exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 321 discussion

Actual exam question from Isaca's CISM
Question #: 321
Topic #: 1
[All CISM Questions]

Which of the following is the PRIMARY driver for determining the classification of application systems?

  • A. The cost of repairing damage to system elements
  • B. The extent that compromise can affect revenue
  • C. The cost to implement regulatory requirements
  • D. Controlling access based on the need to know
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
aokisan
Highly Voted 2 years ago
Selected Answer: B
this question is ambiguous. But classification should be judged by an influence.
upvoted 5 times
...
ServerBrain
Most Recent 2 months, 1 week ago
Selected Answer: B
B, the business impact
upvoted 1 times
...
oluchecpoint
1 year, 3 months ago
B. The extent that compromise can affect revenue. Classifying application systems is often based on the potential impact of a security breach or compromise. Assessing how a compromise could affect revenue, reputation, data integrity, and other critical business factors helps organizations prioritize their security efforts and allocate resources accordingly. While the other factors mentioned (cost of repairing damage, cost to implement regulatory requirements, and controlling access based on the need to know) are important considerations in information security, they are usually secondary to the primary goal of protecting the organization's revenue and core business functions.
upvoted 1 times
...
[Removed]
1 year, 4 months ago
According to the CISM Review Manual, 15th Edition: "Information security policies must address asset classification and handling, including the definition and relative hierarchy of classifications... Organizations should also implement procedures to address authorization based on a need-to-know/need-to-use basis, especially for highly sensitive data."
upvoted 2 times
[Removed]
1 year, 4 months ago
So D is the right answer
upvoted 1 times
...
...
wello
1 year, 6 months ago
Selected Answer: B
The extent that compromise can affect revenue
upvoted 2 times
...
richck102
1 year, 6 months ago
B. The extent that compromise can affect revenue
upvoted 2 times
...
sedardna
1 year, 7 months ago
Selected Answer: B
es loa mas razonable
upvoted 2 times
...
dedfef
1 year, 8 months ago
Selected Answer: B
obviously b
upvoted 2 times
...
jaiz
1 year, 9 months ago
Selected Answer: B
Agree with B
upvoted 2 times
...
kortcl
1 year, 9 months ago
To me, the answer should be B. Classifications shouldn't necessarily determine need to know access. But, classifying systems can show the extent that compromise could impact the company.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago