exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 111 discussion

Actual exam question from Isaca's CISM
Question #: 111
Topic #: 1
[All CISM Questions]

Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

  • A. Update the risk assessment framework.
  • B. Monitor the effectiveness of controls.
  • C. Review the risk probability and impact.
  • D. Review the inherent risk level.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Broesweelies
Highly Voted 8 months ago
Selected Answer: B
Monitoring the effectiveness of controls ensures that the implemented controls are working as intended and that the residual risk is still within the acceptable level. This process helps to identify if the controls need to be adjusted, replaced or removed. It is important to have a regular monitoring process in place to detect any changes in the threat environment or business operations that could impact the effectiveness of the controls.
upvoted 7 times
...
richck102
Most Recent 3 months, 2 weeks ago
B. Monitor the effectiveness of controls.
upvoted 1 times
...
jaiz
6 months, 1 week ago
Selected Answer: B
If the residual risk of a business activity is lower than the acceptable risk level, it means that the measures taken to reduce the risk are effective. The best course of action would be to monitor the risk, review the risk management strategy, communicate the results, and continuously improve the risk management strategy. This will help ensure that the risk remains at an acceptable level and the organization is prepared to manage any future risks that may arise.
upvoted 3 times
...
aokisan
8 months, 2 weeks ago
Selected Answer: C
residual risk is not controllable.
upvoted 1 times
dark_3k03r
4 months, 1 week ago
If the business activity residual risk is lower than the acceptable risk level, there is no need to review the risk probability and impact, as these factors have already been considered in the risk assessment. The focus should instead be on ensuring that the controls put in place to mitigate the risk are effective and continue to be monitored. This is why B is the correct answer.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago