Isaca CISM Practice Test - Questions Answers, Page 64

An organization's automated security monitoring tool generates an excessively large amount of falsq positives. Which of the following is the BEST method to optimize the monitoring process?

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

Which of the following is MOST important when developing an information security strategy?

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

An international organization with remote branches is implementing a corporate security policy for managing personally identifiable information (PII). Which of the following should be the information security manager's MAIN concern?