Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

Benchmarking against industry peers

Categorizing information assets

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

It identifies appropriate follow-up work to address shortcomings in the plan.

It allows for greater participation and planning from the business side.

It helps in assessing the availability of compatible backup hardware.

It provides a low-cost method of assessing the BCP's completeness.

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Provide employee training on secure mobile device practices.

Implement a mobile device policy and standard.

Provide employee training on secure mobile device practices.

Implement a mobile device management (MDM) solution.

Require employees to install an effective anti-malware app.

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Evaluate the security posture of the organization.

Support business investments in security.

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application's security compliance?

During user acceptance testing (UAT)

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

Feedback from affected departments

Historical data from past incidents

Technical capabilities of the team

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Provide awareness training to staff responsible for wire transfers.

Temporarily suspend wire transfers for the organization.

Provide awareness training to the CEO for this type of phishing attack.

Provide awareness training to staff responsible for wire transfers.

Disable emails for staff responsible for wire transfers.

Which of the following is the BEST indication of an effective disaster recovery planning process?

Post-incident reviews are conducted after each event.

Hot sites are required for any declared disaster.

Chain of custody is maintained throughout the disaster recovery process.

Post-incident reviews are conducted after each event.

Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).

Which of the following is MOST important for the information security manager to include when presenting changes in the security risk profile to senior management?

Performance measures for existing controls

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

noted and re-examined later if similar weaknesses are found.

quickly resolved and eliminated regardless of cost.

tracked and reported on until their final resolution.

documented in security awareness programs.

noted and re-examined later if similar weaknesses are found.

The PRIMARY reason to properly classify information assets is to determine:

the appropriate protection based on sensitivity.

appropriate encryption strength using a risk-based approach.

the business impact if assets are compromised.

the appropriate protection based on sensitivity.

user access levels based on the need to know.

Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Define the organizational strategy.

Review current recovery policies.

Define the organizational strategy.

Prioritize the critical processes.

Review existing cyber insurance coverage.

Which of the following would be the GREATEST obstacle to implementing incident notification and escalation processes in an organization with high turnover?

Lack of knowledgeable personnel

Lack of communication processes

Lack of alignment with organizational goals

Which of the following processes is MOST important for the success of a business continuity plan (BCP)?

Involving all stakeholders in testing and training

Scheduling periodic internal and external audits

Including the board and senior management in plan reviews

Maintaining copies of the plan at the primary and recovery sites

When analyzing the emerging risk and threat landscape, an information security manager should FIRST:

determine the sources of emerging threats.

determine the impact if threats materialize.

determine the sources of emerging threats.

review historical threats within the industry.

map threats to business assets.

What should be the NEXT course of action when an information security manager has identified a department that is repeatedly not following the security policy?

Report the policy violation to senior management.

Perform a vulnerability assessment on the systems within the department.

Introduce additional controls to force compliance with policy.

Require department users to repeat security awareness training.

Report the policy violation to senior management.

Which of the following is the MOST important characteristic of an effective information security metric?

The metric expresses residual risk relative to risk tolerance.

The metric is frequently reported to senior management.

The metric directly maps to an industry risk management framework.

The metric compares the organization's inherent risk against its risk appetite.

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Assess changes in the risk profile.

Activate the disaster recovery plan (DRP).

Invoke the incident response plan.

Conduct security awareness training.

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

Resolve the discrepancy before developing the standards.

Align the standards with the organizational policy.

Align the standards with industry best practices.

Resolve the discrepancy before developing the standards.

Perform a cost-benefit analysis of aligning the standards to policy.

Which of the following metrics would provide an accurate measure of an information security program's performance?

A collection of qualitative indicators that accurately measure security exceptions

A combination of qualitative and quantitative trends that enable decision making

A collection of quantitative indicators that are compared against industry benchmarks

A single numeric score derived from various measures assigned to the security program

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

To prevent accountability issues

To ensure separation of duties is maintained

To ensure system audit trails are not bypassed

To prevent accountability issues

To prevent unauthorized user access

Identifying which of the following BEST enables a cyberattack to be contained?

The segment targeted by the attack

The vulnerability exploited by the attack

The segment targeted by the attack

The IP address of the computer that launched the attack

The threat actor that initiated the attack

Which of the following should be done FIRST when a SIEM flags a potential event?

Validate the event is not a false positive.

Initiate the incident response plan.

Escalate the event to the business owner.

Implement compensating controls.

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Develop a project plan to implement the strategy.

Obtain consensus on the strategy from the executive board.

Review alignment with business goals.

Define organizational risk tolerance.

Develop a project plan to implement the strategy.

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Engage business process owners.

Evaluate the results of business continuity testing.

Review key performance indicators (KPIs).

Evaluate the business impact of incidents.

Engage business process owners.

An organization is selecting security metrics to measure security performance, and a firewall specialist suggests tracking the number of external attacks blocked by the firewalls. Which of the following is the GREATEST concern with using this metric?

The number of blocked external attacks is not representative of the true threat profile.

The number of blocked external attacks will vary by month, causing inconsistent graphs.

The number of blocked external attacks is an indicator of the organization's popularity.

The number of blocked external attacks over time does not explain the attackers' motivations.

Which of the following provides the MOST effective response against ransomware attacks?

Effective backup plans and processes

Automatic quarantine of systems

Effective backup plans and processes

Which of the following is the BEST tool to use for identifying and correlating intrusion attempt alerts?

Host intrusion detection system

Network intrusion detection system

An incident response policy should include:

A description of testing methodology.

Recovery time objectives (RTOs).

Which of the following is the BEST way to compete for funding for an information security program in an organization with limited resources?

Demonstrate that the program enables business activities.

Demonstrate the effectiveness of business continuity plans (BCPs).

Report key performance indicator (KPI) trends.

Demonstrate that the program enables business activities.

Provide evidence of increased security events at peer organizations.

Isaca CISM Practice Test 20 - Free Online Exam Prep & Questions

Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:

Become a Premium Member for full access

Unlock Premium Member

Isaca CISM Practice Test 20

Question

Isaca CISM Practice Tests

Practice Tests