CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 45
1. A successful risk management program should lead to:
A) optimization of risk reduction efforts against cost.
B) containment of losses to an annual budgeted amount.
C) identification and removal of all man-made threats.
D) elimination or transference of all organizational risks.
2. Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
A) Customer data stolen
B) An electrical power outage
C) A web site defaced by hackers
D) Loss of the software development team
3. The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
A) hourly billing rate charged by the carrier.
B) value of the data transmitted over the network.
C) aggregate compensation of all affected business users.
D) financial losses incurred by affected business units.
4. Which of the following is the MOST usable deliverable of an information security risk analysis?
A) Business impact analysis (BIA) report
B) List of action items to mitigate risk
C) Assignment of risks to process owners
D) Quantification of organizational risk
5. Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
A) Tree diagrams
B) Venn diagrams
C) Heat charts
D) Bar charts
A) optimization of risk reduction efforts against cost.
B) containment of losses to an annual budgeted amount.
C) identification and removal of all man-made threats.
D) elimination or transference of all organizational risks.
2. Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
A) Customer data stolen
B) An electrical power outage
C) A web site defaced by hackers
D) Loss of the software development team
3. The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
A) hourly billing rate charged by the carrier.
B) value of the data transmitted over the network.
C) aggregate compensation of all affected business users.
D) financial losses incurred by affected business units.
4. Which of the following is the MOST usable deliverable of an information security risk analysis?
A) Business impact analysis (BIA) report
B) List of action items to mitigate risk
C) Assignment of risks to process owners
D) Quantification of organizational risk
5. Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
A) Tree diagrams
B) Venn diagrams
C) Heat charts
D) Bar charts
1. Right Answer: A
Explanation: Successful risk management should lead to a breakeven point of risk reduction and cost. The other options listed are not achievable. Threats cannot be totally removed or transferred, while losses cannot be budgeted in advance with absolute certainty.
2. Right Answer: B
Explanation: The effect of the theft of customer data or web site defacement by hackers could lead to a permanent decline in customer confidence, which does not lend itself to measurement by quantitative techniques. Loss of a majority of the software development team could have similar unpredictable repercussions. However, the loss of electrical power for a short duration is more easily measurable and can be quantified into monetary amounts that can be assessed with quantitative techniques.
3. Right Answer: D
Explanation: The bottom line on calculating the impact of a loss is what its cost will be to the organization. The other choices are all factors that contribute to the overall monetary impact.
4. Right Answer: B
Explanation: Although all of these are important, the list of action items is used to reduce or transfer the current level of risk. The other options materially contribute to the way the actions are implemented.
5. Right Answer: C
Explanation: Meat charts, sometimes referred to as stoplight charts, quickly and clearly show the current status of remediation efforts. Venn diagrams show the connection between sets; tree diagrams are useful for decision analysis; and bar charts show relative size.
Explanation: Successful risk management should lead to a breakeven point of risk reduction and cost. The other options listed are not achievable. Threats cannot be totally removed or transferred, while losses cannot be budgeted in advance with absolute certainty.
2. Right Answer: B
Explanation: The effect of the theft of customer data or web site defacement by hackers could lead to a permanent decline in customer confidence, which does not lend itself to measurement by quantitative techniques. Loss of a majority of the software development team could have similar unpredictable repercussions. However, the loss of electrical power for a short duration is more easily measurable and can be quantified into monetary amounts that can be assessed with quantitative techniques.
3. Right Answer: D
Explanation: The bottom line on calculating the impact of a loss is what its cost will be to the organization. The other choices are all factors that contribute to the overall monetary impact.
4. Right Answer: B
Explanation: Although all of these are important, the list of action items is used to reduce or transfer the current level of risk. The other options materially contribute to the way the actions are implemented.
5. Right Answer: C
Explanation: Meat charts, sometimes referred to as stoplight charts, quickly and clearly show the current status of remediation efforts. Venn diagrams show the connection between sets; tree diagrams are useful for decision analysis; and bar charts show relative size.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment