ExamGecko
Search Search Login
Home Home / CompTIA / PK0-005
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

During a gate review meeting, the deliverable was rejected by the customer. INSTRUCTIONS Review the dashboard. • Part 1: Drag and drop each task, placing them in the correct order based on the project change control process. • Part 2: Select the proper document(s) to be updated. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Part 1: Part 2:
Two team members have a minor disagreement on how a task should be performed. The project manager plans to meet with the team members to discuss the matter. Which of the following techniques should the project manager use to emphasize the areas of agreement and downplay the opposing views?
By developing a project schedule, a PM has already validated the constraints, outlined the duration of the tasks and the phases, and confirmed the proper sequence and flow of the project. Which of the following activities still needs to be performed to complete the schedule?
During a sponsor meeting, a PM is assigned to manage a new external project for an IT consultant. The sponsor wants the PM to establish an agreement regarding the exchange of money between both parties. Which of the following documents would the PM most likely create?
A developer recommends modifying an existing portion of code that is not part of the scope and is causing low performance on the current solution. Which of the following actions should the project manager most likely take?
During a code implementation, a senior developer and junior tester are discussing the testing scenarios that were performed. A major malfunction resulted in an inoperative product condition. As a result, the team was forced to work until midnight to restore operations. Which of the following should the PM have generated FIRST to alleviate the impact of this issue prior to deployment?
Two team members have a minor disagreement on how a task should be performed. The project manager plans to meet with the team members to discuss the matter. Which of the following techniques should the project manager use to emphasize the areas of agreement and downplay the opposing views?
Which of the following describes three-tier architecture?
As a result of lessons learned, a project manager convenes a meeting to understand the poor quality of the project documentation. During the meeting, project team members provide insights from their perspectives and discussions with group members. Which of the following is the project team doing?
Which of the following is the best example of a breach of physical security?

Question 100 - PK0-005 discussion

Report
Export

Which of the following should be the PRIMARY basis for establishing metrics that measure the effectiveness of an information security program?

A.
Residual risk
Answers
A.
Residual risk
B.
Regulatory requirements
Answers
B.
Regulatory requirements
C.
Risk tolerance
Answers
C.
Risk tolerance
D.
Control objectives
Answers
D.
Control objectives
Suggested answer: D

Explanation:

Control objectives are the desired outcomes or goals of implementing security controls to mitigate risks and protect information assets. Control objectives should be the primary basis for establishing metrics that measure the effectiveness of an information security program, as they align with the business objectives, requirements, and expectations of the organization and its stakeholders. Metrics based on control objectives can help to evaluate the performance, efficiency, and maturity of the security program, and to identify gaps, issues, and areas for improvement. The other options are not correct because:

Residual risk is the remaining risk after applying security controls. Residual risk is not a basis for establishing metrics, but rather a result of measuring the effectiveness of security controls. Residual risk should be monitored and reported, but it does not define the desired outcomes or goals of the security program.

Regulatory requirements are the external standards, laws, and regulations that the organization must comply with to avoid legal or financial penalties. Regulatory requirements are not a basis for establishing metrics, but rather a constraint or a driver for the security program. Metrics based on regulatory requirements can help to demonstrate compliance, but they may not reflect the actual effectiveness or efficiency of the security program.

Risk tolerance is the level of risk that the organization is willing to accept or bear. Risk tolerance is not a basis for establishing metrics, but rather a factor or an input for the security program. Metrics based on risk tolerance can help to prioritize and allocate resources, but they may not measure the actual outcomes or goals of the security program.Reference=Key Performance Indicators for Security Governance, Part 1;14 Cybersecurity Metrics + KPIs You Must Track in 2023;KPIs in Information Security: The 10 Most Important Security Metrics;Why metrics are crucial to proving cybersecurity programs' value;Implementing and Maintaining Security Program Metrics

Show Answer
asked 02/10/2024
Pichai Chaipoon
43 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms