ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 68

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 671

Report
Export
Collapse

Which of the following is the BEST reason to implement a comprehensive information security management system?

A.
To ensure continuous alignment with the organizational strategy
A.
To ensure continuous alignment with the organizational strategy
Answers
B.
To gain senior management support for the information security program
B.
To gain senior management support for the information security program
Answers
C.
To support identification of key risk indicators (KRIs)
C.
To support identification of key risk indicators (KRIs)
Answers
D.
To facilitate compliance with external regulatory requirements
D.
To facilitate compliance with external regulatory requirements
Answers
Suggested answer: A

Explanation:

According to the CISM Review Manual, 15th Edition, the primary objective of an information security management system (ISMS) is to align the information security strategy with the business strategy and ensure that information security objectives are consistent with the business objectives1. This helps the organization to achieve its goals and protect its information assets from threats and risks.

Reference=1: CISM Review Manual, 15th Edition, Chapter 1: Information Security Governance, page 11.

Question 672

Report
Export
Collapse

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

A.
An industry peer experienced a recent breach with a similar application.
A.
An industry peer experienced a recent breach with a similar application.
Answers
B.
The system can be replicated for additional use cases.
B.
The system can be replicated for additional use cases.
Answers
C.
The cost of implementing the system is less than the impact of downtime.
C.
The cost of implementing the system is less than the impact of downtime.
Answers
D.
The solution is within the organization's risk tolerance.
D.
The solution is within the organization's risk tolerance.
Answers
Suggested answer: C

Explanation:

A monitoring system for a critical application can help detect and prevent incidents that could affect the availability, integrity, and confidentiality of the application and its data. The impact of downtime could include loss of revenue, reputation, customer satisfaction, and regulatory compliance. Therefore, the cost of implementing the system should be justified by the potential savings from avoiding or minimizing these impacts.

Reference=CISM Review Manual, 15th Edition, page 173;An Introduction to Metrics, Monitoring, and Alerting;Business-critical applications: What are they and how do you protect them from cyberattack?

Question 673

Report
Export
Collapse

Which of the following roles has the PRIMARY responsibility to ensure the operating effectiveness of IT controls?

A.
Risk owner
A.
Risk owner
Answers
B.
Control tester
B.
Control tester
Answers
C.
IT compliance leader
C.
IT compliance leader
Answers
D.
Information security manager
D.
Information security manager
Answers
Suggested answer: D

Explanation:

According to the CISM Review Manual, 15th Edition1, the information security manager is responsible for ensuring that the information security program supports the organization's objectives and aligns with applicable laws and regulations. The information security manager is also responsible for overseeing the implementation and maintenance of effective IT controls, as well as monitoring and reporting on their performance.

Reference=1: CISM Review Manual, 15th Edition, ISACA, 2016, Chapter 1, page 10.

Question 674

Report
Export
Collapse

Which of the following should be done NEXT following senior management's decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

A.
Encrypt data in transit and at rest.
A.
Encrypt data in transit and at rest.
Answers
B.
Complete a return on investment (ROI) analysis.
B.
Complete a return on investment (ROI) analysis.
Answers
C.
Create and implement a data minimization plan.
C.
Create and implement a data minimization plan.
Answers
D.
Conduct a gap analysis.
D.
Conduct a gap analysis.
Answers
Suggested answer: D

Explanation:

A gap analysis is a tool that helps to identify the current state of compliance and the desired state of compliance, as well as the actions needed to achieve the desired state. A gap analysis should be done before implementing any specific controls or solutions, such as encryption, data minimization, or ROI analysis.

Reference=CISM Review Manual 15th Edition, page 65;Information Security Architecture: Gap Assessment and Prioritization, ISACA Journal, volume 2, 2018.

Question 675

Report
Export
Collapse

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

A.
number of impacted users.
A.
number of impacted users.
Answers
B.
capability of incident handlers.
B.
capability of incident handlers.
Answers
C.
type of confirmed incident.
C.
type of confirmed incident.
Answers
D.
predicted incident duration.
D.
predicted incident duration.
Answers
Suggested answer: C

Explanation:

According to the NIST SP 800-61 Computer Security Incident Handling Guide, the type of confirmed incident is one of the most important criteria for choosing a containment strategy, as different types of incidents may require different levels of urgency, scope, and impact1. For example, a denial-of-service attack may require a different containment strategy than a ransomware attack or a data breach.

