ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 54

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
What should an information security manager verify FIRST when reviewing an information asset management program?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Question 531

Report
Export
Collapse

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

A.
Conduct phishing awareness training.
A.
Conduct phishing awareness training.
Answers
B.
Implement disciplinary procedures.
B.
Implement disciplinary procedures.
Answers
C.
Establish an acceptable use policy.
C.
Establish an acceptable use policy.
Answers
D.
Assess and update spam filtering rules.
D.
Assess and update spam filtering rules.
Answers
Suggested answer: A

Explanation:

Phishing awareness training is the best way to mitigate the risk of employees clicking on malicious links in emails, as it educates them on how to recognize and avoid phishing attempts. (From CISM Review Manual 15th Edition)

Question 532

Report
Export
Collapse

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

A.
To define security roles and responsibilities
A.
To define security roles and responsibilities
Answers
B.
To determine return on investment (ROI)
B.
To determine return on investment (ROI)
Answers
C.
To establish incident severity levels
C.
To establish incident severity levels
Answers
D.
To determine the criticality of information assets
D.
To determine the criticality of information assets
Answers
Suggested answer: D

Explanation:

A business impact analysis (BIA) is a process that identifies and evaluates the potential effects of disruptions to critical business operations as a result of a disaster, accident or emergency. The primary purpose of a BIA is to determine the criticality of information assets and the impact of their unavailability on the organization's mission, objectives and reputation. (From CISM Review Manual 15th Edition)

Question 533

Report
Export
Collapse

Which of the following is the MOST effective way to ensure information security policies are understood?

A.
Implement a whistle-blower program.
A.
Implement a whistle-blower program.
Answers
B.
Provide regular security awareness training.
B.
Provide regular security awareness training.
Answers
C.
Include security responsibilities in job descriptions.
C.
Include security responsibilities in job descriptions.
Answers
D.
Document security procedures.
D.
Document security procedures.
Answers
Suggested answer: B

Explanation:

Security awareness training is the most effective way to ensure information security policies are understood, as it educates employees on the purpose, content and importance of the policies, and how to comply with them. (From CISM Review Manual 15th Edition)

Question 534

Report
Export
Collapse

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

A.
Assess the residual risk.
A.
Assess the residual risk.
Answers
B.
Share lessons learned with the organization.
B.
Share lessons learned with the organization.
Answers
C.
Update the system's documentation.
C.
Update the system's documentation.
Answers
D.
Allocate budget for penetration testing.
D.
Allocate budget for penetration testing.
Answers
Suggested answer: A

Explanation:

Residual risk is the risk that remains after applying controls to mitigate the original risk. It is important to assess the residual risk after remediation to ensure that it is within the acceptable level and tolerance of the organization. (From CISM Review Manual 15th Edition)

Question 535

Report
Export
Collapse

Which is MOST important to identify when developing an effective information security strategy?

A.
Security awareness training needs
A.
Security awareness training needs
Answers
B.
Potential savings resulting from security governance
B.
Potential savings resulting from security governance
Answers
C.
Business assets to be secured
C.
Business assets to be secured
Answers
D.
Residual risk levels
D.
Residual risk levels
Answers
Suggested answer: C

Explanation:

Business assets are the resources that enable the organization to achieve its objectives and create value. Identifying the business assets to be secured is the most important step in developing an effective information security strategy, as it helps to align the security goals with the business goals, prioritize the security efforts and resources, and define the scope and boundaries of the security program. (From CISM Review Manual 15th Edition)

Question 536

Report
Export
Collapse

Which of the following presents the GREATEST risk associated with the use of an automated security information and event management (SIEM) system?

A.
Low number of false positives
A.
Low number of false positives
Answers
B.
Low number of false negatives
B.
Low number of false negatives
Answers
C.
High number of false positives
C.
High number of false positives
Answers
D.
High number of false negatives
D.
High number of false negatives
Answers
Suggested answer: D

Explanation:

A false negative is a security incident that was not detected by the SIEM system, which presents the greatest risk as it allows attackers to compromise the organization's assets and data without being noticed or stopped. A high number of false negatives can indicate that the SIEM system is not configured properly, has insufficient data sources, or lacks effective analytics and correlation rules. (From CISM Review Manual 15th Edition)

Question 537

Report
Export
Collapse

A security incident has been reported within an organization. When should an information security manager contact the information owner?

A.
After the incident has been contained
A.
After the incident has been contained
Answers
B.
After the incident has been mitigated
B.
After the incident has been mitigated
Answers
C.
After the incident has been confirmed
C.
After the incident has been confirmed
Answers
D.
After the potential incident has been logged
D.
After the potential incident has been logged
Answers
Suggested answer: C

Explanation:

The information owner is the person who has the authority and responsibility for the information asset and its protection. The information security manager should contact the information owner as soon as possible after the incident has been confirmed, to inform them of the incident, its impact, and the actions taken or planned to resolve it. The information owner may also need to be involved in the decision-making process regarding the incident response and recovery. (From CISM Review Manual 15th Edition)

Question 538

Report
Export
Collapse

An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?

A.
Conduct a risk assessment.
A.
Conduct a risk assessment.
Answers
B.
Communicate the changes to stakeholders.
B.
Communicate the changes to stakeholders.
Answers
C.
Update the organization's risk register.
C.
Update the organization's risk register.
Answers
D.
Develop a policy exception process.
D.
Develop a policy exception process.
Answers
Suggested answer: B

Explanation:

Communicating the changes to stakeholders is the next step after updating and publishing the information security policy and standards, as it ensures that the stakeholders are aware of the new or revised requirements, expectations and responsibilities, and can provide feedback or raise concerns if needed. Communication also helps to promote the acceptance and adoption of the policy and standards, and to reinforce the security culture and awareness within the organization. (From CISM Review Manual 15th Edition)

Question 539

Report
Export
Collapse

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

A.
Requiring an external security audit of the IT service provider
A.
Requiring an external security audit of the IT service provider
Answers
B.
Requiring regular reporting from the IT service provider
B.
Requiring regular reporting from the IT service provider
Answers
C.
Defining information security requirements with internal IT
C.
Defining information security requirements with internal IT
Answers
D.
Defining the business recovery plan with the IT service provider
D.
Defining the business recovery plan with the IT service provider
Answers
Suggested answer: B

Explanation:

Requiring regular reporting from the IT service provider is the best way to ensure compliance with the organization's information security requirements, as it allows the organization to monitor the performance, security incidents, service levels, and compliance status of the IT service provider. Reporting also helps to identify any gaps or issues that need to be addressed or resolved. (From CISM Review Manual 15th Edition)

Question 540

Report
Export
Collapse

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

A.
Escalation processes
A.
Escalation processes
Answers
B.
Recovery time objective (RTO)
B.
Recovery time objective (RTO)
Answers
C.
Security audit reports
C.
Security audit reports
Answers
D.
Technological capabilities
D.
Technological capabilities
Answers
Suggested answer: A

Explanation:

Escalation processes are the most important security consideration when developing an incident response strategy with a cloud provider, as they define the roles, responsibilities, communication channels, and decision-making authority for both parties in the event of a security incident. Escalation processes help to ensure timely and effective response, coordination, and resolution of security incidents, as well as to avoid conflicts or confusion. (From CISM Review Manual 15th Edition)

Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms