CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 65
1. It is MOST important for an information security manager to ensure that security risk assessments are performed:
A) consistently throughout the enterprise
B) during a root cause analysis
C) as part of the security business case
D) in response to the threat landscape
2. An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?
A) Perform a threat modeling exercise
B) Develop a risk profile
C) Design risk management processes
D) Select a governance framework
3. Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
A) Integrating the risk assessment into the internal audit program
B) Applying global security standards to the IT projects
C) Training project managers on risk assessment
D) Having the information security manager participate on the project setting committees
4. An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?
A) Conduct an evaluation of controls
B) Determine if the risk is within the risk appetite
C) Implement countermeasures to mitigate risk
D) Classify all identified risks
5. Which of the following would be the BEST indicator that an organization is appropriately managing risk?
A) The number of security incident events reported by staff has increased
B) Risk assessment results are within tolerance
C) A penetration test does not identify any high-risk system vulnerabilities
D) The number of events reported from the intrusion detection system has declined
A) consistently throughout the enterprise
B) during a root cause analysis
C) as part of the security business case
D) in response to the threat landscape
2. An information security manager has been asked to create a strategy to protect the organization's information from a variety of threat vectors. Which of the following should be done FIRST?
A) Perform a threat modeling exercise
B) Develop a risk profile
C) Design risk management processes
D) Select a governance framework
3. Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?
A) Integrating the risk assessment into the internal audit program
B) Applying global security standards to the IT projects
C) Training project managers on risk assessment
D) Having the information security manager participate on the project setting committees
4. An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?
A) Conduct an evaluation of controls
B) Determine if the risk is within the risk appetite
C) Implement countermeasures to mitigate risk
D) Classify all identified risks
5. Which of the following would be the BEST indicator that an organization is appropriately managing risk?
A) The number of security incident events reported by staff has increased
B) Risk assessment results are within tolerance
C) A penetration test does not identify any high-risk system vulnerabilities
D) The number of events reported from the intrusion detection system has declined
1. Right Answer: A
Explanation: -14
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B
Explanation:
Explanation: -14
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: B
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment