Information security controls should be designed PRIMARILY based on:

a business impact analysis (BIA).

Which of the following is the PRIMARY reason for granting a security exception?

The risk is justified by the cost to the business.

The risk is justified by the benefit to security.

The risk is justified by the cost to security.

The risk is justified by the benefit to the business.

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Evaluate the information security laws that apply to the acquired company.

Determine which country's information security regulations will be used.

Merge the two existing information security programs.

Apply the existing information security program to the acquired company.

Evaluate the information security laws that apply to the acquired company.

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

The information security manager

Network isolation techniques are immediately implemented after a security breach to:

reduce the extent of further damage.

preserve evidence as required for forensics

reduce the extent of further damage.

allow time for key stakeholder decision making.

enforce zero trust architecture principles.

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

Review access permissions annually or whenever job responsibilities change

Enable multi-factor authentication on user and admin accounts.

Review access permissions annually or whenever job responsibilities change

Lock out accounts after a set number of unsuccessful login attempts.

Delegate the management of access permissions to an independent third party.

The PRIMARY advantage of involving end users in continuity planning is that they:

have a better understanding of specific business needs.

are more objective than information security management.

can see the overall impact to the business.

can balance the technical and business risks.

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?

Involving information security at each stage of project management

Identifying responsibilities during the project business case analysis

Creating a data classification framework and providing it to stakeholders

Providing stakeholders with minimum information security requirements

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Require steering committee approval of risk treatment plans.

Establish key risk indicators (KRIs).

Use quantitative risk assessment methods.

Provide regular reporting on risk treatment to senior management

Require steering committee approval of risk treatment plans.

Which of the following would BEST ensure that security is integrated during application development?

Introducing security requirements during the initiation phase

Employing global security standards during development processes

Providing training on secure development practices to programmers

Performing application security testing during acceptance testing

Introducing security requirements during the initiation phase

Which of the following is MOST effective in monitoring an organization's existing risk?

Periodic updates to risk register

Security information and event management (SIEM) systems

Vulnerability assessment results

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Establishing an information security steering committee

Developing an information security policy based on risk assessments

Establishing an information security steering committee

Documenting the information security governance framework

Implementing an information security awareness program

In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure:

the rationale for acceptance is periodically reviewed.

change activities are documented.

the rationale for acceptance is periodically reviewed.

the acceptance is aligned with business strategy.

compliance with the risk acceptance framework.

Management decisions concerning information security investments will be MOST effective when they are based on:

the reporting of consistent and periodic assessments of risks.

a process for identifying and analyzing threats and vulnerabilities.

an annual loss expectancy (ALE) determined from the history of security events,

the reporting of consistent and periodic assessments of risks.

the formalized acceptance of risk analysis by management,

Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

Capability to take a snapshot of virtual machines

Availability of web application firewall logs.

Capability of online virtual machine analysis

Availability of current infrastructure documentation

Capability to take a snapshot of virtual machines

When developing an asset classification program, which of the following steps should be completed FIRST?

Create a business case for a digital rights management tool.

Implement a data loss prevention (OLP) system.

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Initiate the organization's incident response process.

Instruct the vendor to conduct penetration testing.

Suspend the connection to the application in the firewall

Report the situation to the business owner of the application.

Initiate the organization's incident response process.

Which of the following BEST facilitates effective incident response testing?

Simulating realistic test scenarios

Including all business units in testing

Simulating realistic test scenarios

Reviewing test results quarterly

Testing after major business changes

An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Create a business case for a new incident response plan.

Revise the existing incident response plan.

Assess the impact to the budget,

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Compromise of critical assets via third-party resources

Unavailability of services provided by a supplier

Loss of customers due to unavailability of products

Unreliable delivery of hardware and software resources by a supplier

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

fallow the incident response plan

conduct an incident forensic analysis.

fallow the incident response plan

notify the business process owner.

fallow the business continuity plan (BCP).

A PRIMARY purpose of creating security policies is to:

implement management's security governance strategy.

define allowable security boundaries.

communicate management's security expectations.

establish the way security tasks should be executed.

implement management's security governance strategy.

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Ensuring current documentation of security processes

Formalizing a security strategy and program

Developing an awareness program for staff

Ensuring current documentation of security processes

Establishing processes within the security operations team

Which of the following is the PRIMARY reason to monitor key risk indicators (KRIs) related to information security?

To benchmark control performance

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

capture evidence using standard server-backup utilities.

reboot affected machines in a secure area to search for evidence.

Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?

Identify recovery time objectives (RTOs).

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

Communicate the acceptable use policy.

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Identify the indicators of compromise.

Contact forensic investigators.

The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:

examples of help desk requests.

responses to security questionnaires.

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Reduction of organizational risk

Enhanced security monitoring and reporting

Enhanced threat detection capability

Reduction of organizational risk

A Seat a-hosting organization's data center houses servers, appliBEST approach for developing a physical access control policy for the organization?

Conduct a risk assessment to determine security risks and mitigating controls.

Review customers' security policies.

Conduct a risk assessment to determine security risks and mitigating controls.

Develop access control requirements for each system and application.

Design single sign-on (SSO) or federated access.

Isaca CISM Practice Test 4 - Free Online Exam Prep & Questions

Question 1 / 40

Which of the following BEST enables staff acceptance of information security policies?

Strong senior management support

Gomputer-based training

Arobust incident response program

Adequate security funding

Comment (0)

Isaca CISM Practice Test 4

Question

Isaca CISM Practice Tests

Practice Tests