Pass4itsure has many years of exam experience! A group of professional Isaca exam experts! Update Isaca CISM test questions throughout the year! The most complete Isaca CISM dumps https://www.pass4itsure.com/cism.html test questions and answers! The safest buying experience! The biggest free sharing Isaca CISM exam practice questions and answers! Our goal is to help more people pass the exam!
QUESTION 1 What should be the information security manager\\’s MOST important consideration when planning a disaster recovery test? A. Documented escalation processes B. Organization-wide involvement C. Impact to production systems D. Stakeholder notification procedures Correct Answer: C
QUESTION 2 An organization\\’s marketing department wants to use an online collaboration service which is not in compliance with the information security policy. A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by: A. the information security manager B. business senior management C. the chief risk officer D. the compliance officer. Correct Answer: D
QUESTION 3 A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately? A. Add mitigating controls. B. Take the server off-line and install the patch. C. Check the server\\’s security and install the patch. D. Conduct an impact analysis. Correct Answer: D
QUESTION 4 Which of the following BEST supports the alignment of information security with business functions? A. Creation of a security steering committee B. IT management support of security assessments C. Business management participation in security penetration tests D. A focus on technology security risk within business processes Correct Answer: A
QUESTION 5 Which of the following is the MAIN benefit of performing an assessment of existing incident response processes? A. Identification of threats and vulnerabilities B. Prioritization of action plans C. Validation of current capabilities D. Benchmarking against industry peers Correct Answer: C
QUESTION 6 Which of the following is the BEST method to protect consumer private information for an online public website? A. Encrypt consumer\\’s data in transit and at rest. B. Apply a masking policy to the consumer data. C. Use secure encrypted transport layer. D. Apply strong authentication to online accounts. Correct Answer: A
QUESTION 7 Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework? A. Integrating security requirements with processes B. Performing security assessments and gap analysis C. Conducting a business impact analysis (BIA) D. Conducting information security awareness training Correct Answer: B
QUESTION 8 The PRIMARY reason for establishing a data classification scheme is to identify: A. data ownership. B. data-retention strategy. C. appropriate controls. D. recovery priorities. Correct Answer: C
QUESTION 9 When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint? A. Compliance with international security standards. B. Use of a two-factor authentication system. C. Existence of an alternate hot site in case of business disruption. D. Compliance with the organization\\’s information security requirements. Correct Answer: D Prom a security standpoint, compliance with the organization\\’s information security requirements is one of the most important topics that should be included in the contract with third-party service provider. The scope of implemented controls in any ISO 27001-compliant organization depends on the security requirements established by each organization. Requiring compliance only with this security standard does not guarantee that a service provider complies with the organization\\’s security requirements. The requirement to use a specific kind of control methodology is not usually stated in the contract with third-party service providers.
QUESTION 10 Which of the following should be the PRIMARY consideration when developing a security governance framework for an enterprise? A. Understanding of the current business strategy B. Assessment of the current security architecture C. Results of a business impact analysis (BIA) D. Benchmarking against industry best practice Correct Answer: A
QUESTION 11 Which of the following BEST reduces the likelihood of leakage of private information via email? A. Email encryption B. User awareness training C. Strong user authentication protocols D. Prohibition on the personal use of email Correct Answer: D
QUESTION 12 When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies? A. Create separate policies to address each regulation B. Develop policies that meet all mandated requirements C. Incorporate policy statements provided by regulators D. Develop a compliance risk assessment Correct Answer: B It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.
QUESTION 13 Which of the following is MOST important when prioritizing an information security incident? A. Organizational risk tolerance B. Cost to contain and remediate the incident C. Critically of affected resources D. Short-term impact to shareholder value Correct Answer: C
Isaca CISM exam questions video
Free real Isaca CISM exam preparation materials, Isaca CISM practice exam +Isaca CISM pdf dumps. Use them correctly and you will not fail. Get the full Isaca CISM dumps https://www.pass4itsure.com/cism.html ( Q&As: 1591).