CISM Domain 2 Exam Questions with Correct Answers

CISM Domain 2 Exam Questions with Correct Answers Which of the following should a successful information security management program use to determine the amount of resources devoted to mitigating exposures?(*) - Answer-risk analysis result In a Business Impact Analysis (BIA), the value of information system should be based on the overall: - Answer-opportunity cost Risk acceptance is a component of which of the following? - Answer-risk mitigation Which of the following risk scenarios would BEST be assessed using qualitative risk assessment techniques? - Answer-permanent decline in customer confidence Which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations? - Answer-change management procedures are poor. Which of the following is the PRIMARY reason for implementing a risk management program? A risk management program:(*) - Answer-is a necessary part of management's due diligence Which of the following is the MOST usable deliverable of an information security risk analysis? - Answer-list of action items to mitigate risk Information security managers should use risk assessment techniques to: - Answer-justify selection of risk mitigation strategies Which of the following is MOST essential when assessing risk?(*) - Answer-considering both monetary value and likelihood of loss The PRIMARY goal of a corporate risk management program is to ensure that an organization's: - Answer-stated objectives are achieved What is the PRIMARY objective of a risk management program? - Answer-achieve acceptable risk