Isaca CISM Quiz 26 Topic 3 Questions 126-130

Question: 1

An information security manager's PRIMARY objective for presenting key risks to the board of directors is to:

Are-evaluate the risk appetite.

Bmeet information security compliance requirements.

Censure appropriate information security governance.

Dquantify reputational risks

Show Answer

Question: 2

The PRIMARY objective of a risk response strategy should be:

Aappropriate control selection.

Bsenior management buy-in

Cregulatory compliance.

Dthreat reduction.

Show Answer

Question: 3

Which of the following is the MOST effective way to protect the authenticity of data in transit?

AHash value

BPublic key

CDigital signature

DPrivate key

Show Answer

Question: 4

An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?

AInitiating a cost-benefit analysis of the implemented controls

BReviewing the risk register

CPerforming a risk assessment

DConducting a business impact analysis (BIA)

Show Answer

Question: 5

Application data integrity risk is MOST directly addressed by a design that includes:

Aapplication log requirements such as field-level audit trails and user activity logs.

Bstrict application of an authorized data dictionary.

Caccess control technologies such as role-based entitlements.

Dreconciliation routines such as checksums, hash totals, and record counts.

Show Answer

Isaca CISM Quiz:26 Topic:3 Questions:126-130