ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 75

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 741

Report
Export
Collapse

Which of the following should be the PRIMARY goal of information security?

A.
Information management
A.
Information management
Answers
B.
Regulatory compliance
B.
Regulatory compliance
Answers
C.
Data governance
C.
Data governance
Answers
D.
Business alignment
D.
Business alignment
Answers
Suggested answer: D

Question 742

Report
Export
Collapse

An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?

A.
Identified vulnerabilities are not published and communicated in awareness programs.
A.
Identified vulnerabilities are not published and communicated in awareness programs.
Answers
B.
Identified vulnerabilities are not logged and resolved in a timely manner.
B.
Identified vulnerabilities are not logged and resolved in a timely manner.
Answers
C.
The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.
C.
The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.
Answers
Suggested answer: B

Question 743

Report
Export
Collapse

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

A.
analysis of current threat landscape.
A.
analysis of current threat landscape.
Answers
B.
historical data of reported incidents.
B.
historical data of reported incidents.
Answers
C.
projected return on investment (ROI).
C.
projected return on investment (ROI).
Answers
D.
industry benchmarking gap analysis.
D.
industry benchmarking gap analysis.
Answers
Suggested answer: C

Question 744

Report
Export
Collapse

Which of the following is a PRIMARY function of an incident response team?

A.
To provide effective incident mitigation
A.
To provide effective incident mitigation
Answers
B.
To provide a risk assessment for zero-day vulnerabilities
B.
To provide a risk assessment for zero-day vulnerabilities
Answers
C.
To provide a single point of contact for critical incidents
C.
To provide a single point of contact for critical incidents
Answers
D.
To provide a business impact analysis (BIA)
D.
To provide a business impact analysis (BIA)
Answers
Suggested answer: A

Question 745

Report
Export
Collapse

The PRIMARY goal of a post-incident review should be to:

A.
establish the cost of the incident to the business.
A.
establish the cost of the incident to the business.
Answers
B.
determine why the incident occurred.
B.
determine why the incident occurred.
Answers
C.
identify policy changes to prevent a recurrence.
C.
identify policy changes to prevent a recurrence.
Answers
D.
determine how to improve the incident handling process.
D.
determine how to improve the incident handling process.
Answers
Suggested answer: D

Question 746

Report
Export
Collapse

Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?

A.
Labeling of data may help to ensure data is assigned to the correct cloud type.
A.
Labeling of data may help to ensure data is assigned to the correct cloud type.
Answers
B.
Laws and regulations of the origin country may not be applicable.
B.
Laws and regulations of the origin country may not be applicable.
Answers
C.
There may be liabilities and penalties in the event of a security breach.
C.
There may be liabilities and penalties in the event of a security breach.
Answers
D.
Data may be stored in unknown locations and may not be easily retrievable.
D.
Data may be stored in unknown locations and may not be easily retrievable.
Answers
Suggested answer: B

Question 747

Report
Export
Collapse

When remote access is granted to a company's internal network, the MOST important consideration should be that access is provided:

A.
on a need-to-know basis subject to controls.
A.
on a need-to-know basis subject to controls.
Answers
B.
subject to legal and regulatory requirements.
B.
subject to legal and regulatory requirements.
Answers
C.
by the use of a remote access server.
C.
by the use of a remote access server.
Answers
D.
if a robust IT infrastructure exists.
D.
if a robust IT infrastructure exists.
Answers
Suggested answer: A

Question 748

Report
Export
Collapse

Which of the following is MOST important to the effectiveness of an information security steering committee?

A.
The committee has strong regulatory knowledge.
A.
The committee has strong regulatory knowledge.
Answers
B.
The committee is comprised of representatives from senior management.
B.
The committee is comprised of representatives from senior management.
Answers
C.
The committee has cross-organizational representation.
C.
The committee has cross-organizational representation.
Answers
D.
The committee uses a risk management framework.
D.
The committee uses a risk management framework.
Answers
Suggested answer: C

Question 749

Report
Export
Collapse

The PRIMARY purpose of conducting a business impact analysis (BIA) is to determine the:

A.
scope of the business continuity program.
A.
scope of the business continuity program.
Answers
B.
resources needed for business recovery.
B.
resources needed for business recovery.
Answers
C.
recovery time objective (RTO).
C.
recovery time objective (RTO).
Answers
D.
scope of the incident response plan.
D.
scope of the incident response plan.
Answers
Suggested answer: B

Question 750

Report
Export
Collapse

After updating password standards, an information security manager is alerted by various application administrators that the applications they support are incapable of enforcing these standards. The information security manager's FIRST course of action should be to:

A.
determine the potential impact.
A.
determine the potential impact.
Answers
B.
reevaluate the standards.
B.
reevaluate the standards.
Answers
C.
implement compensating controls.
C.
implement compensating controls.
Answers
D.
evaluate the cost of replacing the applications.
D.
evaluate the cost of replacing the applications.
Answers
Suggested answer: A
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms