CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 61
1. When performing a qualitative risk analysis, which of the following will BEST produce reliable results?
A) Estimated productivity losses
B) Possible scenarios with threats and impacts
C) Value of information assets
D) Vulnerability assessment
2. Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?
A) User assessments of changes
B) Comparison of the program results with industry standards
C) Assignment of risk within the organization
D) Participation by all members of the organization
3. The MOST effective use of a risk register is to:
A) identify risks and assign roles and responsibilities for mitigation.
B) identify threats and probabilities.
C) facilitate a thorough review of all IT-related risks on a periodic basis.
D) record the annualized financial amount of expected losses due to risks.
4. After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?
A) Define security metrics
B) Conduct a risk assessment
C) Perform a gap analysis
D) Procure security tools
5. Which of the following are the essential ingredients of a business impact analysis (B1A)?
A) Downtime tolerance, resources and criticality
B) Cost of business outages in a year as a factor of the security budget
C) Business continuity testing methodology being deployed
D) Structure of the crisis management team
A) Estimated productivity losses
B) Possible scenarios with threats and impacts
C) Value of information assets
D) Vulnerability assessment
2. Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?
A) User assessments of changes
B) Comparison of the program results with industry standards
C) Assignment of risk within the organization
D) Participation by all members of the organization
3. The MOST effective use of a risk register is to:
A) identify risks and assign roles and responsibilities for mitigation.
B) identify threats and probabilities.
C) facilitate a thorough review of all IT-related risks on a periodic basis.
D) record the annualized financial amount of expected losses due to risks.
4. After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?
A) Define security metrics
B) Conduct a risk assessment
C) Perform a gap analysis
D) Procure security tools
5. Which of the following are the essential ingredients of a business impact analysis (B1A)?
A) Downtime tolerance, resources and criticality
B) Cost of business outages in a year as a factor of the security budget
C) Business continuity testing methodology being deployed
D) Structure of the crisis management team
1. Right Answer: B
Explanation: Listing all possible scenarios that could occur, along with threats and impacts, will better frame the range of risks and facilitate a more informed discussion and decision. Estimated productivity losses, value of information assets and vulnerability assessments would not be sufficient on their own.
2. Right Answer: D
Explanation: Effective risk management requires participation, support and acceptance by all applicable members of the organization, beginning with the executive levels.Personnel must understand their responsibilities and be trained on how to fulfill their roles.
3. Right Answer: C
Explanation: A risk register is more than a simple list '' it should lie used as a tool to ensure comprehensive documentation, periodic review and formal update of all risk elements in the enterprise's IT and related organization. Identifying risks and assigning roles and responsibilities for mitigation are elements of the register.Identifying threats and probabilities are two elements that are defined in the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk register. While the annualized loss expectancy (ALE) should be included in the register, this quantification is only a single element in the overall risk analysis program.
4. Right Answer: B
Explanation: When establishing an information security program, conducting a risk assessment is key to identifying the needs of the organization and developing a security strategy. Defining security metrics, performing a gap analysis and procuring security tools are all subsequent considerations.
5. Right Answer: A
Explanation: The main purpose of a BIA is to measure the downtime tolerance, associated resources and criticality of a business function. Options B, C and D are all associated with business continuity planning, but are not related to the BIA.
Explanation: Listing all possible scenarios that could occur, along with threats and impacts, will better frame the range of risks and facilitate a more informed discussion and decision. Estimated productivity losses, value of information assets and vulnerability assessments would not be sufficient on their own.
2. Right Answer: D
Explanation: Effective risk management requires participation, support and acceptance by all applicable members of the organization, beginning with the executive levels.Personnel must understand their responsibilities and be trained on how to fulfill their roles.
3. Right Answer: C
Explanation: A risk register is more than a simple list '' it should lie used as a tool to ensure comprehensive documentation, periodic review and formal update of all risk elements in the enterprise's IT and related organization. Identifying risks and assigning roles and responsibilities for mitigation are elements of the register.Identifying threats and probabilities are two elements that are defined in the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk register. While the annualized loss expectancy (ALE) should be included in the register, this quantification is only a single element in the overall risk analysis program.
4. Right Answer: B
Explanation: When establishing an information security program, conducting a risk assessment is key to identifying the needs of the organization and developing a security strategy. Defining security metrics, performing a gap analysis and procuring security tools are all subsequent considerations.
5. Right Answer: A
Explanation: The main purpose of a BIA is to measure the downtime tolerance, associated resources and criticality of a business function. Options B, C and D are all associated with business continuity planning, but are not related to the BIA.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment