ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 80

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
The PRIMARY goal of a post-incident review should be to:
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 791

Report
Export
Collapse

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

A.
Obtain consensus on the strategy from the executive board.
A.
Obtain consensus on the strategy from the executive board.
Answers
B.
Review alignment with business goals.
B.
Review alignment with business goals.
Answers
C.
Define organizational risk tolerance.
C.
Define organizational risk tolerance.
Answers
D.
Develop a project plan to implement the strategy.
D.
Develop a project plan to implement the strategy.
Answers
Suggested answer: D

Explanation:

The next thing that an information security manager should do after creating a roadmap to execute the strategy for an information security program is D. Develop a project plan to implement the strategy. This is because a project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. A project plan can help the information security manager to organize, coordinate, monitor, and control the activities and resources required to execute the strategy and achieve the desired outcomes. A project plan can also facilitate communication, collaboration, and reporting among the project team, stakeholders, and sponsors.

A project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 3, Section 3.1.2, page 1281; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 74, page 19

Question 792

Report
Export
Collapse

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

A.
Evaluate the results of business continuity testing.
A.
Evaluate the results of business continuity testing.
Answers
B.
Review key performance indicators (KPIs).
B.
Review key performance indicators (KPIs).
Answers
C.
Evaluate the business impact of incidents.
C.
Evaluate the business impact of incidents.
Answers
D.
Engage business process owners.
D.
Engage business process owners.
Answers
Suggested answer: D

Explanation:

The most effective way to determine the alignment of an information security program with the business strategy is D. Engage business process owners. This is because business process owners are the key stakeholders who are responsible for defining, executing, and monitoring the business processes that support the organization's mission, vision, and goals. By engaging them, the information security manager can understand their needs, expectations, and challenges, and ensure that the information security program is aligned with their requirements and objectives. Engaging business process owners can also help to establish trust, collaboration, and communication between the information security function and the business units, and foster a culture of security awareness and accountability.

Business process owners are the key stakeholders who are responsible for defining, executing, and monitoring the business processes that support the organization's mission, vision, and goals. By engaging them, the information security manager can understand their needs, expectations, and challenges, and ensure that the information security program is aligned with their requirements and objectives. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 1, Section 1.2.2, page 201; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 78, page 20

Question 793

Report
Export
Collapse

Which of the following is the PRIMARY objective of information asset classification?

A.
Vulnerability reduction
A.
Vulnerability reduction
Answers
B.
Compliance management
B.
Compliance management
Answers
C.
Risk management
C.
Risk management
Answers
D.
Threat minimization
D.
Threat minimization
Answers
Suggested answer: C

Explanation:

The primary objective of information asset classification is C. Risk management. This is because information asset classification is a process of assigning labels or categories to information assets based on their value, sensitivity, and criticality to the organization. Information asset classification helps the organization to identify, assess, and treat the risks associated with the information assets, and to apply the appropriate level of protection and controls to them. Information asset classification also helps the organization to comply with the legal, regulatory, and contractual obligations regarding the information assets, and to optimize the use of resources and costs for information security.

Information asset classification is a process of assigning labels or categories to information assets based on their value, sensitivity, and criticality to the organization. Information asset classification helps the organization to identify, assess, and treat the risks associated with the information assets, and to apply the appropriate level of protection and controls to them. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 2, Section 2.2.1, page 751; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 7, page 3; Certified Information Security Manager Exam Prep Guide - Packt Subscription2

Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms