Isaca CISM Quiz 126 Topic 4 Questions 626-630

Question: 1

Following a risk assessment new countermeasures have been approved by management. Which of the following should be performed NEXT?

ASchedule the target end date for implementation activities.

BDevelop an implementation strategy

CCalculate the residual risk for each countermeasure

DBudget the total cost of implementation activities.

Show Answer

Question: 2

Organization XYZ. a lucrative, Internet-only business, recently suffered a power outage that lasted 2 hours. The organization s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:

Acreate an FT hot site with immediate fail-over capability.

Binstall an uninterruptible power supply (UPS) and generator.

Cplan to operate at a reduced capacity from the primary place of business.

Dset up a duplicate business center in a geographically separate area.

Show Answer

Question: 3

Internal audit has reported a number of information security issues which are not in compliance with regulatory requirements. What should the information security manager do FIRST?

ACreate a security exception

BPerform a vulnerability assessment

CAssess the risk to business operations

DPerform a gap analysis to determine needed resources.

Show Answer

Question: 4

Which of the following provides the BEST justification for an information security investment when creating a business case

AThe investment can be managed using the organisation's established system development life cycle.

BKey risk indicators (KRIs) are available to measure the effectiveness and efficiency of the investment

CThe annualized loss expectancy (ALE) is greater than the annual cost of the investment.

DThe investment reduces the protected asset s inherent risk below the asset s residual risk

Show Answer

Question: 5

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

Akey performance indicators (KPIs).

Bcompliance with industry regulations.

Ctimeliness m responding to attacks.

Dlevel of support from senior management.

Show Answer

Isaca CISM Quiz:126 Topic:4 Questions:626-630