CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 391
1. Which of the following would provide the BEST justification for a new information security investment?
A) Defined key performance indicators (KPIs)
B) Projected reduction in risk
C) Results of a comprehensive threat analysis
D) Senior management involvement in project prioritization
2. Which of the following is MOST likely to prevent social engineering attacks?
A) Security awareness program
B) Employee background checks
C) Implementing positive identification policies
D) Enforcing stronger hiring policies
3. The recovery point objective (RPO) is required in which of the following?
A) Information security plan
B) Incident response plan
C) Disaster recovery plan
D) Business continuity plan
4. After assessing risk, the decision to treat the risk should be based PRIMARILY on:
A) whether the level of risk exceeds risk appetite
B) availability of financial resources
C) whether the level of risk exceeds inherent risk
D) the criticality of the risk
5. When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A) Identity unacceptable risk levels
B) Manage the impact
C) Evaluate potential threats
D) Assess vulnerabilities
A) Defined key performance indicators (KPIs)
B) Projected reduction in risk
C) Results of a comprehensive threat analysis
D) Senior management involvement in project prioritization
2. Which of the following is MOST likely to prevent social engineering attacks?
A) Security awareness program
B) Employee background checks
C) Implementing positive identification policies
D) Enforcing stronger hiring policies
3. The recovery point objective (RPO) is required in which of the following?
A) Information security plan
B) Incident response plan
C) Disaster recovery plan
D) Business continuity plan
4. After assessing risk, the decision to treat the risk should be based PRIMARILY on:
A) whether the level of risk exceeds risk appetite
B) availability of financial resources
C) whether the level of risk exceeds inherent risk
D) the criticality of the risk
5. When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?
A) Identity unacceptable risk levels
B) Manage the impact
C) Evaluate potential threats
D) Assess vulnerabilities
1. Right Answer: C
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment