CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 40
1. The value of information assets is BEST determined by:
A) individual business managers.
B) business systems analysts.
C) information security management.
D) industry averages benchmarking.
2. During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
A) Feasibility
B) Design
C) Development
D) Testing
3. The MOST effective way to incorporate risk management practices into existing production systems is through:
A) policy development.
B) change management.
C) awareness training.
D) regular monitoring.
4. Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
A) Gap analysis
B) Regression analysis
C) Risk analysis
D) Business impact analysis
5. The recovery time objective (RTO) is reached at which of the following milestones?
A) Disaster declaration
B) Recovery of the backups
C) Restoration of the system
D) Return to business as usual processing
A) individual business managers.
B) business systems analysts.
C) information security management.
D) industry averages benchmarking.
2. During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
A) Feasibility
B) Design
C) Development
D) Testing
3. The MOST effective way to incorporate risk management practices into existing production systems is through:
A) policy development.
B) change management.
C) awareness training.
D) regular monitoring.
4. Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
A) Gap analysis
B) Regression analysis
C) Risk analysis
D) Business impact analysis
5. The recovery time objective (RTO) is reached at which of the following milestones?
A) Disaster declaration
B) Recovery of the backups
C) Restoration of the system
D) Return to business as usual processing
1. Right Answer: A
Explanation: Individual business managers are in the best position to determine the value of information assets since they are most knowledgeable of the assets' impact on the business. Business systems developers and information security managers are not as knowledgeable regarding the impact on the business. Peer companies' industry averages do not necessarily provide detailed enough information nor are they as relevant to the unique aspects of the business.
2. Right Answer: A
Explanation: Risk should be addressed as early in the development of a new application system as possible. In some cases, identified risks could be mitigated through design changes. If needed changes are not identified until design has already commenced, such changes become more expensive. For this reason, beginning risk assessment during the design, development or testing phases is not the best solution.
3. Right Answer: B
Explanation: Change is a process in which new risks can be introduced into business processes and systems. For this reason, risk management should be an integral component of the change management process. Policy development, awareness training and regular monitoring, although all worthwhile activities, are not as effective as change management.
4. Right Answer: D
Explanation: Recovery time objectives (RTOs) are a primary deliverable of a business impact analysis. RTOs relate to the financial impact of a system not being available. A gap analysis is useful in addressing the differences between the current state and an ideal future state. Regression analysis is used to test changes to program modules. Risk analysis is a component of the business impact analysis.
5. Right Answer: C
Explanation: The recovery time objective (RTO) is based on the amount of time required to restore a system; disaster declaration occurs at the beginning of this period.Recovery of the backups occurs shortly after the beginning of this period. Return to business as usual processing occurs significantly later than the RTO. RTO is an 'objective,' and full restoration may or may not coincide with the RTO. RTO can be the minimum acceptable operational level, far short of normal operations.
Explanation: Individual business managers are in the best position to determine the value of information assets since they are most knowledgeable of the assets' impact on the business. Business systems developers and information security managers are not as knowledgeable regarding the impact on the business. Peer companies' industry averages do not necessarily provide detailed enough information nor are they as relevant to the unique aspects of the business.
2. Right Answer: A
Explanation: Risk should be addressed as early in the development of a new application system as possible. In some cases, identified risks could be mitigated through design changes. If needed changes are not identified until design has already commenced, such changes become more expensive. For this reason, beginning risk assessment during the design, development or testing phases is not the best solution.
3. Right Answer: B
Explanation: Change is a process in which new risks can be introduced into business processes and systems. For this reason, risk management should be an integral component of the change management process. Policy development, awareness training and regular monitoring, although all worthwhile activities, are not as effective as change management.
4. Right Answer: D
Explanation: Recovery time objectives (RTOs) are a primary deliverable of a business impact analysis. RTOs relate to the financial impact of a system not being available. A gap analysis is useful in addressing the differences between the current state and an ideal future state. Regression analysis is used to test changes to program modules. Risk analysis is a component of the business impact analysis.
5. Right Answer: C
Explanation: The recovery time objective (RTO) is based on the amount of time required to restore a system; disaster declaration occurs at the beginning of this period.Recovery of the backups occurs shortly after the beginning of this period. Return to business as usual processing occurs significantly later than the RTO. RTO is an 'objective,' and full restoration may or may not coincide with the RTO. RTO can be the minimum acceptable operational level, far short of normal operations.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment