Home

Home / Isaca / CISM

Question list

List of questions

Question 1

(0)

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security. Which of the following should be given immediate focus?

Question 2

(0)

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question 3

(0)

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question 4

(0)

Which of the following is the MOST important factor of a successful information security program?

Question 5

(0)

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 6

(0)

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question 7

(0)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Question 8

(0)

Which of the following is an example of risk mitigation?

Question 9

(0)

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question 10

(0)

The PRIMARY objective of a post-incident review of an information security incident is to:

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

The PRIMARY goal of a post-incident review should be to:

Question 133 - CISM discussion

Report

Which of the following would BEST ensure that security is integrated during application development?

A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Suggested answer: D

Explanation:

Introducing security requirements during the initiation phase would BEST ensure that security is integrated during application development because it would allow the security objectives and controls to be defined and aligned with the business needs and risk appetite before any design or coding is done.This would also facilitate the security by design approach, which is the most effective method to enhance the security of applications and application development activities1.Introducing security requirements early would also enable the collaboration between security professionals and developers, the identification and specification of security architectures, and the integration and testing of security controls throughout the development life cycle2. Employing global security standards during development processes (A) would help to ensure the consistency and quality of security practices, but it would not necessarily ensure that security is integrated during application development. Providing training on secure development practices to programmers (B) would help to raise the awareness and skills of developers, but it would not ensure that security is integrated during application development. Performing application security testing during acceptance testing would help to verify the security of the application before deployment, but it would not ensure that security is integrated during application development.It would also be too late to identify and remediate any security issues that could have been prevented or mitigated earlier in the development process.Reference=1: Five Key Components of an Application Security Program - ISACA1;2: CISM Domain -- Information Security Program Development | Infosec2

Show Answer

asked 01/10/2024

Gianmarco Salvaticchio

26 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first