ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 603 discussion

Actual exam question from Isaca's CISM
Question #: 603
Topic #: 1
[All CISM Questions]

A penetration test of a new system has identified a number of critical vulnerabilities, jeopardizing the go-live date. The information security manager is asked by the system owner to approve an exception to allow the system to be implemented without fixing the vulnerabilities. Which of the following is the MOST appropriate course of action?

  • A. Implement a log monitoring process.
  • B. Perform a risk assessment.
  • C. Develop a set of compensating controls.
  • D. Approve and document the exception.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Souvik124 at Feb. 17, 2023, 5:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CarlLimps
Highly Voted 1 year, 4 months ago
Selected Answer: B
Per CRISC manual pg. 53 - ISO/IEC Process steps, specifically Risk Assessment - Risk assessment determines the value of the info assets, identifies the applicable threats and vulns that exist, identifies the consequences and prioritizes the derived risk and ranks it against the risk evaluation criteria st in the context establishment. This process consists of risk identification, risk analysis and risk evaluation.
upvoted 5 times
...
d7a2ba6
Most Recent 3 weeks, 3 days ago
Selected Answer: C
You do B FIRST, but the MOST appropriate is to have at least some compensating controls.
upvoted 1 times
...
Salilgen
4 months ago
Selected Answer: B
Rather than develop compensatory controls (option C), I then install the fix
upvoted 1 times
...
REHAMAZZAM
5 months ago
Selected Answer: B
B. Perform a risk assessment
upvoted 1 times
...
richck102
1 year ago
B. Perform a risk assessment.
upvoted 1 times
...
CarlLimps
1 year, 4 months ago
Selected Answer: C
I like C - Develop a set of compensating controls. I'm not sure what the risk assessment would be completed on, or what the scope would be cause you just did a vuln assessment. I really don't like any of the answers, I'd prefer to tell the app owner to go pound sand, but that wouldn't be very leader like. The most helpful/leader-like answer would be to develop compensating controls. My 2 cents.
upvoted 1 times
CarlLimps
1 year, 4 months ago
I changed my mind. The answer is B. perform a risk assessment. A better answer would be to conduct a risk analysis. Per CRISC manual pg. 53 - ISO/IEC Process steps, specifically Risk Assessment - Risk assessment determines the value of the info assets, identifies the applicable threats and vulns that exist, identifies the consequences and prioritizes the derived risk and ranks it against the risk evaluation criteria st in the context establishment. This process consists of risk identification, risk analysis and risk evaluation.
upvoted 1 times
...
...
Souvik124
1 year, 4 months ago
The most appropriate course of action for an information security manager who has been asked to approve an exception to allow a new system to be implemented without fixing critical vulnerabilities identified during a penetration test is to perform a risk assessment.
upvoted 1 times
AlexJacobson
5 months, 2 weeks ago
Congratulations! Your comments are consistently the most useless word- and time-wasting word soups. You literally take a question and "bolt on" the answer ChatGPT (most likely) spews out.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago