ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 69

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 681

Report
Export
Collapse

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

A.
Implement compensating controls to address the risk.
A.
Implement compensating controls to address the risk.
Answers
B.
Report the risk associated with the policy breach.
B.
Report the risk associated with the policy breach.
Answers
C.
Implement a privileged access management system.
C.
Implement a privileged access management system.
Answers
D.
Enforce the security configuration and require the change to be reverted.
D.
Enforce the security configuration and require the change to be reverted.
Answers
Suggested answer: D

Explanation:

The first step in handling unauthorized modifications to a security application is to assess the problems and institute rollback procedures, if needed. This will ensure that the security application is restored to its original state and prevent further damage or exploitation. The other options are possible actions to take after the rollback, but they are not the first priority.

Reference=Protect, Detect and Correct Methodology to Mitigate Incidents: Insider Threats(section: The Insider Threat)

Question 682

Report
Export
Collapse

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

A.
Recommend additional network segmentation.
A.
Recommend additional network segmentation.
Answers
B.
Seek an independent opinion to confirm the findings.
B.
Seek an independent opinion to confirm the findings.
Answers
C.
Determine alignment with existing regulations.
C.
Determine alignment with existing regulations.
Answers
D.
Report findings to key stakeholders.
D.
Report findings to key stakeholders.
Answers
Suggested answer: D

Explanation:

The information security manager's best course of action is to report the findings of the risk assessment to the key stakeholders, such as senior management, business owners, and regulators. This will ensure that the stakeholders are aware of the potential impact of the risk and can make informed decisions on how to address it. The other options are possible actions to take after reporting the findings, but they are not the best course of action in this scenario.

Reference=CISM Domain 2: Information Risk Management (IRM) [2022 update](section: Information Risk Response) andCISM ITEM DEVELOPMENT GUIDE - ISACA(page 6, item example 2)

Question 683

Report
Export
Collapse

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

A.
Ensure a plan with milestones is developed.
A.
Ensure a plan with milestones is developed.
Answers
B.
Implement a distributed denial of service (DDoS) control.
B.
Implement a distributed denial of service (DDoS) control.
Answers
C.
Engage the incident response team.
C.
Engage the incident response team.
Answers
D.
Define new key performance indicators (KPIs).
D.
Define new key performance indicators (KPIs).
Answers
Suggested answer: A

Explanation:

A penetration test is a proactive way to identify and remediate security vulnerabilities in a network. When a penetration test reveals a security exposure due to a firewall that is not configured correctly, the information security manager's best course of action is to ensure a plan with milestones is developed to address the issue. This plan should include the root cause analysis, the corrective actions, the responsible parties, the deadlines, and the verification methods. This way, the information security manager can ensure that the security exposure is resolved in a timely and effective manner, and that the firewall configuration is aligned with the security policy and the business objectives.

Reference=

CISM Review Manual (Digital Version), page 193: ''The information security manager should ensure that a plan with milestones is developed to address the issues identified during the penetration test.''

How to configure a network firewall: Walkthrough: ''A good network firewall is essential. Learn the basics of configuring a network firewall, including stateful vs. stateless firewalls and access control lists in this episode of Cyber Work Applied.''

Which of the following is the BEST way to evaluate whether the information security program aligns with corporate governance?

A . Survey mid-level management.

B . Analyze industry benchmarks.

C . Conduct a gap analysis.

D . Review internal audit reports.

Question 684

Report
Export
Collapse

Which of the following is the MOST important objective when planning an incident response program?

A.
Managing resources
A.
Managing resources
Answers
B.
Ensuring IT resiliency
B.
Ensuring IT resiliency
Answers
C.
Recovering from a disaster
C.
Recovering from a disaster
Answers
D.
Minimizing business impact
D.
Minimizing business impact
Answers
Suggested answer: D

Question 685

Report
Export
Collapse

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A.
relates the investment to the organization's strategic plan.
A.
relates the investment to the organization's strategic plan.
Answers
B.
translates information security policies and standards into business requirements.
B.
translates information security policies and standards into business requirements.
Answers
C.
articulates management's intent and information security directives in clear language.
C.
articulates management's intent and information security directives in clear language.
Answers
D.
realigns information security objectives to organizational strategy.
D.
realigns information security objectives to organizational strategy.
Answers
Suggested answer: D

Question 686

Report
Export
Collapse

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

A.
Staff turnover rates that significantly exceed industry averages
A.
Staff turnover rates that significantly exceed industry averages
Answers
B.
Large number of applications in the organization
B.
Large number of applications in the organization
Answers
C.
Inaccurate workforce data from human resources (HR)
C.
Inaccurate workforce data from human resources (HR)
Answers
D.
Frequent changes to user roles during employment
D.
Frequent changes to user roles during employment
Answers
Suggested answer: C

Question 687

Report
Export
Collapse

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

A.
Purchase forensic standard operating procedures.
A.
Purchase forensic standard operating procedures.
Answers
B.
Provide forensics training to the information security team.
B.
Provide forensics training to the information security team.
Answers
C.
Ensure the incident response policy allows hiring a forensics firm.
C.
Ensure the incident response policy allows hiring a forensics firm.
Answers
D.
Retain a forensics firm prior to experiencing an incident.
D.
Retain a forensics firm prior to experiencing an incident.
Answers
Suggested answer: C

Question 688

Report
Export
Collapse

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

A.
The vendor's proposal allows for contract modification during technology refresh cycles.
A.
The vendor's proposal allows for contract modification during technology refresh cycles.
Answers
B.
The vendor's proposal aligns with the objectives of the organization.
B.
The vendor's proposal aligns with the objectives of the organization.
Answers
C.
The vendor's proposal requires the provider to have a business continuity plan (BCP).
C.
The vendor's proposal requires the provider to have a business continuity plan (BCP).
Answers
D.
The vendor's proposal allows for escrow in the event the third party goes out of business.
D.
The vendor's proposal allows for escrow in the event the third party goes out of business.
Answers
Suggested answer: B

Question 689

Report
Export
Collapse

A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

A.
Ability to test the patch prior to deployment
A.
Ability to test the patch prior to deployment
Answers
B.
Documentation of patching procedures
B.
Documentation of patching procedures
Answers
C.
Adequacy of the incident response plan
C.
Adequacy of the incident response plan
Answers
D.
Availability of resources to implement controls
D.
Availability of resources to implement controls
Answers
Suggested answer: D

Question 690

Report
Export
Collapse

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

A.
Conduct a threat analysis.
A.
Conduct a threat analysis.
Answers
B.
Implement an information security awareness training program.
B.
Implement an information security awareness training program.
Answers
C.
Establish an audit committee.
C.
Establish an audit committee.
Answers
D.
Create an information security steering committee.
D.
Create an information security steering committee.
Answers
Suggested answer: D
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms