Isaca CISM Quiz 70 Topic 6 Questions 346-350

Question: 1

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

AAvailable annual budget

BRecovery time objective (RTO)

CCost-benefit analysis of mitigating controls

DMaximum tolerable outage (MTO)

Show Answer

Question: 2

Which of the following is MOST likely to be included in an enterprise security policy?

ARetention schedules

BOrganizational risk

CSystem access specifications

DDefinitions of responsibilities

Show Answer

Question: 3

Which of the following BEST indicates an effective vulnerability management program?

ASecurity incidents are reported in a timely manner.

BThreats are identified accurately.

CControls are managed proactively.

DRisks are managed within acceptable limits.

Show Answer

Question: 4

An information security manager is preparing incident response plans for an organization that processes personal and financial information. Which of the Following is the MOST important consideration?

AIdentifying regulatory requirements

BDetermining budgetary constraints.

CAligning with enterprise architecture (EA)

DAligning with an established industry framework

Show Answer

Question: 5

The PRIMARY purpose for defining key risk indicators (KRIs) for a security program is to:

Aensure mitigating controls meet specifications.

Bprovide information needed to take action.

Csupport investments in the security program.

Dcompare security program effectiveness to benchmarks.

Show Answer

Isaca CISM Quiz:70 Topic:6 Questions:346-350