Isaca CISM Quiz 23 Topic 4 Questions 111-115

Question: 1

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

ASystem administrator

BAccess manager

CBusiness owner

DIT director

Show Answer

Question: 2

Which of the following information BEST supports risk management decision making?

AAverage cost of risk events

BResults of a vulnerability assessment

CEstimated savings resulting from reduced risk exposure

DQuantification of threats through threat modeling

Show Answer

Question: 3

Which of the following is the BEST way for an organization to determine the maturity level of its information security program?

AValidate the effectiveness of implemented security controls.

BTrack the trending of information security incidents.

CReview the results of information security awareness testing.

DBenchmark the information security policy against industry standards.

Show Answer

Question: 4

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

AMonitor the effectiveness of controls.

BReview the risk probability and impact.

CReview the inherent risk level.

DUpdate the risk assessment framework.

Show Answer

Question: 5

What is the PRIMARY responsibility of the security steering committee?

ASet direction and monitor performance.

BDevelop information security policy.

CProvide information security training to employees.

DImplement information security control.

Show Answer

Isaca CISM Quiz:23 Topic:4 Questions:111-115