CISM domain 2 tests Q/A 100% Verified and Updated

CISM domain 2 tests Q/A 100% Verified and Updated An information security manager performing a security review determines that compliance with access control policies to the data center is inconsistent across employees. The FIRST step to address this issue should be to: - Answer️️ -assess the risk of noncompliance. The information security manager should treat regulatory compliance requirements as: - Answer️️ -just another risk. Management decided that the organization will not achieve compliance with a recently issued set of regulations. Which ofthe following is the MOST likely reason for the decision? - Answer️️ -the cost of compliance exceeds the cost of possible sanctions. The value of information assets is BEST determined by: - Answer️️ -individual business managers It is important to classify and determine relative sensitivity of assets to ensure that: - Answer️️ -countermeasures are proportional to risk. When performing an information risk analysis, an information security manager should FIRST: - Answer️️ -take an asset inventory. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 The PRIMARY benefit of performing an information asset classification is to: - Answer️️ -identify controls commensurate (съизмерими) to risk. Which program element should be implemented FIRST in asset classification and control? - Answer️️ -valuation When performing a risk assessment, the MOST important consideration is that: - Answer️️ -assets have been identified and appropriately valued. The MAIN reason why asset classification is important to a successful information security program is because classification determines: - Answer️️ -the appropriate level of protection to the asset. Who is responsible for ensuring that information is classified? - Answer️️ -data owner The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for: - Answer️️ -defining the level of access controls. Which of the following would govern which information assets need more protection than other information assets? - Answer️️ -data classification ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 Which of the following is the MOST important to keep in mind when assessing the value of information? - Answer️️ -the potential financial loss The information classification scheme should: - Answer️️ -consider possible impact of a security breach. After performing an asset classification, the information security manager is BEST able to determine the: - Answer️️ -impact of a compromise. In controlling information leakage, management should FIRST establish: - Answer️️ -an information classification process. Which of the following BEST supports the principle of security proportionality? - Answer️️ -asset classification The value of tangible assets can be BEST determined by which of the following? - Answer️️ -the market value minus the book value Which of the following is MOST important to achieve proportionality in the protection of enterprise information systems? - Answer️️ -asset cl