Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CISM

ISACA CISM Exam Practice Questions (P. 4)

  • Full Access (1250 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
  1. A
    Decision on the classification of cloud-hosted data
  2. B
    Expertise of personnel providing incident response
  3. C
    Implementation of a SIEM in the organization
  4. D
    An agreement on the definition of a security incident

Correct Answer:
D

Question #32
Which of the following is the BEST way for an organization to determine the maturity level of its information security program?
  1. A
    Review the results of information security awareness testing.
  2. B
    Validate the effectiveness of implemented security controls.
  3. C
    Benchmark the information security policy against industry standards.
  4. D
    Track the trending of information security incidents.

Correct Answer:
B

Question #33
An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?
  1. A
    Increase the frequency of log monitoring and analysis.
  2. B
    Implement a security information and event management system (SIEM).
  3. C
    Increase the sensitivity of intrusion detection systems.
  4. D
    Implement multi-factor authentication.

Correct Answer:
D

Question #34
When supporting an organization's privacy officer which of the following is the information security manager's PRIMARY role regarding privacy requirements?
  1. A
    Ensuring appropriate controls are in place
  2. B
    Monitoring the transfer of private data
  3. C
    Determining data classification
  4. D
    Conducting privacy awareness programs

Correct Answer:
A

Question #35
The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?
  1. A
    The strategy does not include a cost-benefit analysis.
  2. B
    There was a lack of engagement with the business during development.
  3. C
    The strategy does not comply with security standards.
  4. D
    The CISO reports to the CIO.

Correct Answer:
B

Question #36
An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?
  1. A
    The committee consists of too many senior executives.
  2. B
    The committee lacks sufficient business representation.
  3. C
    There is a conflict of interest between the business and IT.
  4. D
    The CIO is not taking charge of the committee.

Correct Answer:
B

Question #37
What is the PRIMARY purpose of an unannounced disaster recovery exercise?
  1. A
    To provide metrics to senior management
  2. B
    To evaluate how personnel react to the situation
  3. C
    To assess service level agreements (SLAs)
  4. D
    To estimate the recovery time objective (RTO)

Correct Answer:
B

Question #38
Labeling information according to its security classification:
  1. A
    reduces the need to identify baseline controls for each classification.
  2. B
    reduces the number and type of countermeasures required.
  3. C
    enhances the likelihood of people handling information securely.
  4. D
    affects the consequences if information is handled insecurely.

Correct Answer:
C

Question #39
Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?
  1. A
    Ensure resources meet information security program needs
  2. B
    Audit the information security program to identify deficiencies
  3. C
    Identify gaps impacting information security strategy
  4. D
    Develop key performance indicators (KPIs) of information security

Correct Answer:
D

Question #40
When drafting the corporate privacy statement for a public web site, which of the following MUST be included?
  1. A
    Limited liability clause
  2. B
    Access control requirements
  3. C
    Explanation of information usage
  4. D
    Information encryption requirements

Correct Answer:
C

Previous Questions Next Questions

All Pages