CISM Domain 2 Tests Exam Questions
& Answers (Grade A+)
An information security manager performing a security review
determines that compliance with access control policies to the data
center is inconsistent across employees. The FIRST step to address
this issue should be to: -
correct answer ✅assess the risk of noncompliance.
The information security manager should treat regulatory
compliance requirements as: -
correct answer ✅just another risk.
Management decided that the organization will not achieve
compliance with a recently issued set of regulations. Which ofthe
following is the MOST likely reason for the decision? -
correct answer ✅the cost of compliance exceeds the cost of
possible sanctions.
The value of information assets is BEST determined by: -
correct answer ✅individual business managers
It is important to classify and determine relative sensitivity of assets
to ensure that: -
correct answer ✅countermeasures are proportional to risk.
,CISM Domain 2 Tests Exam Questions
& Answers (Grade A+)
When performing an information risk analysis, an information
security manager should FIRST: -
correct answer ✅take an asset inventory.
The PRIMARY benefit of performing an information asset
classification is to: -
correct answer ✅identify controls commensurate (съизмерими)
to risk.
Which program element should be implemented FIRST in asset
classification and control? -
correct answer ✅valuation
When performing a risk assessment, the MOST important
consideration is that: -
correct answer ✅assets have been identified and appropriately
valued.
The MAIN reason why asset classification is important to a
successful information security program is because classification
determines: -
correct answer ✅the appropriate level of protection to the asset.
, CISM Domain 2 Tests Exam Questions
& Answers (Grade A+)
Who is responsible for ensuring that information is classified? -
correct answer ✅data owner
The PRIMARY reason for assigning classes of sensitivity and
criticality to information resources is to provide a basis for: -
correct answer ✅defining the level of access controls.
Which of the following would govern which information assets
need more protection than other information assets? -
correct answer ✅data classification
Which of the following is the MOST important to keep in mind
when assessing the value of information? -
correct answer ✅the potential financial loss
The information classification scheme should: -
correct answer ✅consider possible impact of a security breach.
After performing an asset classification, the information security
manager is BEST able to determine the: -
correct answer ✅impact of a compromise.
& Answers (Grade A+)
An information security manager performing a security review
determines that compliance with access control policies to the data
center is inconsistent across employees. The FIRST step to address
this issue should be to: -
correct answer ✅assess the risk of noncompliance.
The information security manager should treat regulatory
compliance requirements as: -
correct answer ✅just another risk.
Management decided that the organization will not achieve
compliance with a recently issued set of regulations. Which ofthe
following is the MOST likely reason for the decision? -
correct answer ✅the cost of compliance exceeds the cost of
possible sanctions.
The value of information assets is BEST determined by: -
correct answer ✅individual business managers
It is important to classify and determine relative sensitivity of assets
to ensure that: -
correct answer ✅countermeasures are proportional to risk.
,CISM Domain 2 Tests Exam Questions
& Answers (Grade A+)
When performing an information risk analysis, an information
security manager should FIRST: -
correct answer ✅take an asset inventory.
The PRIMARY benefit of performing an information asset
classification is to: -
correct answer ✅identify controls commensurate (съизмерими)
to risk.
Which program element should be implemented FIRST in asset
classification and control? -
correct answer ✅valuation
When performing a risk assessment, the MOST important
consideration is that: -
correct answer ✅assets have been identified and appropriately
valued.
The MAIN reason why asset classification is important to a
successful information security program is because classification
determines: -
correct answer ✅the appropriate level of protection to the asset.
, CISM Domain 2 Tests Exam Questions
& Answers (Grade A+)
Who is responsible for ensuring that information is classified? -
correct answer ✅data owner
The PRIMARY reason for assigning classes of sensitivity and
criticality to information resources is to provide a basis for: -
correct answer ✅defining the level of access controls.
Which of the following would govern which information assets
need more protection than other information assets? -
correct answer ✅data classification
Which of the following is the MOST important to keep in mind
when assessing the value of information? -
correct answer ✅the potential financial loss
The information classification scheme should: -
correct answer ✅consider possible impact of a security breach.
After performing an asset classification, the information security
manager is BEST able to determine the: -
correct answer ✅impact of a compromise.
