Home > Certified Information Security Manager (CISM) > Quizzes > CISM: Risk Monitoring And Communication
CISM: Risk Monitoring And Communication
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 75% Most missed: “The security manager received a request to approve an exception to the security …”
CISM: Risk Monitoring And Communication
Time left 00:00
25 Questions

1. How should legal and regulatory requirements be considered?
2. What is the area of most concern for a security manager reviewing parameters for the acquisition of a new system?
3. What is the most effective way to address an insider security threat?
4. What is the primary objective of periodic analysis of the gap between controls and control objectives?
5. When should residual risk be determined?
6. What is the best way to understand the evolving nature of attacks?
7. An organization uses electronic swipe cards for physical access. The security manager has requested access to physical access data. What is the primary cause for asking for this data?
8. Which of the following vulnerabilities allows attackers access to data through a web application?
9. What is the best metric to determine the effectiveness of a control monitoring program?
10. What is an area of major concern for the use of cloud services?
11. An organization decides to not to comply with a recent set of regulations. What is the most likely reason for this decision?
12. The security policy of an organization mandates the encryption of data that is sent to external parties. However, a regulatory body insists unencrypted data is shared with them. What should the security manager do?
13. The risk of disruption due to distributed denial of service (DDoS) is regarded as what?
14. The security manager has been advised by an enforcement agency that their organization is the target of a group of hackers. What should be the first step for the security manager?
15. The effectiveness of a risk assessment can be best measured by what?
16. The best way to identify a new threat is to first do what?
17. What is an area of major concern for the use of mobile devices?
18. The continuous monitoring tool has flagged a non-compliance. What should be the first course of action by the security manager?
19. What are the results of risk analysis best used for?
20. The security manager noted an incident though none of the controls failed. What is the most likely cause of failure?
21. The security manager noted exceptions with a set of standards that result in significant risk. What should be the first course of action for the security manager?
22. What is the most important reason to include potential impact in a risk analysis?
23. What is the primary objective of a risk management program?
24. The security manager received a request to approve an exception to security standards for a proposed system change. What should be the best course of action for the security manager?
25. The security manager received a request to approve an exception to the security standard for a proposed system change. What should be the first course of action for the security manager?