CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 97
1. Of the following, who should the security manager consult FIRST when determining the severity level of a security incident involving a third-party vendor?
A) IT process owners
B) Business partners
C) Risk manager
D) Business process owners
2. An external security audit risk has reported multiple instances of control noncompliance. Which of the following would be MOST important for the information security manager to communicate to senior management?
A) The impact of noncompliance on the organization's risk profile
B) An accountability report to initiate remediation activities
C) A plan for mitigating the risk due to noncompliance
D) Control owner responses based on a root cause analysis
3. Which of the following is the MOST important outcome of effective risk treatment?
A) Timely reporting of incidents
B) Elimination of risk
C) Implementation of corrective actions
D) Reduced cost of maintaining controls
4. To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
A) rely on senior management to enforce security
B) promote the relevance and contribution of security
C) reiterate the necessity of security
D) focus on compliance
5. When developing an escalation process for an incident response plan, the information security manager should PRIMARLY consider the:
A) affected stakeholders
B) availability of technical resources
C) incident response team
D) media coverage
A) IT process owners
B) Business partners
C) Risk manager
D) Business process owners
2. An external security audit risk has reported multiple instances of control noncompliance. Which of the following would be MOST important for the information security manager to communicate to senior management?
A) The impact of noncompliance on the organization's risk profile
B) An accountability report to initiate remediation activities
C) A plan for mitigating the risk due to noncompliance
D) Control owner responses based on a root cause analysis
3. Which of the following is the MOST important outcome of effective risk treatment?
A) Timely reporting of incidents
B) Elimination of risk
C) Implementation of corrective actions
D) Reduced cost of maintaining controls
4. To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
A) rely on senior management to enforce security
B) promote the relevance and contribution of security
C) reiterate the necessity of security
D) focus on compliance
5. When developing an escalation process for an incident response plan, the information security manager should PRIMARLY consider the:
A) affected stakeholders
B) availability of technical resources
C) incident response team
D) media coverage
1. Right Answer: B
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment