New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 17 Discussion

Actual exam question for Isaca's CISM exam
Question #: 17
Topic #: 2
[All CISM Questions]

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lucy at May 08, 2022, 11:39 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Vanna
4 months ago
C is definitely not the primary basis, in my opinion.
upvoted 0 times
...
Breana
4 months ago
Surprised that people aren't considering D more seriously.
upvoted 0 times
...
Adolph
4 months ago
I think A is important too, though.
upvoted 0 times
...
Darrin
4 months ago
Totally agree, adverse effects matter most!
upvoted 0 times
...
Verlene
5 months ago
B seems like the most logical choice.
upvoted 0 times
...
Javier
5 months ago
Availability of resources seems less relevant, but I guess it could affect how we respond to incidents. I need to think this through more.
upvoted 0 times
...
Kimberlie
5 months ago
I feel like legal and regulatory requirements could play a big role too, but I’m leaning towards business impact as the main factor.
upvoted 0 times
...
Lilli
5 months ago
I'm not entirely sure, but I remember something about root cause analysis being important. It might help prioritize incidents.
upvoted 0 times
...
Lawrence
5 months ago
I think the primary basis should be the adverse effects on the business. That seems to align with what we practiced in class.
upvoted 0 times
...
Dylan
5 months ago
The part about needing to click to identify the control selector in SAP is interesting. I'll make a note of that, as it could be an easy mistake to make.
upvoted 0 times
...
Milly
5 months ago
Alright, I think I've got a handle on this. The key is recognizing that Cloud Service A is acting as both a cloud service and a cloud service consumer, so it forms a dependency on Cloud Service B. I'll need to calculate the combined availability based on that dependency.
upvoted 0 times
...
Jettie
5 months ago
I feel pretty confident about this one. Project metrics are all about measuring the success and efficiency of a project, so the decrease in those three factors would all be good examples. D is the way to go.
upvoted 0 times
...
Johnathon
5 months ago
This feels like a practice question we went over, but I get mixed up about the certificate authority stuff. It might be the first option, but I'm not confident.
upvoted 0 times
...
Micheal
5 months ago
This question seems straightforward, I think I can handle it.
upvoted 0 times
...

Save Cancel