Isaca CISM Practice Test - Questions Answers, Page 69

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

Which of the following is the MOST important objective when planning an incident response program?

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?