exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 940 discussion

Actual exam question from Isaca's CISM
Question #: 940
Topic #: 1
[All CISM Questions]

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation of a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?

  • A. Deviation from risk management best practices
  • B. Impact on the risk culture
  • C. Inability to determine short-term impact
  • D. Impact on compliance risk
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Cyberbug2021
Highly Voted 9 months, 3 weeks ago
Selected Answer: D
Critical Monitoring process - Compliance Risk - such as SOX - its a financial institute
upvoted 6 times
...
shootnot
Most Recent 4 months ago
D- is a guaranteed consequence. All other choices are possible consequences.
upvoted 1 times
...
POWNED
7 months, 2 weeks ago
Selected Answer: C
Temporary is the key word in the question. If C stated Inability to determine impact I would lean twards D. But since the wording in C aligns with the key wording in the question the best answer for me is C.
upvoted 2 times
...
SHERLOCKAWS
9 months ago
Selected Answer: D
Based on experience, the GREATEST concern when modifying operational risk related controls would be the impact on compliance risk (which might or not include the concern for short-term impact). Financial institutions are usually under strict compliance requirements and is a major issue to consider. In such environments change management process is quite strict. Sorry just thought to share my 2 cents of wisdom for those interested.
upvoted 2 times
...
Soleandheel
9 months, 3 weeks ago
B. Impact on the risk culture....As a security manager, this would be the greatest concern for me because this could set a tone in the organizational culture where risk is not properly evaluated and key stakeholders are ignored in the process. This would be a huge concern for because it sets an unhealthy tone in the culture of organization which could lead to significant challenges for Information Security in the future.
upvoted 4 times
AlexJacobson
7 months, 2 weeks ago
What you just said has nothing to do with the culture, but more likely lack of proper risk management activities.
upvoted 1 times
...
...
richck102
10 months, 4 weeks ago
i still vote ....B. Impact on the risk culture
upvoted 2 times
...
koala_lay
11 months ago
Selected Answer: C
C. Inability to determine short-term impact. The temporary deactivation of a critical monitoring process due to the acceptance of an operational risk poses a significant concern for the information security manager. In this case, the information security manager may be unable to determine the immediate impact of the situation. Monitoring processes play a crucial role in identifying and responding to security incidents, vulnerabilities, or abnormal activities in a timely manner. By temporarily deactivating a critical monitoring process, the organization may lose visibility into potential security threats, breaches, or risks. This lack of visibility can hinder the ability to detect and respond to security incidents promptly, potentially leading to prolonged security breaches or increased damages.
upvoted 3 times
...
wickhaarry
11 months, 2 weeks ago
D. Impact on compliance risk
upvoted 3 times
...
CISSPST
11 months, 3 weeks ago
Selected Answer: C
This is a matter of exception to policy/compliance, not culture. Policy exceptions need to be supported by details of impact and risk, both usually calculated annually, not short-term. The unavailability of info on the short-term impact is the greatest challenge in this case.
upvoted 1 times
...
Oscar_Law
1 year ago
Should be C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago