CISM Question #824: Real Exam Question with Answer & Explanation

The correct answer is A: The baselines are proportionate to risk.. Security configuration baselines must be proportionate to risk to ensure controls are appropriate and cost-effective. Overly strict or insufficient baselines can either hinder operations or leave systems exposed, making risk proportionality the most important consideration.

Submitted by javi_es· Apr 18, 2026Information Security Risk Management

Question

Which of the following is the MOST important consideration when defining security configuration baselines?

Options

AThe baselines are proportionate to risk.
BThe baselines align with lines of business.
CThe baselines address known system vulnerabilities.
DThe baselines address applicable regulatory standards.

Explanation

Security configuration baselines must be proportionate to risk to ensure controls are appropriate and cost-effective. Overly strict or insufficient baselines can either hinder operations or leave systems exposed, making risk proportionality the most important consideration.

Topics

#Security baselines#Risk management#Security configurations#Control implementation

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions