CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 41
1. Which of the following results from the risk assessment process would BEST assist risk management decision making?
A) Control risk
B) Inherent risk
C) Risk exposure
D) Residual risk
2. The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
A) Mitigating controls
B) Visibility of impact
C) Likelihood of occurrence
D) Incident frequency
3. Risk acceptance is a component of which of the following?
A) Assessment
B) Mitigation
C) Evaluation
D) Monitoring
4. Risk management programs are designed to reduce risk to:
A) a level that is too small to be measurable.
B) the point at which the benefit exceeds the expense.
C) a level that the organization is willing to accept.
D) a rate of return that equals the current cost of capital.
5. A risk assessment should be conducted:
A) once a year for each business process and subprocess.
B) every three to six months for critical business processes.
C) by external parties to maintain objectivity.
D) annually or whenever there is a significant change.
A) Control risk
B) Inherent risk
C) Risk exposure
D) Residual risk
2. The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
A) Mitigating controls
B) Visibility of impact
C) Likelihood of occurrence
D) Incident frequency
3. Risk acceptance is a component of which of the following?
A) Assessment
B) Mitigation
C) Evaluation
D) Monitoring
4. Risk management programs are designed to reduce risk to:
A) a level that is too small to be measurable.
B) the point at which the benefit exceeds the expense.
C) a level that the organization is willing to accept.
D) a rate of return that equals the current cost of capital.
5. A risk assessment should be conducted:
A) once a year for each business process and subprocess.
B) every three to six months for critical business processes.
C) by external parties to maintain objectivity.
D) annually or whenever there is a significant change.
1. Right Answer: D
Explanation: Residual risk provides management with sufficient information to decide to the level of risk that an organization is willing to accept. Control risk is the risk that a control may not succeed in preventing an undesirable event. Risk exposure is the likelihood of an undesirable event occurring. Inherent risk is an important factor to be considered during the risk assessment.
2. Right Answer: B
Explanation: Visibility of impact is the best measure since it manages risks to an organization in the timeliest manner. Likelihood of occurrence and incident frequency are not as relevant. Mitigating controls is not a determining factor on incident reporting.
3. Right Answer: B
Explanation: Risk acceptance is one of the alternatives to be considered in the risk mitigation process. Assessment and evaluation are components of the risk analysis process.Risk acceptance is not a component of monitoring.
4. Right Answer: C
Explanation: Risk should be reduced to a level that an organization is willing to accept. Reducing risk to a level too small to measure is impractical and is often cost-prohibitive.To tie risk to a specific rate of return ignores the qualitative aspects of risk that must also be considered. Depending on the risk preference of an organization, it may or may not choose to pursue risk mitigation to the point at which the benefit equals or exceeds the expense. Therefore, choice C is a more precise answer.
5. Right Answer: D
Explanation: Risks are constantly changing. Choice D offers the best alternative because it takes into consideration a reasonable time frame and allows flexibility to address significant change. Conducting a risk assessment once a year is insufficient if important changes take place. Conducting a risk assessment every three-to-six months for critical processes may not be necessary, or it may not address important changes in a timely manner. It is not necessary for assessments to be performed by external parties.
Explanation: Residual risk provides management with sufficient information to decide to the level of risk that an organization is willing to accept. Control risk is the risk that a control may not succeed in preventing an undesirable event. Risk exposure is the likelihood of an undesirable event occurring. Inherent risk is an important factor to be considered during the risk assessment.
2. Right Answer: B
Explanation: Visibility of impact is the best measure since it manages risks to an organization in the timeliest manner. Likelihood of occurrence and incident frequency are not as relevant. Mitigating controls is not a determining factor on incident reporting.
3. Right Answer: B
Explanation: Risk acceptance is one of the alternatives to be considered in the risk mitigation process. Assessment and evaluation are components of the risk analysis process.Risk acceptance is not a component of monitoring.
4. Right Answer: C
Explanation: Risk should be reduced to a level that an organization is willing to accept. Reducing risk to a level too small to measure is impractical and is often cost-prohibitive.To tie risk to a specific rate of return ignores the qualitative aspects of risk that must also be considered. Depending on the risk preference of an organization, it may or may not choose to pursue risk mitigation to the point at which the benefit equals or exceeds the expense. Therefore, choice C is a more precise answer.
5. Right Answer: D
Explanation: Risks are constantly changing. Choice D offers the best alternative because it takes into consideration a reasonable time frame and allows flexibility to address significant change. Conducting a risk assessment once a year is insufficient if important changes take place. Conducting a risk assessment every three-to-six months for critical processes may not be necessary, or it may not address important changes in a timely manner. It is not necessary for assessments to be performed by external parties.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment