CISM Test Bank Quiz With Complete Solution
The PRIMARY selection criterion for an offsite media storage facility is:
Select an answer:
A. that the primary and offsite facilities not be subject to the same environmental
disasters.
B. that the offsite storage facility be in close proximity to the primary site.
C. the overall storage and maintenance costs of the offsite facility.
D. the availability of cost-effective media transportation services.>>> You are correct,
the answer is A.
It is important to prevent a disaster that could affect both sites. The distance between
sites may be important in cases of widespread disasters; however, this is covered by
choice A. The costs should not be the primary criteria to selection. A cost-effective
media transport service may be a consideration, but is not the main concern.
In which of the following areas are data owners PRIMARILY responsible for establishing
risk mitigation?
Select an answer:
A. Platform security
B. Entitlement changes
C. Intrusion detection
D. Antivirus controls>>> You are correct, the answer is B.
Data owners are responsible for assigning user entitlements and approving access to
the systems for which they are responsible. Platform security, intrusion detection and
antivirus controls are all within the responsibility of the information security manager.
Which of the following is the BEST justification to convince management to invest in an
information security program?
Select an answer:
A. Cost reduction
B. Compliance with company policies
C. Protection of business assets
D. Increased business value>>> You answered C. The correct answer is D.
Investing in an information security program should increase business value and
confidence. Cost reduction by itself is rarely the motivator for implementing an
information security program. Compliance is secondary to business value. Increasing
business value may include protection of business assets.
To improve the security of an organization's human resources (HR) system, an
information security manager was presented with a choice to either implement an
additional packet filtering firewall OR a heuristics-based intrusion detection system
(IDS). How should the security manager with a limited budget choose between the two
technologies?
Select an answer:
A. Risk analysis
B. Business impact analysis (BIA)
C. Return on investment (ROI) analysis
D. Cost-benefit analysis>>> You answered A. The correct answer is D.
Cost-benefit analysis measures the cost of a safeguard versus the benefit it provides,
and does include risk assessment. The cost of a control should not exceed the benefit
to be derived from it. The degree of control employed is a matter of good business
judgment. Risk analysis identifies the risk and appropriate mitigation strategies. A BIA
identifies the impact from the loss of systems. ROI analysis compares the magnitude
and timing of investment gains directly with the magnitude and timing of investment
costs.
Category | Exams and Certifications |
Comments | 0 |
Rating | |
Sales | 0 |