ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 71

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 701

Report
Export
Collapse

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

A.
Ensure security is involved in the procurement process.
A.
Ensure security is involved in the procurement process.
Answers
B.
Review the third-party contract with the organization's legal department.
B.
Review the third-party contract with the organization's legal department.
Answers
C.
Conduct an information security audit on the third-party vendor.
C.
Conduct an information security audit on the third-party vendor.
Answers
D.
Communicate security policy with the third-party vendor.
D.
Communicate security policy with the third-party vendor.
Answers
Suggested answer: A

Question 702

Report
Export
Collapse

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

A.
Local regulatory requirements
A.
Local regulatory requirements
Answers
B.
Global framework standards
B.
Global framework standards
Answers
C.
Cross-border data mobility
C.
Cross-border data mobility
Answers
D.
Training requirements of the framework
D.
Training requirements of the framework
Answers
Suggested answer: A

Question 703

Report
Export
Collapse

A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?

A.
Validate the scope and impact with the business process owner.
A.
Validate the scope and impact with the business process owner.
Answers
B.
Initiate the incident response plan.
B.
Initiate the incident response plan.
Answers
C.
Review and validate the rules within the DLP system.
C.
Review and validate the rules within the DLP system.
Answers
D.
Escalate the issue to senior management.
D.
Escalate the issue to senior management.
Answers
Suggested answer: A

Question 704

Report
Export
Collapse

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

A.
To ensure industry best practices for enterprise security are followed
A.
To ensure industry best practices for enterprise security are followed
Answers
B.
To establish the minimum level of controls needed
B.
To establish the minimum level of controls needed
Answers
C.
To determine the desired state of enterprise security
C.
To determine the desired state of enterprise security
Answers
D.
To satisfy auditors' recommendations for enterprise security
D.
To satisfy auditors' recommendations for enterprise security
Answers
Suggested answer: C

Question 705

Report
Export
Collapse

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

A.
To ensure industry best practices for enterprise security are followed
A.
To ensure industry best practices for enterprise security are followed
Answers
B.
To establish the minimum level of controls needed
B.
To establish the minimum level of controls needed
Answers
C.
To determine the desired state of enterprise security
C.
To determine the desired state of enterprise security
Answers
D.
To satisfy auditors' recommendations for enterprise security
D.
To satisfy auditors' recommendations for enterprise security
Answers
Suggested answer: C

Question 706

Report
Export
Collapse

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

A.
Notify the regulatory agency of the incident.
A.
Notify the regulatory agency of the incident.
Answers
B.
Implement mitigating controls.
B.
Implement mitigating controls.
Answers
C.
Evaluate the impact to the business.
C.
Evaluate the impact to the business.
Answers
D.
Examine firewall logs to identify the attacker.
D.
Examine firewall logs to identify the attacker.
Answers
Suggested answer: C

Question 707

Report
Export
Collapse

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

A.
To ensure access rights meet classification requirements
A.
To ensure access rights meet classification requirements
Answers
B.
To facilitate the analysis of application logs
B.
To facilitate the analysis of application logs
Answers
C.
To ensure web application availability
C.
To ensure web application availability
Answers
D.
To support strong two-factor authentication protocols
D.
To support strong two-factor authentication protocols
Answers
Suggested answer: A

Question 708

Report
Export
Collapse

Which of the following is a function of the information security steering committee?

A.
Deliver external communication during incident response.
A.
Deliver external communication during incident response.
Answers
B.
Align the security framework with security standards.
B.
Align the security framework with security standards.
Answers
C.
Align security strategy with business objectives.
C.
Align security strategy with business objectives.
Answers
D.
Monitor regulatory requirements.
D.
Monitor regulatory requirements.
Answers
Suggested answer: C

Question 709

Report
Export
Collapse

Which of the following is the MOST important reason for logging firewall activity?

A.
Metrics reporting
A.
Metrics reporting
Answers
B.
Firewall tuning
B.
Firewall tuning
Answers
C.
Intrusion prevention
C.
Intrusion prevention
Answers
D.
Incident investigation
D.
Incident investigation
Answers
Suggested answer: C

Question 710

Report
Export
Collapse

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

A.
packet filtering.
A.
packet filtering.
Answers
B.
web surfing controls.
B.
web surfing controls.
Answers
C.
log monitoring.
C.
log monitoring.
Answers
D.
application awareness.
D.
application awareness.
Answers
Suggested answer: C
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms