CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 31
1. When developing an information security governance framework, which of the following would be the MAIN impact when lacking senior management involvement?
A) Accountability for risk treatment is not clearly defined.
B) Information security responsibilities are not communicated effectively.
C) Resource requirements are not adequately considered.
D) Information security plans do not support business requirements.
2. Which of the following is the BEST way to facilitate the alignment between an organization's information security program and business objectives?
A) Information security is considered at the feasibility stage of all IT projects.
B) The information security governance committee includes representation from key business areas.
C) The chief executive officer reviews and approves the information security program.
D) The information security program is audited by the internal audit department.
3. The effectiveness of the information security process is reduced when an outsourcing organization:
A) is responsible for information security governance activities
B) receives additional revenue when security service levels are met
C) incurs penalties for failure to meet security service-level agreements
D) standardizes on a single access-control software product
4. What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?
A) Perform a gap analysis
B) Complete a control assessment
C) Submit a business case to support compliance
D) Update the risk register
5. Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?
A) Create a security exception
B) Perform a vulnerability assessment
C) Perform a gap analysis to determine needed resources
D) Assess the risk to business operations
A) Accountability for risk treatment is not clearly defined.
B) Information security responsibilities are not communicated effectively.
C) Resource requirements are not adequately considered.
D) Information security plans do not support business requirements.
2. Which of the following is the BEST way to facilitate the alignment between an organization's information security program and business objectives?
A) Information security is considered at the feasibility stage of all IT projects.
B) The information security governance committee includes representation from key business areas.
C) The chief executive officer reviews and approves the information security program.
D) The information security program is audited by the internal audit department.
3. The effectiveness of the information security process is reduced when an outsourcing organization:
A) is responsible for information security governance activities
B) receives additional revenue when security service levels are met
C) incurs penalties for failure to meet security service-level agreements
D) standardizes on a single access-control software product
4. What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?
A) Perform a gap analysis
B) Complete a control assessment
C) Submit a business case to support compliance
D) Update the risk register
5. Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?
A) Create a security exception
B) Perform a vulnerability assessment
C) Perform a gap analysis to determine needed resources
D) Assess the risk to business operations
1. Right Answer: C
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: C
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment