ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 250 discussion

Actual exam question from Isaca's CISM
Question #: 250
Topic #: 1
[All CISM Questions]

Following a significant change to the underlying code of an application, it is MOST important for the information security manager to:

  • A. inform senior management.
  • B. update the risk assessment.
  • C. validate the user acceptance testing (UAT).
  • D. modify key risk indicators (KRIs).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by eparamo at Dec. 28, 2019, 3:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
eparamo
Highly Voted 4 years ago
It should be “b”
upvoted 26 times
...
JoniM
Highly Voted 3 years, 4 months ago
"B" appears correct to me as opposed to "A". I'm getting less confident about Exam Topics quality assurance.
upvoted 17 times
...
Learner76
Most Recent 1 month ago
B - I don't see how this can be a D
upvoted 1 times
...
oluchecpoint
4 months, 1 week ago
B. update the risk assessment. Updating the risk assessment is crucial because it allows the organization to identify and evaluate any new security risks or vulnerabilities introduced by the code change. This ensures that the security posture of the application remains current and effective. While the other options are also important, such as informing senior management, validating UAT, and modifying key risk indicators, they should be considered as complementary actions rather than the most critical one in the context of security. Updating the risk assessment provides a foundation for making informed decisions regarding the other actions.
upvoted 2 times
...
wello
7 months, 1 week ago
Selected Answer: B
A significant change to the underlying code of an application can introduce new vulnerabilities, risks, and potential security issues. Therefore, it is crucial for the information security manager to update the risk assessment to reflect the changes and assess the impact on the overall security posture of the application.
upvoted 2 times
...
richck102
7 months, 1 week ago
B. update the risk assessment.
upvoted 1 times
...
dark_3k03r
10 months ago
Selected Answer: B
(A) This is only done after the risk assessment (B) It's a risk assessment that needs to occur cause risk is based on impact and probability, both which are based on the attack surface which of course is based on the functionality of the app. This is what has changed and needs to be reflected in the risk assessment (C) Information security should be focused on UAT that's a developer role (D) KRI probable but unlikely.
upvoted 4 times
...
baranikumar_v
1 year ago
B. Risk assessment as the underlying code has changed significantly.
upvoted 1 times
...
D2D2
1 year, 1 month ago
Selected Answer: B
Should be B
upvoted 3 times
...
neji
1 year, 11 months ago
Selected Answer: B
B is the right answer
upvoted 3 times
...
AnderV
2 years, 3 months ago
I think there's no better answer than A. INFOSEC manager dont update but perform risk assessment. I am not sure how risk assessment can be updated, it is the risk register that we need to update.
upvoted 1 times
...
Roy34
2 years, 8 months ago
update risk assessment due to changes
upvoted 1 times
...
Hannibal99
2 years, 9 months ago
right answer : B. update the risk assessment
upvoted 2 times
...
AJ_123
3 years, 5 months ago
Agree B is the correct answer
upvoted 3 times
...
Ndy
3 years, 6 months ago
B is the answer
upvoted 4 times
...
matt6558
3 years, 6 months ago
should be b
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago