CISM Risk Domain Exam Questions &
Answers (Grade A+)
Security Review -
correct answer ✅Used to determine the current state of security
for various program components.
Impact Analysis -
correct answer ✅Determine potential impact in the event of the
loss of a resource
Threat Assessment -
correct answer ✅Evaluate the type, scope and nature of events or
actions that can result in adverse consequences; identification is
made of the threats that exist against enterprise assets.
FIRST step in effectively integrating risk management into business
processes? -
correct answer ✅Analyzing the workflow will be essential to
understanding process vulnerabilities and where risk may exist in
integrating risk management into business processes.
Change Management -
correct answer ✅Overall process to assess and control risk
scenarios introduced by changes.
,CISM Risk Domain Exam Questions &
Answers (Grade A+)
Goal of Threat Analysis -
correct answer ✅Understand how the enterprise is positioned in
the threat landscape. Threat analysis also supports decisions to
prioritize control activities to mitigate the most critical risk. Threat
analysis is an important factor in calculating risk value.
Intrinsic Risk -
correct answer ✅Result of underlying internal and external factors
that are not readily subject to controls.
Systemic Risk -
correct answer ✅Collapse of an entire system as a result of the risk
imposed by system interdependencies.
Residual Risk -
correct answer ✅Risk to an enterprise as a result of its internal
and external operations. Risk after apply controls.
Operational Risk -
correct answer ✅risk to an enterprise as a result of its internal and
external operations such Denial of Service.
,CISM Risk Domain Exam Questions &
Answers (Grade A+)
Asset Valuation -
correct answer ✅Provides a cost representation of what the
enterprise stands to lose in the event of a major compromise.
Cross-Site Request Forgery Attack -
correct answer ✅XSRF exploits inadequate authentication
mechanisms in web applications that rely only on elements such as
cookies when performing a transaction. It is a type of website
attack in which unauthorized commands are transmitted from a
trusted user. Cross-site scripting attacks inject malformed input.
Security Gap Analysis -
correct answer ✅Process that measures all security controls in
place against control objectives, which will identify gaps.
Objective of a vulnerability assessment -
correct answer ✅A vulnerability assessment identifies
vulnerabilities so that they may be considered for mitigation. By
giving management a complete picture of the vulnerabilities that
exist, a vulnerability assessment program allows management to
prioritize those vulnerabilities deemed to pose the greatest risk.
, CISM Risk Domain Exam Questions &
Answers (Grade A+)
Vulnerabilities -
correct answer ✅ulnerabilities uncovered should be evaluated and
prioritized based on whether there is a credible threat, the impact
if the vulnerability is exploited, and the cost of mitigation. If there is
a potential threat but little or no impact if the vulnerability is
exploited, the risk is less and may not require controls to address it.
Gap Analysis -
correct answer ✅A gap analysis documents the tasks that must be
completed to move from the current state to the desired state, and
the level of effort may readily be determined. A gap analysis is
required for various components of the strategy previously
discussed, such as maturity levels, each control objective, and each
risk and impact objective.
At what point should a risk assessment of a new process occur to
determine appropriate controls? It should occur -
correct answer ✅throughout the entire life cycle of the process. A
risk assessment should be conducted throughout the entire life
cycle of a new or changed process. This allows an understanding of
how implementation of an early control will affect control needs
later.
Answers (Grade A+)
Security Review -
correct answer ✅Used to determine the current state of security
for various program components.
Impact Analysis -
correct answer ✅Determine potential impact in the event of the
loss of a resource
Threat Assessment -
correct answer ✅Evaluate the type, scope and nature of events or
actions that can result in adverse consequences; identification is
made of the threats that exist against enterprise assets.
FIRST step in effectively integrating risk management into business
processes? -
correct answer ✅Analyzing the workflow will be essential to
understanding process vulnerabilities and where risk may exist in
integrating risk management into business processes.
Change Management -
correct answer ✅Overall process to assess and control risk
scenarios introduced by changes.
,CISM Risk Domain Exam Questions &
Answers (Grade A+)
Goal of Threat Analysis -
correct answer ✅Understand how the enterprise is positioned in
the threat landscape. Threat analysis also supports decisions to
prioritize control activities to mitigate the most critical risk. Threat
analysis is an important factor in calculating risk value.
Intrinsic Risk -
correct answer ✅Result of underlying internal and external factors
that are not readily subject to controls.
Systemic Risk -
correct answer ✅Collapse of an entire system as a result of the risk
imposed by system interdependencies.
Residual Risk -
correct answer ✅Risk to an enterprise as a result of its internal
and external operations. Risk after apply controls.
Operational Risk -
correct answer ✅risk to an enterprise as a result of its internal and
external operations such Denial of Service.
,CISM Risk Domain Exam Questions &
Answers (Grade A+)
Asset Valuation -
correct answer ✅Provides a cost representation of what the
enterprise stands to lose in the event of a major compromise.
Cross-Site Request Forgery Attack -
correct answer ✅XSRF exploits inadequate authentication
mechanisms in web applications that rely only on elements such as
cookies when performing a transaction. It is a type of website
attack in which unauthorized commands are transmitted from a
trusted user. Cross-site scripting attacks inject malformed input.
Security Gap Analysis -
correct answer ✅Process that measures all security controls in
place against control objectives, which will identify gaps.
Objective of a vulnerability assessment -
correct answer ✅A vulnerability assessment identifies
vulnerabilities so that they may be considered for mitigation. By
giving management a complete picture of the vulnerabilities that
exist, a vulnerability assessment program allows management to
prioritize those vulnerabilities deemed to pose the greatest risk.
, CISM Risk Domain Exam Questions &
Answers (Grade A+)
Vulnerabilities -
correct answer ✅ulnerabilities uncovered should be evaluated and
prioritized based on whether there is a credible threat, the impact
if the vulnerability is exploited, and the cost of mitigation. If there is
a potential threat but little or no impact if the vulnerability is
exploited, the risk is less and may not require controls to address it.
Gap Analysis -
correct answer ✅A gap analysis documents the tasks that must be
completed to move from the current state to the desired state, and
the level of effort may readily be determined. A gap analysis is
required for various components of the strategy previously
discussed, such as maturity levels, each control objective, and each
risk and impact objective.
At what point should a risk assessment of a new process occur to
determine appropriate controls? It should occur -
correct answer ✅throughout the entire life cycle of the process. A
risk assessment should be conducted throughout the entire life
cycle of a new or changed process. This allows an understanding of
how implementation of an early control will affect control needs
later.
