CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 229
1. Which of the following is MOST important to evaluate after completing a risk action plan?
A) Threat profile
B) Inherent risk
C) Residual risk
D) Vulnerability landscape
2. Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?
A) Implement a separate change tracking system to record changes to configurations.
B) Perform periodic audits to detect non-compliant configurations.
C) Develop policies requiring use of the established benchmarks.
D) Implement automated scanning against the stablished benchmarks.
3. The PRIMARY benefit of integrating information security risk into enterprise risk management is to:
A) ensure timely risk mitigation.
B) justify the information security budget.
C) obtain senior management's commitment.
D) provide a holistic view of risk.
4. Which of the following should be the information security manager'sNEXT step following senior management approval of the information security strategy?
A) Develop a security policy.
B) Develop a budget.
C) Perform a gap analysis.
D) Form a steering committee.
5. Management is questioning the need for several items in the information security budget proposal.Which of the following would have been MOST helpful prior to budget submission?
A) Benchmarking information security efforts of industry competitors
B) Obtaining better pricing from information security service vendors
C) Presenting a report of current threats to the organization
D) Educating management on information security best practices
A) Threat profile
B) Inherent risk
C) Residual risk
D) Vulnerability landscape
2. Which of the following would BEST enable an organization to effectively monitor the implementation of standardized configurations?
A) Implement a separate change tracking system to record changes to configurations.
B) Perform periodic audits to detect non-compliant configurations.
C) Develop policies requiring use of the established benchmarks.
D) Implement automated scanning against the stablished benchmarks.
3. The PRIMARY benefit of integrating information security risk into enterprise risk management is to:
A) ensure timely risk mitigation.
B) justify the information security budget.
C) obtain senior management's commitment.
D) provide a holistic view of risk.
4. Which of the following should be the information security manager'sNEXT step following senior management approval of the information security strategy?
A) Develop a security policy.
B) Develop a budget.
C) Perform a gap analysis.
D) Form a steering committee.
5. Management is questioning the need for several items in the information security budget proposal.Which of the following would have been MOST helpful prior to budget submission?
A) Benchmarking information security efforts of industry competitors
B) Obtaining better pricing from information security service vendors
C) Presenting a report of current threats to the organization
D) Educating management on information security best practices
1. Right Answer: A
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment