CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 42
1. The MOST important function of a risk management program is to:
A) quantify overall risk.
B) minimize residual risk.
C) eliminate inherent risk.
D) maximize the sum of all annualized loss expectancies (ALEs).
2. Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A) Theft of purchased software
B) Power outage lasting 24 hours
C) Permanent decline in customer confidence
D) Temporary loss of e-mail due to a virus attack
3. Which of the following will BEST prevent external security attacks?
A) Static IP addressing
B) Network address translation
C) Background checks for temporary employees
D) Securing and analyzing system access logs
4. In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:
A) original cost to acquire.
B) cost of the software stored.
C) annualized loss expectancy (ALE).
D) cost to obtain a replacement.
5. A business impact analysis (BIA) is the BEST tool for calculating:
A) total cost of ownership.
B) priority of restoration.
C) annualized loss expectancy (ALE).
D) residual risk.
A) quantify overall risk.
B) minimize residual risk.
C) eliminate inherent risk.
D) maximize the sum of all annualized loss expectancies (ALEs).
2. Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A) Theft of purchased software
B) Power outage lasting 24 hours
C) Permanent decline in customer confidence
D) Temporary loss of e-mail due to a virus attack
3. Which of the following will BEST prevent external security attacks?
A) Static IP addressing
B) Network address translation
C) Background checks for temporary employees
D) Securing and analyzing system access logs
4. In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:
A) original cost to acquire.
B) cost of the software stored.
C) annualized loss expectancy (ALE).
D) cost to obtain a replacement.
5. A business impact analysis (BIA) is the BEST tool for calculating:
A) total cost of ownership.
B) priority of restoration.
C) annualized loss expectancy (ALE).
D) residual risk.
1. Right Answer: B
Explanation: A risk management program should minimize the amount of risk that cannot be otherwise eliminated or transferred; this is the residual risk to the organization.Quantifying overall risk is important but not as critical as the end result. Eliminating inherent risk is virtually impossible. Maximizing the sum of all ALEs is actually the opposite of what is desirable.
2. Right Answer: C
Explanation: A permanent decline in customer confidence does not lend itself well to measurement by quantitative techniques. Qualitative techniques are more effective in evaluating things such as customer loyalty and goodwill. Theft of software, power outages and temporary loss of e-mail can be quantified into monetary amounts easier than can be assessed with quantitative techniques.
3. Right Answer: B
Explanation: Network address translation is helpful by having internal addresses that are nonroutable. Background checks of temporary employees are more likely to prevent an attack launched from within the enterprise. Static IP addressing does little to prevent an attack. Writing all computer logs to removable media does not help in preventing an attack.
4. Right Answer: D
Explanation: The value of the server should be based on its cost of replacement. The original cost may be significantly different from the current cost and, therefore, not as relevant. The value of the software is not at issue because it can be restored from backup media. The ALE for all risks related to the server does not represent the server's value.
5. Right Answer: B
Explanation: A business impact analysis (BIA) is the best tool for calculating the priority of restoration for applications. It is not used to determine total cost of ownership, annualized loss expectancy (ALE) or residual risk to the organization.
Explanation: A risk management program should minimize the amount of risk that cannot be otherwise eliminated or transferred; this is the residual risk to the organization.Quantifying overall risk is important but not as critical as the end result. Eliminating inherent risk is virtually impossible. Maximizing the sum of all ALEs is actually the opposite of what is desirable.
2. Right Answer: C
Explanation: A permanent decline in customer confidence does not lend itself well to measurement by quantitative techniques. Qualitative techniques are more effective in evaluating things such as customer loyalty and goodwill. Theft of software, power outages and temporary loss of e-mail can be quantified into monetary amounts easier than can be assessed with quantitative techniques.
3. Right Answer: B
Explanation: Network address translation is helpful by having internal addresses that are nonroutable. Background checks of temporary employees are more likely to prevent an attack launched from within the enterprise. Static IP addressing does little to prevent an attack. Writing all computer logs to removable media does not help in preventing an attack.
4. Right Answer: D
Explanation: The value of the server should be based on its cost of replacement. The original cost may be significantly different from the current cost and, therefore, not as relevant. The value of the software is not at issue because it can be restored from backup media. The ALE for all risks related to the server does not represent the server's value.
5. Right Answer: B
Explanation: A business impact analysis (BIA) is the best tool for calculating the priority of restoration for applications. It is not used to determine total cost of ownership, annualized loss expectancy (ALE) or residual risk to the organization.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment