Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Create an inventory of systems where personal data is stored.

Evaluate privacy technologies required for data protection.

Encrypt all personal data stored on systems and networks.

Update disciplinary processes to address privacy violations.

Create an inventory of systems where personal data is stored.

Which of the following BEST indicates that information security governance and corporate governance are integrated?

The information security steering committee is composed of business leaders.

The information security team is aware of business goals.

The board is regularly informed of information security key performance indicators (KPIs),

The information security steering committee is composed of business leaders.

A cost-benefit analysis is conducted on all information security initiatives.

Which of the following should be the PRIMARY objective of the information security incident response process?

Minimizing negative impact to critical operations

Communicating with internal and external parties

Minimizing negative impact to critical operations

Which of the following is the BEST way to ensure the organization's security objectives are embedded in business operations?

Implement an information security governance framework.

Publish adopted information security standards.

Perform annual information security compliance reviews.

Implement an information security governance framework.

Define penalties for information security noncompliance.

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Determine current and desired state of controls.

Review contracts and statements of work (SOWs) with vendors.

Implement data regionalization controls.

Determine current and desired state of controls.

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Require staff to participate in information security awareness training.

Communicate disciplinary processes for policy violations.

Require staff to participate in information security awareness training.

Require staff to sign confidentiality agreements.

Include information security responsibilities in job descriptions.

An online bank identifies a successful network attack in progress. The bank should FIRST:

isolate the affected network segment.

report the root cause to the board of directors.

assess whether personally identifiable information (Pll) is compromised.

Which of the following is the BEST approach for governing noncompliance with security requirements?

Base mandatory review and exception approvals on residual risk,

Require users to acknowledge the acceptable use policy.

Require the steering committee to review exception requests.

Base mandatory review and exception approvals on inherent risk.

Which of the following is the PRIMARY role of an information security manager in a software development project?

To assess and approve the security application architecture

To enhance awareness for secure software design

To assess and approve the security application architecture

To identify noncompliance in the early design stage

To identify software security weaknesses

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Percentage of controls integrated into business processes

Number of blocked intrusion attempts

Number of business cases reviewed by senior management

Trends in the number of identified threats to the business

Percentage of controls integrated into business processes

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

the information security manager.

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

The underlying reason for the user error

The time and location that the breach occurred

Evidence of previous incidents caused by the user

The underlying reason for the user error

Appropriate disciplinary procedures for user error

Which of the following is the FIRST step to establishing an effective information security program?

Perform a business impact analysis (BIA).

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Perform security code reviews on the entire application.

Scan the entire application using a vulnerability scanning tool.

Run the application from a high-privileged account on a test system.

Perform security code reviews on the entire application.

Monitor Internet traffic for sensitive information leakage.

The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:

promotes efficiency in control of the environment.

reduces unauthorized access to systems.

promotes efficiency in control of the environment.

prevents inconsistencies in information in the distributed environment.

allows administrative staff to make management decisions.

Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?

Review the previous risk assessment and countermeasures.

Evaluate countermeasures to mitigate new risks.

Transfer the new risk to a third party.

Which of the following is the BEST indication of an effective information security awareness training program?

An increase in the identification rate during phishing simulations

An increase in the frequency of phishing tests

An increase in positive user feedback

An increase in the speed of incident resolution

An increase in the identification rate during phishing simulations

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Training on risk management procedures

Reporting on documented deficiencies

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Implementing proactive systems monitoring

Providing ongoing training to the incident response team

Implementing proactive systems monitoring

Implementing a honeypot environment

Updating information security awareness materials

Which of the following is MOST important in increasing the effectiveness of incident responders?

Communicating with the management team

Integrating staff with the IT department

Reviewing the incident response plan annually

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

Standardization of compliance requirements

Documentation of control procedures

Standardization of compliance requirements

Integration of assurance efforts

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

The security strategy is promoted.

Fewer security incidents are reported.

More security incidents are detected.

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. What is the information security manager's BEST course of action?

Present the risk to senior management.

Create an exception for the deviation.

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

The contact list is regularly updated.

Each process is assigned to a responsible party.

The contact list is regularly updated.

Minimum regulatory requirements are maintained.

Senior management approval has been documented.

A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:

potential incident has been logged.

Penetration testing is MOST appropriate when a:

new system is about to go live.

security policy is being developed.

security incident has occurred,

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

follow the incident response plan.

notify the business process owner.

follow the business continuity plan (BCP).

conduct an incident forensic analysis.

follow the incident response plan.

Which of the following is the BEST indicator of an organization's information security status?

Intrusion detection log analysis

Which of the following is MOST important for building 4 robust information security culture within an organization?

Mature information security awareness training across the organization

Strict enforcement of employee compliance with organizational security policies

Security controls embedded within the development and operation of the IT environment

Senior management approval of information security policies

The MOST appropriate time to conduct a disaster recovery test would be after:

the business continuity plan (BCP) has been updated.

major business processes have been redesigned.

the business continuity plan (BCP) has been updated.

the security risk profile has been reviewed

noncompliance incidents have been filed.

What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to have been hacked?

Disconnect the device from the network,

Escalate to the incident response team

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

a control self-assessment (CSA) process.

automated reporting to stakeholders.

a monitoring process for the security policy.

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

Perform a cost-benefit analysis.

Submit funding request to senior management.

Begin due diligence on the outsourcing company.

Isaca CISM Practice Test 3 - Free Online Exam Prep & Questions

Question 1 / 40

Which of the following is MOST important when conducting a forensic investigation?

Analyzing system memory

Documenting analysis steps

Capturing full system images

Maintaining a chain of custody

Comment (0)

Isaca CISM Practice Test 3

Question

Isaca CISM Practice Tests

Practice Tests