CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 68
1. To effectively manage an organization's information security risk, it is MOST important to:
A) periodically identify and correct new systems vulnerabilities
B) assign risk management responsibility to end users
C) benchmark risk scenarios against peer organizations
D) establish and communicate risk tolerance
2. Which of the following is the BEST course of action for the information security manager when residual risk is above the acceptable level of risk?
A) Perform cost-benefit analysis
B) Recommend additional controls
C) Carry out risk assessment
D) Defer to business management
3. Which of the following is the BEST reason to initiate a reassessment of current risk?
A) Follow-up to an audit report
B) A recent security incident
C) Certification requirements
D) Changes to security personnel
4. Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
A) Evaluate whether an excessive level of control is being applied.
B) Ask senior management to increase the acceptable risk levels.
C) Implement more stringent countermeasures.
D) Ask senior management to lower the acceptable risk levels.
5. When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
A) exposure to meet risk tolerance levels.
B) the likelihood of threat.
C) financial loss by transferring risk.
D) the number of security vulnerabilities.
A) periodically identify and correct new systems vulnerabilities
B) assign risk management responsibility to end users
C) benchmark risk scenarios against peer organizations
D) establish and communicate risk tolerance
2. Which of the following is the BEST course of action for the information security manager when residual risk is above the acceptable level of risk?
A) Perform cost-benefit analysis
B) Recommend additional controls
C) Carry out risk assessment
D) Defer to business management
3. Which of the following is the BEST reason to initiate a reassessment of current risk?
A) Follow-up to an audit report
B) A recent security incident
C) Certification requirements
D) Changes to security personnel
4. Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
A) Evaluate whether an excessive level of control is being applied.
B) Ask senior management to increase the acceptable risk levels.
C) Implement more stringent countermeasures.
D) Ask senior management to lower the acceptable risk levels.
5. When selecting risk response options to manage risk, an information security manager's MAIN focus should be on reducing:
A) exposure to meet risk tolerance levels.
B) the likelihood of threat.
C) financial loss by transferring risk.
D) the number of security vulnerabilities.
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment