Isaca CISM Quiz 16 Topic 4 Questions 76-80

Question: 1

Which of the following is the BEST way to evaluate the impact of threat events on an organization's IT operations?

AControls review

BPenetration testing

CRisk assessment

DScenario analysis

Show Answer

Question: 2

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?

AThe ability to audit the third-party supplier's IT systems and processes

BAn independent review report indicating compliance with industry standards

CThird-party security control self-assessment results

DAlive demonstration of the third-party supplier's security capabilities

Show Answer

Question: 3

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

AEmerging security technologies

BRisk profile changes

CDefined risk appetite

DVulnerability scanning progress

Show Answer

Question: 4

Which of the following is the MAIN objective of a risk management program?

AReduce costs associated with incident response.

BReduce risk to the maximum extent possible.

CReduce risk to the level of the organization's risk appetite.

DReduce corporate liability for information security incidents.

Show Answer

Question: 5

Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?

AUpdate the information security policy.

BConduct a cost-benefit analysis.

CConsult corporate legal counsel.

DPerform a gap analysis.

Show Answer

Isaca CISM Quiz:16 Topic:4 Questions:76-80