CISM Domain 2 Practice Questions and Answers (100% Pass)

©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM



CISM Domain 2 Practice Questions and Answers (100% Pass)


Which of the following should a successful information security management

program use to determine the amount of resources devoted to mitigating

exposures?(*) - Answer✔️✔️-risk analysis result


In a Business Impact Analysis (BIA), the value of information system should be

based on the overall: - Answer✔️✔️-opportunity cost


Risk acceptance is a component of which of the following? - Answer✔️✔️-risk

mitigation

Which of the following risk scenarios would BEST be assessed using qualitative

risk assessment techniques? - Answer✔️✔️-permanent decline in customer

confidence

Which of the following situations presents the GREATEST information security

risk for an organization with multiple, but small, domestic processing locations? -

Answer✔️✔️-change management procedures are poor.


Which of the following is the PRIMARY reason for implementing a risk

management program? A risk management program:(*) - Answer✔️✔️-is a

necessary part of management's due diligence


1

,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


Which of the following is the MOST usable deliverable of an information security

risk analysis? - Answer✔️✔️-list of action items to mitigate risk


Information security managers should use risk assessment techniques to: -

Answer✔️✔️-justify selection of risk mitigation strategies


Which of the following is MOST essential when assessing risk?(*) - Answer✔️✔️-

considering both monetary value and likelihood of loss

The PRIMARY goal of a corporate risk management program is to ensure that an

organization's: - Answer✔️✔️-stated objectives are achieved


What is the PRIMARY objective of a risk management program? - Answer✔️✔️-

achieve acceptable risk

What is the PRIMARY benefit of performing an information asset

classification?(*) - Answer✔️✔️-it identifies controls commensurate with impact


Which of the following is MOST essential for a risk management program to be

effective?(*) - Answer✔️✔️-detection of new risk


Which of the following steps in conduction risk assessment should be performed

FIRST?(*) - Answer✔️✔️-identify business assets




2

, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM


In conducting an initial technical vulnerability assessment, which of the following

choices should receive top priority?(*) - Answer✔️✔️-systems covered by business

interruption insurance

What is the PRIMARY purpose of using risk analysis within a security program? -

Answer✔️✔️-the risk analysis helps assess exposures and plan remediation


What mechanism should be used to identify deficiencies that would provide

attackers with an opportunity to compromise a computer system?(*) - Answer✔️✔️-

security gap analysis

Which of the following would BEST address the risk of data leakage? -

Answer✔️✔️-acceptable use policies


A company recently developed a breakthrough technology. Because this

technology could give this company a significant competitive edge, which of the

following would FIRST govern how this information to be protected? -

Answer✔️✔️-data classification policy


Which of the following is the BEST basis for determining the criticality and

sensitivity of information assets? - Answer✔️✔️-an impact assessment


Which program element should be implemented FIRST in asset classification and

control?(*) - Answer✔️✔️-valuation


3