CISM: Implementing Risk Management
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 33% Most missed: “Which risk of a new application should be assessed first?”
CISM: Implementing Risk Management
Time left 00:00
25 Questions

1. What is the most effective option for addressing the defined threat?
2. The information security manager has noted that due to slow biometric responses and a large number of employees, a substantial amount of time is wasted in gaining access to buildings. This has also increased instances of piggybacking. What should the security manager do?
3. The enterprise's current risk appetite can be best quantitatively indicated by which of the following?
4. When should a risk assessment be performed in an SDLC life cycle?
5. Risk acceptance is one of the components of which of the following?
6. What is the best way to address the excessive exposure of sensitive databases?
7. What is the most effective way to select a control when there is a budget constraint?
8. What is the SDLC phase in which risk assessment should first be conducted?
9. What is the prime objective of a cost-benefit analysis before control is implemented?
10. What are the results of the risk management process used for?
11. Prioritization of risk is based on what?
12. In a BCP, prioritizing an action is primarily dependent on what?
13. An indemnification clause in a service agreement does what?
14. What is the prime objective of a gap analysis?
15. Which risk of a new application should be assessed first?
16. What is the best way to mitigate the liability risks that arise due to breaches in privacy laws?
17. What is the most effective way to determine the existing level of risk?
18. What is the best risk treatment method?
19. What is the best way to protect confidential information from insider threats?
20. What is the first course of action when integrating risk management practices into business processes?
21. What area is of most concern for a security manager concerning a homogeneous network?
22. What is the most effective risk treatment where the probability of the event occurring is very low but the impact can be very high?
23. What area is a major concern when arranging for disaster recovery in a reciprocal agreement?
24. What is the most likely reason for the security manager to not be concerned about an identified major threat?
25. An organization has two servers having similar content, but only if the server is hardened. What is the most plausible reason for this?