Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CISM

ISACA CISM Exam Practice Questions (P. 3)

  • Full Access (1250 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be
MOST helpful in determining the associated level of risk applied to each vendor?
  1. A
    Compliance requirements associated with the regulation
  2. B
    Criticality of the service to the organization
  3. C
    Corresponding breaches associated with each vendor
  4. D
    Compensating controls in place to protect information security

Correct Answer:
B

Question #22
Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?
  1. A
    Security audit reports
  2. B
    Recovery time objective (RTO)
  3. C
    Technological capabilities
  4. D
    Escalation processes

Correct Answer:
D

Question #23
Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?
  1. A
    Executive leadership becomes involved in decisions about information security governance.
  2. B
    Executive leadership views information security governance primarily as a concern of the information security management team
  3. C
    Information security staff has little or no experience with the practice of information security governance.
  4. D
    Information security management does not fully accept the responsibility for information security governance.

Correct Answer:
B

Question #24
Risk scenarios simplify the risk assessment process by:
  1. A
    covering the full range of possible risk.
  2. B
    ensuring business risk is mitigated.
  3. C
    reducing the need for subsequent risk evaluation.
  4. D
    focusing on important and relevant risk.

Correct Answer:
D

Question #25
Which of the following is the MOST important consideration when developing information security objectives?
  1. A
    They are regularly reassessed and reported to stakeholders
  2. B
    They are approved by the IT governance function
  3. C
    They are clear and can be understood by stakeholders
  4. D
    They are identified using global security frameworks and standards

Correct Answer:
C

Question #26
A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?
  1. A
    Assess the business impact to the organization.
  2. B
    Present the noncompliance risk to senior management.
  3. C
    Investigate alternative options to remediate the noncompliance.
  4. D
    Determine the cost to remediate the noncompliance.

Correct Answer:
A

Question #27
Which of the following BEST enables effective information security governance?
  1. A
    Security-aware corporate culture
  2. B
    Advanced security technologies
  3. C
    Periodic vulnerability assessments
  4. D
    Established information security metrics

Correct Answer:
A

Question #28
Application data integrity risk is MOST directly addressed by a design that includes.
  1. A
    strict application of an authorized data dictionary.
  2. B
    reconciliation routines such as checksums, hash totals, and record counts.
  3. C
    application log requirements such as field-level audit trails and user activity logs.
  4. D
    access control technologies such as role-based entitlements.

Correct Answer:
B

Question #29
Deciding the level of protection a particular asset should be given is BEST determined by:
  1. A
    the corporate risk appetite.
  2. B
    a risk analysis.
  3. C
    a threat assessment.
  4. D
    a vulnerability assessment.

Correct Answer:
B

Question #30
What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
  1. A
    Calculate the total cost of ownership (TCO).
  2. B
    Define the issues to be addressed.
  3. C
    Perform a cost-benefit analysis.
  4. D
    Conduct a feasibility study.

Correct Answer:
C

Previous Questions Next Questions

All Pages