exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 1119 discussion

Actual exam question from Isaca's CISM
Question #: 1119
Topic #: 1
[All CISM Questions]

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

  • A. Reviewing mitigating and compensating controls for each risk scenario
  • B. Mapping the risk scenarios by likelihood and impact on a chart
  • C. Performing a risk assessment on the IaaS provider
  • D. Mapping risk scenarios according to sensitivity of data
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
helg420
3 months, 3 weeks ago
Selected Answer: B
Mapping risk scenarios by their likelihood and impact provides a visual representation (heat map) that makes it easier to compare the range and severity of risks associated with each option. C addresses only half of the comparison.
upvoted 1 times
...
Y0GA
3 months, 4 weeks ago
Selected Answer: B
To add to the confusion, here is GPT4o and GPT4 explaining why it's not C: (1) Comparative Analysis: Mapping risk scenarios by likelihood and impact allows for a direct comparison between the risks associated with the IaaS provider and those of internal hosting. This visual comparison helps management understand the relative severity of different risks in both contexts. (2) Holistic View: A risk assessment on the IaaS provider (option C) focuses solely on the external provider's risks, without directly comparing them to internal risks. Option B, on the other hand, includes both internal and external risk scenarios on the same chart, offering a holistic view. (3) Decision-Making: Management can make more informed decisions when they see how risks compare in terms of both likelihood and impact. This approach supports strategic decision-making by clearly showing which environment (IaaS or internal) presents higher or lower risks. GPT3.5 said C. Anyone have any quotes from the ISACA book to determine if its C or B?
upvoted 1 times
...
shootnot
3 months, 4 weeks ago
Selected Answer: B
question is about the 'method' of comparing risk scenarios. C would only give risk but nothing to compare to decision making
upvoted 2 times
...
ats20
6 months ago
Selected Answer: C
Risk assessment
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago