO) requires which of the following?
A) Disaster declaration
B) Before-image restoration
C) System restoration
D) After-image processing
A) acceptable risk is probable.
B) transferred risk is acceptable.
C) control risk is reduced.
D) risk is transferable.
2. Quantitative risk analysis is MOST appropriate when assessment data:
A) include customer perceptions.
B) contain percentage estimates.
C) do not contain specific details.
D) contain subjective information.
3. Which of the following is the MOST appropriate use of gap analysis?
A) Evaluating a business impact analysis (BIA)
B) Developing a balanced business scorecard
C) Demonstrating the relationship between controls
D) Measuring current state vs. desired future state
4. Identification and prioritization of business risk enables project managers to:
A) establish implementation milestones.
B) reduce the overall amount of slack time.
C) address areas with most significance.
D) accelerate completion of critical paths.
5. The recovery point objective (RPO) requires which of the following?
A) Disaster declaration
B) Before-image restoration
C) System restoration
D) After-image processing
1. Right Answer: A
Explanation: Since residual risk is the risk that remains after putting into place an effective risk management program, it is probable that the organization will decide that it is an acceptable risk if sufficiently minimized. Transferred risk is risk that has been assumed by a third party, therefore its magnitude is not relevant. Accordingly, choices B and D are incorrect since transferred risk does not necessarily indicate whether risk is at an acceptable level. Minimizing residual risk will not reduce control risk.
2. Right Answer: B
Explanation: Percentage estimates are characteristic of quantitative risk analysis. Customer perceptions, lack of specific details or subjective information lend themselves more to qualitative risk analysis.
3. Right Answer: D
Explanation: A gap analysis is most useful in addressing the differences between the current state and an ideal future state. It is not as appropriate for evaluating a business impact analysis (BIA), developing a balanced business scorecard or demonstrating the relationship between variables.
4. Right Answer: C
Explanation: Identification and prioritization of risk allows project managers to focus more attention on areas of greater importance and impact. It will not reduce the overall amount of slack time, facilitate establishing implementation milestones or allow a critical path to be completed any sooner.
5. Right Answer: B
Explanation: The recovery point objective (RPO) is the point in the processing flow at which system recovery should occur. This is the predetermined state of the application processing and data used to restore the system and to continue the processing flow. Disaster declaration is independent of this processing checkpoint.Restoration of the system can occur at a later date, as does the return to normal, after-image processing.
Explanation: Since residual risk is the risk that remains after putting into place an effective risk management program, it is probable that the organization will decide that it is an acceptable risk if sufficiently minimized. Transferred risk is risk that has been assumed by a third party, therefore its magnitude is not relevant. Accordingly, choices B and D are incorrect since transferred risk does not necessarily indicate whether risk is at an acceptable level. Minimizing residual risk will not reduce control risk.
2. Right Answer: B
Explanation: Percentage estimates are characteristic of quantitative risk analysis. Customer perceptions, lack of specific details or subjective information lend themselves more to qualitative risk analysis.
3. Right Answer: D
Explanation: A gap analysis is most useful in addressing the differences between the current state and an ideal future state. It is not as appropriate for evaluating a business impact analysis (BIA), developing a balanced business scorecard or demonstrating the relationship between variables.
4. Right Answer: C
Explanation: Identification and prioritization of risk allows project managers to focus more attention on areas of greater importance and impact. It will not reduce the overall amount of slack time, facilitate establishing implementation milestones or allow a critical path to be completed any sooner.
5. Right Answer: B
Explanation: The recovery point objective (RPO) is the point in the processing flow at which system recovery should occur. This is the predetermined state of the application processing and data used to restore the system and to continue the processing flow. Disaster declaration is independent of this processing checkpoint.Restoration of the system can occur at a later date, as does the return to normal, after-image processing.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment