ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 72

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 711

Report
Export
Collapse

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

A.
Perform a full data backup.
A.
Perform a full data backup.
Answers
B.
Conduct ransomware awareness training for all staff.
B.
Conduct ransomware awareness training for all staff.
Answers
C.
Update indicators of compromise in the security systems.
C.
Update indicators of compromise in the security systems.
Answers
D.
Review the current risk assessment.
D.
Review the current risk assessment.
Answers
Suggested answer: D

Question 712

Report
Export
Collapse

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

A.
An increase in the number of identified security incidents
A.
An increase in the number of identified security incidents
Answers
B.
A decrease in the number of security audit findings
B.
A decrease in the number of security audit findings
Answers
C.
A decrease in the number of security policy exceptions
C.
A decrease in the number of security policy exceptions
Answers
D.
An increase in the number of compliant business processes
D.
An increase in the number of compliant business processes
Answers
Suggested answer: D

Question 713

Report
Export
Collapse

An organization has suffered from a large-scale security event impacting a critical system. Following the decision to restore the system at an alternate location, which plan should be invoked?

A.
Disaster recovery plan (DRP)
A.
Disaster recovery plan (DRP)
Answers
B.
Incident response plan
B.
Incident response plan
Answers
C.
Business continuity plan (BCP)
C.
Business continuity plan (BCP)
Answers
D.
Communications plan
D.
Communications plan
Answers
Suggested answer: C

Question 714

Report
Export
Collapse

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

A.
Assessing how peer organizations using the same technologies have been impacted
A.
Assessing how peer organizations using the same technologies have been impacted
Answers
B.
Understanding the impact on existing resources
B.
Understanding the impact on existing resources
Answers
C.
Reviewing vendor contracts and service level agreements (SLAs)
C.
Reviewing vendor contracts and service level agreements (SLAs)
Answers
D.
Developing training for end users to familiarize them with the new technology
D.
Developing training for end users to familiarize them with the new technology
Answers
Suggested answer: B

Question 715

Report
Export
Collapse

An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

A.
Information security threat profile
A.
Information security threat profile
Answers
B.
Information security policy
B.
Information security policy
Answers
C.
Information security objectives
C.
Information security objectives
Answers
D.
Information security strategy
D.
Information security strategy
Answers
Suggested answer: D

Question 716

Report
Export
Collapse

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

A.
Accept the risk, as the benefits exceed the potential consequences.
A.
Accept the risk, as the benefits exceed the potential consequences.
Answers
B.
Mitigate the risk by applying anonymization on the data set.
B.
Mitigate the risk by applying anonymization on the data set.
Answers
C.
Transfer the risk by purchasing insurance.
C.
Transfer the risk by purchasing insurance.
Answers
D.
Mitigate the risk by encrypting the customer names in the data set.
D.
Mitigate the risk by encrypting the customer names in the data set.
Answers
Suggested answer: B

Question 717

Report
Export
Collapse

The PRIMARY purpose of implementing information security governance metrics is to:

A.
measure alignment with best practices.
A.
measure alignment with best practices.
Answers
B.
assess operational and program metrics.
B.
assess operational and program metrics.
Answers
C.
guide security towards the desired state.
C.
guide security towards the desired state.
Answers
D.
refine control operations.
D.
refine control operations.
Answers
Suggested answer: C

Question 718

Report
Export
Collapse

Which of the following is the MOST effective way to detect information security incidents?

A.
Implementation of regular security awareness programs
A.
Implementation of regular security awareness programs
Answers
B.
Periodic analysis of security event log records
B.
Periodic analysis of security event log records
Answers
C.
Threshold settings on key risk indicators (KRIs)
C.
Threshold settings on key risk indicators (KRIs)
Answers
D.
Real-time monitoring of network activity
D.
Real-time monitoring of network activity
Answers
Suggested answer: D

Question 719

Report
Export
Collapse

Which of the following is MOST important to include in an information security policy?

A.
Best practices
A.
Best practices
Answers
B.
Management objectives
B.
Management objectives
Answers
C.
Baselines
C.
Baselines
Answers
D.
Maturity levels
D.
Maturity levels
Answers
Suggested answer: B

Question 720

Report
Export
Collapse

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

A.
the integrity of evidence is preserved.
A.
the integrity of evidence is preserved.
Answers
B.
forensic investigation software is loaded on the server.
B.
forensic investigation software is loaded on the server.
Answers
C.
the incident is reported to senior management.
C.
the incident is reported to senior management.
Answers
D.
the server is unplugged from power.
D.
the server is unplugged from power.
Answers
Suggested answer: A
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms