CMA Risk Management & Security Architecture

Question 1

In security architecture, which framework published by NIST provides a risk-based approach to managing cybersecurity risk through five core functions: Identify, Protect, Detect, Respond, and Recover?

Accepted Answer

NIST Cybersecurity Framework (CSF)

Answer

NIST SP 800-53

Answer

ISO/IEC 27001

Answer

COBIT 2019

Question 2

Which risk treatment option involves shifting the financial impact of a risk to a third party, such as through cyber insurance?

Accepted Answer

Risk Transfer

Answer

Risk Avoidance

Answer

Risk Mitigation

Answer

Risk Acceptance

Question 3

A CMA architect is designing a system with the requirement that no single failure should cause complete service unavailability. Which security and resilience principle addresses this?

Accepted Answer

Single Point of Failure Elimination

Answer

Least Privilege

Answer

Defense in Depth

Answer

Separation of Duties

Question 4

Which formula correctly represents the basic calculation of risk in a risk management context?

Accepted Answer

Risk = Threat × Vulnerability × Impact

Answer

Risk = Threat × Vulnerability

Answer

Risk = Impact + Likelihood

Answer

Risk = Asset Value / Control Effectiveness

Question 5

In the SABSA security architecture framework, which layer defines the business context and security policies at the executive stakeholder level?

Accepted Answer

Contextual Layer

Answer

Conceptual Layer

Answer

Logical Layer

Answer

Physical Layer

Question 6

Which US federal regulation requires organizations handling protected health information (PHI) to implement technical, physical, and administrative security safeguards?

Accepted Answer

HIPAA Security Rule

Answer

SOX

Answer

FISMA

Answer

GLBA