Reference=1: NIST SP 800-61: 3.1.Choosing a Containment Strategy2

Question 676

Report
Export
Collapse

How would the information security program BEST support the adoption of emerging technologies?

A.
Conducting a control assessment
A.
Conducting a control assessment
Answers
B.
Developing an emerging technology roadmap
B.
Developing an emerging technology roadmap
Answers
C.
Providing effective risk governance
C.
Providing effective risk governance
Answers
D.
Developing an acceptable use policy
D.
Developing an acceptable use policy
Answers
Suggested answer: B

Explanation:

An emerging technology roadmap is a strategic plan that identifies the potential benefits, risks, and challenges of adopting new technologies in alignment with the organization's goals and objectives. It also defines the roles and responsibilities, processes, and controls for managing the technology lifecycle, from evaluation to implementation to maintenance. An emerging technology roadmap can help the information security program support the adoption of emerging technologies by ensuring that security requirements are considered and addressed at every stage, and that the technologies are aligned with the organization's risk appetite and compliance obligations.

Reference=CISM Review Manual, 15th Edition, page 97;Privacy, Security and Bias in Emerging Technologies;The Impact of Emerging Technology on the Future of Cybersecurity

Question 677

Report
Export
Collapse

Which of the following BEST determines an information asset's classification?

A.
Value of the information asset in the marketplace
A.
Value of the information asset in the marketplace
Answers
B.
Criticality to a business process
B.
Criticality to a business process
Answers
C.
Risk assessment from the data owner
C.
Risk assessment from the data owner
Answers
D.
Cost of producing the information asset
D.
Cost of producing the information asset
Answers
Suggested answer: B

Explanation:

According to the CISM Review Manual, 15th Edition1, information asset classification is the process of assigning a level of sensitivity to information assets based on their importance to the organization and the potential impact of unauthorized disclosure, modification or destruction. The criticality of an information asset to a business process is one of the key factors that determines its classification level.

Reference=1: CISM Review Manual, 15th Edition, ISACA, 2016, Chapter 2, page 61.

Question 678

Report
Export
Collapse

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

A.
Increase in false positives
A.
Increase in false positives
Answers
B.
Increase in false negatives
B.
Increase in false negatives
Answers
C.
Decrease in false negatives
C.
Decrease in false negatives
Answers
D.
Decrease in false positives
D.
Decrease in false positives
Answers
Suggested answer: B

Explanation:

False negatives are events that are not detected by the IDS, but should have been. An increase in false negatives indicates that the IDS is missing potential attacks or intrusions, which could compromise the security of the organization.

Reference= CISM Review Manual, 15th Edition, page 212; CISM Review Questions, Answers & Explanations Database, question ID 1001.

Question 679

Report
Export
Collapse

An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done

FIRST?

A.
Install additional application controls.
A.
Install additional application controls.
Answers
B.
Notify senior management.
B.
Notify senior management.
Answers
C.
Invoke the incident response plan.
C.
Invoke the incident response plan.
Answers
D.
Prevent access to the application.
D.
Prevent access to the application.
Answers
Suggested answer: C

Explanation:

According to the NIST SP 800-61 Computer Security Incident Handling Guide1, the first step in responding to a cybersecurity incident is to invoke the incident response plan (IRP), which is a written document that defines the roles, responsibilities, and procedures for dealing with a confirmed or suspected security breach1.The IRP helps the organization to prepare for, detect, analyze, contain, eradicate, recover from, and learn from incidents1. Invoking the IRP ensures that the right personnel and resources are mobilized to effectively deal with the threat and minimize the impact.

Reference=1: NIST SP 800-61: 1.Introduction1

Question 680

Report
Export
Collapse

Which of the following is the MOST effective way to increase security awareness in an organization?

A.
Implement regularly scheduled information security audits.
A.
Implement regularly scheduled information security audits.
Answers
B.
Require signed acknowledgment of information security policies.
B.
Require signed acknowledgment of information security policies.
Answers
C.
Conduct periodic simulated phishing exercises.
C.
Conduct periodic simulated phishing exercises.
Answers
D.
Include information security requirements in job descriptions.
D.
Include information security requirements in job descriptions.
Answers
Suggested answer: C
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms