Isaca CISM Quiz 33 Topic 3 Questions 161-165

Question: 1

The PRIMARY reason for defining the information security roles and responsibilities of staff throughout an organization is to:

Acomply with security policy.

Bincrease corporate accountability.

Cenforce individual accountability.

Dreinforce the need for training.

Show Answer

Question: 2

Which of the following components of an information security risk assessment is MOST valuable to senior management?

AReturn on investment (ROI)

BMitigation actions

CResidual risk

DThreat profile

Show Answer

Question: 3

Which of the following would be an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

AInconsistent device security

BConfiguration management

CMobile application control

DEnd user acceptance

Show Answer

Question: 4

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Arelates the investment to the organization's strategic plan

Barticulates management's intent and information security directives in clear language.

Ctranslates information security policies and standards into business requirements.

Drealigns information security objectives to organizational strategy.

Show Answer

Question: 5

Which of the following metrics is the BEST measure of the effectiveness of an information security program?

AReduction in the cost of risk remediation for an organization

BReduction in the number of vulnerabilities in an organization

CReduction in the amount of risk exposure in an organization

DReduction in the number of threats to an organization

Show Answer

Isaca CISM Quiz:33 Topic:3 Questions:161-165