Isaca CISM Quiz 11 Topic 5 Questions 51-55

Question: 1

When implementing a security policy for an organization handling personally identifiable information (PlI). the MOST important objective should be:

Adata availability.

Bsecurity awareness training.

Cstrong encryption.

Dregulatory compliance.

Show Answer

Question: 2

Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:

Athe magnitude of the impact, should a threat exploit a vulnerability.

Ba function of the cost and effectiveness of controls over a vulnerability.

Ca function of the likelihood and impact, should a threat exploit a vulnerability.

Dthe likelihood of a given threat attempting to exploit a vulnerability.

Show Answer

Question: 3

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?

AGap analysis results

BRisk assessment results

CRisk register

DHeat map

Show Answer

Question: 4

Which of the following is MOST important to the effectiveness of an information security program?

AAnnual audits of the program are conducted.

BUsers are trained on security policies and procedures.

CThe program is aligned to legal and regulatory requirements.

DThe program is aligned to a security control framework.

Show Answer

Question: 5

Using which of the following metrics will BEST help to determine the resiliency of IT infrastructure security controls?

ANumber of incidents resulting in disruptions

BNumber of successful disaster recovery tests

CFrequency of updates to system software

DPercentage of outstanding high-risk audit issues

Show Answer

Isaca CISM Quiz:11 Topic:5 Questions:51-55