Home > Certified Information Security Manager (CISM) > Quizzes > CISM: Risk Assessment And Analysis Methodologies
CISM: Risk Assessment And Analysis Methodologies
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 51% Most missed: “The most important element of a quantitative risk analysis is that the result do…”
CISM: Risk Assessment And Analysis Methodologies
Time left 00:00
25 Questions

1. What is the most important factor when reviewing the migration of IT operations to an offshore location?
2. Which is the most important aspect of the effective risk management of IT activities?
3. The security manager has noted a security breach at another organization that has employed similar technology. What should be the next course of action for the security manager?
4. What is the objective of calculating Value at Risk?
5. What is the most important aspect to be included in a BYOD policy?
6. The security manager has observed that the organization is using FTP access, which can be exploited. Which of the following is used to determine the necessity for remedial action?
7. The most important element of a quantitative risk analysis is that the result does what?
8. The security manager has received a request from the IT function to not update the business impact analysis for a new application as there is no change in the business process. What should be the next course of action for the security manager?
9. A project for implementing new regulatory requirements should be primarily driven by which of the following?
10. What is the main objective of a network vulnerability assessment?
11. A security manager is conducting a qualitative risk analysis. What is the best way to get the most reliable result?
12. What is the risk register best used for?
13. When should a risk assessment for a project be performed?
14. Quantitative risk assessment is best used to assess which of the following?
15. The security manager has noted that there is a considerable delay between identifying a vulnerability and applying a patch. What should be the first course of action to address the risk during this period?
16. The security manager has noted that a new regulatory requirement applies to the organization. What should be the next course of action?
17. What is the main objective of conducting a risk assessment consistently?
18. As per good practices, when should a full risk reassessment be performed?
19. The security manager has received a request from a business unit to implement a new technology that is against the information security standards. What should be the next course of action for the information security manager?
20. What is the best way to treat vulnerabilities?
21. What is the main objective when using risk assessment techniques?
22. Which of the following is used to identify deficiencies in the system?
23. The security manager should be most concerned about what while evaluating a vulnerability scanning tool?
24. Which of the following components of a risk assessment will require the highest amount of speculation?
25. The security manager has noted that not all employees comply with the access control policy for the data center. To address this issue, the security manager should do what?