exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 550 discussion

Actual exam question from Isaca's CISM
Question #: 550
Topic #: 1
[All CISM Questions]

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?

  • A. Gap analysis results
  • B. Risk register
  • C. Heat map
  • D. Risk assessment results
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
D2D2
Highly Voted 2 years, 3 months ago
Selected Answer: B
Comprehensive information = Risk register. RR is narrative of the current risk profile.
upvoted 9 times
Ziggybooboo
2 years, 3 months ago
Agreed
upvoted 2 times
...
...
ATT5832
Most Recent 4 months ago
Selected Answer: B
Answer B) The risk assessment feeds into the risk register.
upvoted 1 times
...
Booict
6 months, 3 weeks ago
Selected Answer: D
D - Risk assessments involve a detailed analysis and evaluation of risks, including their likelihood and impact, and often include the results of various risk identification and analysis techniques.
upvoted 1 times
...
Salilgen
1 year ago
Selected Answer: B
The risk register also contains information on accepted risks. This information help to define the risk profile. They are not available through a risk assessment
upvoted 1 times
...
oluchecpoint
1 year, 1 month ago
Selected Answer: B
Option B
upvoted 1 times
...
POWNED
1 year, 1 month ago
Selected Answer: D
Comprehensive= risk assessment • Risk Assessment - Identify, Analyze, evaluate effectiveness of implemented controls - Most comprehensive set of security requirements - Internal and external factors (threats, likelihood, vulnerabilities, exposure, and impact)
upvoted 3 times
...
koala_lay
1 year, 6 months ago
Selected Answer: B
The most comprehensive information related to an organization's current risk profile is the risk register. A risk register is a document or database that contains a comprehensive list of identified risks, along with information about their likelihood, potential impact, and mitigations. It provides a centralized source of information about the organization's risks, allowing for a systematic approach to risk management. It helps in understanding the nature and extent of the risks, facilitating effective decision-making and prioritization of risk mitigation strategies. While other options like gap analysis results, heat maps, and risk assessment results are useful for understanding specific aspects of an organization's risk profile, the risk register offers a more holistic view by capturing and organizing all relevant information about the identified risks.
upvoted 1 times
...
oluchecpoint
1 year, 6 months ago
Selected Answer: D
D. Risk assessment results The risk assessment results provide the most comprehensive information related to an organization's current risk profile. A risk assessment typically involves a systematic evaluation of potential risks, their likelihood, impact, and any existing controls or mitigation measures. This assessment provides a detailed and holistic view of an organization's risk landscape, including the identification of specific risks, their severity, and the effectiveness of existing control
upvoted 2 times
oluchecpoint
1 year, 1 month ago
Option B is the correct answer
upvoted 1 times
...
...
richck102
1 year, 8 months ago
B. Risk register
upvoted 1 times
...
karanvp
1 year, 8 months ago
Selected Answer: D
Comprehensive; hence Risk Assessment results
upvoted 1 times
...
wello
1 year, 9 months ago
Selected Answer: D
A risk assessment is a systematic process of identifying, analyzing, and evaluating risks within an organization. It involves assessing the likelihood and impact of risks, considering existing controls and vulnerabilities, and determining the overall risk level. The results of a risk assessment provide a comprehensive understanding of the organization's risk landscape, including the identified risks, their potential impact, likelihood, and prioritization. This information helps inform decision-making, risk mitigation strategies, and the development of appropriate controls. On the other hand, a risk register is a tool or document that captures and tracks identified risks, along with their characteristics and status. It serves as a repository of risk-related information but may not provide the same level of comprehensive analysis and evaluation as a risk assessment. Therefore, in terms of providing comprehensive information about an organization's risk profile, the risk assessment results are typically more comprehensive than a risk register.
upvoted 3 times
AaronS1990
1 year, 6 months ago
Cheers for the classic, misleading , two pages of shit from ChatGPT. Oh and you're wrong. It's B
upvoted 1 times
...
...
Dravidian
1 year, 10 months ago
Selected Answer: B
Key pointer in the question being "comprehensive" Risk register is much more detailed than an assessment report which is a summary.
upvoted 3 times
...
meelaan
1 year, 11 months ago
Selected Answer: D
Risk register would be elaborative....and to comprihand it we should assess the risk register...so D
upvoted 1 times
...
CarlPTY07
2 years ago
Selected Answer: B
The risk register, sometimes known as a risk ledger, is the primary business record in most risk management programs. A risk register is a listing of risks that have been identified. Typically, a risk register contains many items, including a description of the risk, the level and type of risk, and information about risk treatment decisions. Gregory, Peter H.; Gregory, Peter H.. CISM Certified Information Security Manager Bundle (p. 187). McGraw Hill LLC. Kindle Edition.
upvoted 1 times
...
bambs
2 years, 1 month ago
Selected Answer: D
A comprehensive risk assessment result provides the most comprehensive information related to an organization's current risk profile and is an essential tool for ensuring that the organization is prepared to manage and mitigate risks effectively.
upvoted 1 times
...
bambs
2 years, 1 month ago
Selected Answer: D
A comprehensive risk assessment result provides the most comprehensive information related to an organization's current risk profile and is an essential tool for ensuring that the organization is prepared to manage and mitigate risks effectively.
upvoted 1 times
...
Broesweelies
2 years, 1 month ago
Selected Answer: B
B. Risk register provides the most comprehensive information related to an organization's current risk profile. A risk register is a document or database that captures and tracks identified risks, their likelihood and impact, the existing controls in place to mitigate them, and the actions that are planned or in progress to address them. It provides a clear overview of all the risks that an organization is currently facing and helps to prioritize risk management efforts.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago