ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 77

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 761

Report
Export
Collapse

Once a suite of security controls has been successfully implemented for an organization's business units, it is MOST important for the information security manager to:

A.
hand over the controls to the relevant business owners.
A.
hand over the controls to the relevant business owners.
Answers
B.
ensure the controls are regularly tested for ongoing effectiveness.
B.
ensure the controls are regularly tested for ongoing effectiveness.
Answers
C.
perform testing to compare control performance against industry levels.
C.
perform testing to compare control performance against industry levels.
Answers
D.
prepare to adapt the controls for future system upgrades.
D.
prepare to adapt the controls for future system upgrades.
Answers
Suggested answer: B

Question 762

Report
Export
Collapse

Which of the following should be updated FIRST to account for new regulatory requirements that impact current information security controls?

A.
Control matrix
A.
Control matrix
Answers
B.
Business impact analysis (BIA)
B.
Business impact analysis (BIA)
Answers
C.
Risk register
C.
Risk register
Answers
D.
Information security policy
D.
Information security policy
Answers
Suggested answer: D

Question 763

Report
Export
Collapse

Which of the following is MOST helpful in the development of a cost-effective information security strategy that is aligned with business requirements?

A.
Enforcing data retention
A.
Enforcing data retention
Answers
B.
Developing policy standards
B.
Developing policy standards
Answers
C.
Benchmarking against industry peers
C.
Benchmarking against industry peers
Answers
D.
Categorizing information assets
D.
Categorizing information assets
Answers
Suggested answer: C

Question 764

Report
Export
Collapse

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

A.
IT strategy
A.
IT strategy
Answers
B.
Security architecture
B.
Security architecture
Answers
C.
Business case
C.
Business case
Answers
D.
Risk assessment
D.
Risk assessment
Answers
Suggested answer: C

Question 765

Report
Export
Collapse

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

A.
It identifies appropriate follow-up work to address shortcomings in the plan.
A.
It identifies appropriate follow-up work to address shortcomings in the plan.
Answers
B.
It allows for greater participation and planning from the business side.
B.
It allows for greater participation and planning from the business side.
Answers
C.
It helps in assessing the availability of compatible backup hardware.
C.
It helps in assessing the availability of compatible backup hardware.
Answers
D.
It provides a low-cost method of assessing the BCP's completeness.
D.
It provides a low-cost method of assessing the BCP's completeness.
Answers
Suggested answer: A

Question 766

Report
Export
Collapse

Which of the following is MOST helpful in determining whether a phishing email is malicious?

A.
Security awareness training
A.
Security awareness training
Answers
B.
Reverse engineering
B.
Reverse engineering
Answers
C.
Threat intelligence
C.
Threat intelligence
Answers
D.
Sandboxing
D.
Sandboxing
Answers
Suggested answer: D

Question 767

Report
Export
Collapse

Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

A.
Implement a mobile device policy and standard.
A.
Implement a mobile device policy and standard.
Answers
B.
Provide employee training on secure mobile device practices.
B.
Provide employee training on secure mobile device practices.
Answers
C.
Implement a mobile device management (MDM) solution.
C.
Implement a mobile device management (MDM) solution.
Answers
D.
Require employees to install an effective anti-malware app.
D.
Require employees to install an effective anti-malware app.
Answers
Suggested answer: B

Question 768

Report
Export
Collapse

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

A.
Evaluate the security posture of the organization.
A.
Evaluate the security posture of the organization.
Answers
B.
Identify unmitigated risk.
B.
Identify unmitigated risk.
Answers
C.
Prevent incident recurrence.
C.
Prevent incident recurrence.
Answers
D.
Support business investments in security.
D.
Support business investments in security.
Answers
Suggested answer: C

Question 769

Report
Export
Collapse

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application's security compliance?

A.
During user acceptance testing (UAT)
A.
During user acceptance testing (UAT)
Answers
B.
During the design phase
B.
During the design phase
Answers
C.
During static code analysis
C.
During static code analysis
Answers
D.
During regulatory review
D.
During regulatory review
Answers
Suggested answer: B

Question 770

Report
Export
Collapse

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

A.
Feedback from affected departments
A.
Feedback from affected departments
Answers
B.
Historical data from past incidents
B.
Historical data from past incidents
Answers
C.
Technical capabilities of the team
C.
Technical capabilities of the team
Answers
D.
Procedures for incident triage
D.
Procedures for incident triage
Answers
Suggested answer: D
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms