File Info
| Exam | Certified Information Security Manager |
| Number | CISM |
| File Name | Financial.CISM.PracticeTest.2018-08-01.393q.tqb |
| Size | 2 MB |
| Posted | Aug 01, 2018 |
| Download | Financial.CISM.PracticeTest.2018-08-01.393q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following results from the risk assessment process would BEST assist risk management decision making?
- Control risk
- Inherent risk
- Risk exposure
- Residual risk
Correct answer: D
Explanation:
Residual risk provides management with sufficient information to decide to the level of risk that an organization is willing to accept. Control risk is the risk that a control may not succeed in preventing an undesirable event. Risk exposure is the likelihood of an undesirable event occurring. Inherent risk is an important factor to be considered during the risk assessment. Residual risk provides management with sufficient information to decide to the level of risk that an organization is willing to accept. Control risk is the risk that a control may not succeed in preventing an undesirable event. Risk exposure is the likelihood of an undesirable event occurring. Inherent risk is an important factor to be considered during the risk assessment.
Question 2
The decision on whether new risks should fall under periodic or event-driven reporting should be based on which of the following?
- Mitigating controls
- Visibility of impact
- Likelihood of occurrence
- Incident frequency
Correct answer: B
Explanation:
Visibility of impact is the best measure since it manages risks to an organization in the timeliest manner. Likelihood of occurrence and incident frequency are not as relevant. Mitigating controls is not a determining factor on incident reporting. Visibility of impact is the best measure since it manages risks to an organization in the timeliest manner. Likelihood of occurrence and incident frequency are not as relevant. Mitigating controls is not a determining factor on incident reporting.
Question 3
Risk acceptance is a component of which of the following?
- Assessment
- Mitigation
- Evaluation
- Monitoring
Correct answer: B
Explanation:
Risk acceptance is one of the alternatives to be considered in the risk mitigation process. Assessment and evaluation are components of the risk analysis process. Risk acceptance is not a component of monitoring. Risk acceptance is one of the alternatives to be considered in the risk mitigation process. Assessment and evaluation are components of the risk analysis process. Risk acceptance is not a component of monitoring.
