CISM 試験問題を無料オンラインアクセス

Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?

• A.Regulatory requirements
• B.Vulnerability assessment
• C.Enterprise goals
• D.Industry best practices

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

• A.Mapping risk scenarios according to sensitivity of data
• B.Performing a risk assessment on the laaS provider
• C.Mapping the risk scenarios by likelihood and impact on a chart
• D.Reviewing mitigating and compensating controls for each risk scenario

Which of the following defines the MOST comprehensive set of security requirements for a newly developed information system?

• A.Baseline controls
• B.Risk assessment results
• C.Audit findings
• D.Key risk indicators (KRIs)

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?

• A.Impact on compliance risk.
• B.Deviation from risk management best practices
• C.Impact on the risk culture.
• D.Inability to determine short-term impact.

Which of the following BEST provides an information security manager with sufficient assurance that a service provider complies with the organization's information security requirements?

• A.Third-party security control self-assessment (CSA) results
• B.Alive demonstration of the third-party supplier's security capabilities
• C.An independent review report indicating compliance with industry standards
• D.The ability to i third-party supplier's IT systems and processes