CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 73
1. Several significant risks have been identified after a centralized risk register was compiled and prioritized. The information security manager's most important action is to:
A) provide senior management with risk treatment options.
B) design and implement controls to reduce the risk.
C) consult external third parties on how to treat the risk.
D) ensure that employees are aware of the risk.
2. An organization's marketing department wants to use an online collaboration service which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
A) the information security manager
B) business senior management
C) the chief risk officer
D) the compliance officer.
3. The risk of mishandling alerts identified by an intrusion detection system (IDS) would be the GREATEST when:
A) standard operating procedures are not formalized
B) the IT infrastructure is diverse
C) IDS sensors are misconfigured.
D) operations and monitoring are handled by different teams.
4. An information security manager has been informed of a new vulnerability in an online banking application, and patch to resolve this issue is expected to be released in the next 72 hours. The information security manager's MOST important course of action should be to:
A) assess the risk and advise senior management.
B) identify and implement mitigating controls.
C) run the application system in offline mode.
D) perform a business impact analysis (BIA).
5. An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
A) Conduct a risk analysis
B) Escalate to the chief risk officer
C) Conduct a vulnerability analysis
D) Determine compensating controls
A) provide senior management with risk treatment options.
B) design and implement controls to reduce the risk.
C) consult external third parties on how to treat the risk.
D) ensure that employees are aware of the risk.
2. An organization's marketing department wants to use an online collaboration service which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
A) the information security manager
B) business senior management
C) the chief risk officer
D) the compliance officer.
3. The risk of mishandling alerts identified by an intrusion detection system (IDS) would be the GREATEST when:
A) standard operating procedures are not formalized
B) the IT infrastructure is diverse
C) IDS sensors are misconfigured.
D) operations and monitoring are handled by different teams.
4. An information security manager has been informed of a new vulnerability in an online banking application, and patch to resolve this issue is expected to be released in the next 72 hours. The information security manager's MOST important course of action should be to:
A) assess the risk and advise senior management.
B) identify and implement mitigating controls.
C) run the application system in offline mode.
D) perform a business impact analysis (BIA).
5. An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
A) Conduct a risk analysis
B) Escalate to the chief risk officer
C) Conduct a vulnerability analysis
D) Determine compensating controls
1. Right Answer: A
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment