Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 1 out of 17 pages
Viewing questions 1-20 out of questions
Questions # 1:

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Options:

A.

Establishing the authority to remote wipe


B.

Developing security awareness training


C.

Requiring the backup of the organization ' s data by the user


D.

Monitoring how often the smartphone is used


Expert Solution
Questions # 2:

Who should be responsible for determining the level of data classification required for an application related to a new line of business?

Options:

A.

Data analyst


B.

Information security officer (ISO)


C.

Data custodian


D.

Data owners


Expert Solution
Questions # 3:

Which of the following control types should be considered FIRST for aligning employee behavior with an organization ' s information security objectives?

Options:

A.

Administrative security controls


B.

Technical security controls


C.

Physical security controls


D.

Access security controls


Expert Solution
Questions # 4:

For an enterprise implementing a bring your own device program, which of the following would provide the BEST security for corporate data residing on unsecured mobile devices?

Options:

A.

Acceptable use policy


B.

Containerization solution


C.

Data loss prevention


D.

Device certification process


Expert Solution
Questions # 5:

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?

Options:

A.

Instruct the vendor to conduct penetration testing.


B.

Suspend the connection to the application in the firewall


C.

Report the situation to the business owner of the application.


D.

Initiate the organization ' s incident response process.


Expert Solution
Questions # 6:

Which of the following would BEST ensure that security is integrated during application development?

Options:

A.

Employing global security standards during development processes


B.

Providing training on secure development practices to programmers


C.

Performing application security testing during acceptance testing


D.

Introducing security requirements during the initiation phase


Expert Solution
Questions # 7:

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Options:

A.

Current resourcing levels


B.

Availability of potential resources


C.

Information security strategy


D.

Information security incidents


Expert Solution
Questions # 8:

Which of the following is the MOST common cause of cybersecurity breaches?

Options:

A.

Lack of adequate password rotation


B.

Human error


C.

Abuse of privileged accounts


D.

Lack of control baselines


Expert Solution
Questions # 9:

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:

A.

Assigning restoration priority during incidents


B.

Determining total cost of ownership (TCO)


C.

Evaluating vendors critical to business recovery


D.

Calculating residual risk after the incident recovery phase


Expert Solution
Questions # 10:

Which of the following is MOST effective in monitoring an organization ' s existing risk?

Options:

A.

Periodic updates to risk register


B.

Risk management dashboards


C.

Security information and event management (SIEM) systems


D.

Vulnerability assessment results


Expert Solution
Questions # 11:

Which of the following should be done NEXT following senior management ' s decision to comply with new personal data regulations that are much more stringent than those currently followed to avoid massive fines?

Options:

A.

Encrypt data in transit and at rest.


B.

Complete a return on investment (ROI) analysis.


C.

Create and implement a data minimization plan.


D.

Conduct a gap analysis.


Expert Solution
Questions # 12:

Penetration testing is MOST appropriate when a:

Options:

A.

new system is about to go live.


B.

new system is being designed.


C.

security policy is being developed.


D.

security incident has occurred,


Expert Solution
Questions # 13:

Of the following, who is accountable for ensuring the incident response plan is tested?

Options:

A.

Business process owner


B.

Business continuity manager


C.

Incident response team members


D.

Information security manager


Expert Solution
Questions # 14:

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Options:

A.

Security risk analysis


B.

Gap assessment


C.

Maturity assessment


D.

Vulnerability scan report


Expert Solution
Questions # 15:

Which of the following is the MOST essential element of an information security program?

Options:

A.

Benchmarking the program with global standards for relevance


B.

Prioritizing program deliverables based on available resources


C.

Involving functional managers in program development


D.

Applying project management practices used by the business


Expert Solution
Questions # 16:

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Options:

A.

Establish performance metrics for the team


B.

Perform a post-incident review


C.

Implement a SIEM solution


D.

Perform a threat analysis


Expert Solution
Questions # 17:

The PRIMARY reason to properly classify information assets is to determine:

Options:

A.

appropriate encryption strength using a risk-based approach.


B.

the business impact if assets are compromised.


C.

the appropriate protection based on sensitivity.


D.

user access levels based on the need to know.


Expert Solution
Questions # 18:

The GREATEST benefit of an effective information security awareness program is the organization’s ability to:

Options:

A.

Meet compliance requirements


B.

Reduce security incidents


C.

Establish accountability


D.

Develop meaningful metrics


Expert Solution
Questions # 19:

Which of the following is an information security manager ' s BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Options:

A.

Increase the frequency of system backups.


B.

Review the mitigating security controls.


C.

Notify staff members of the threat.


D.

Assess the risk to the organization.


Expert Solution
Questions # 20:

Which of the following is the BEST approach for data owners to use when defining access privileges for users?

Define access privileges based on user roles.

Adopt user account settings recommended by the vendor.

Perform a risk assessment of the users ' access privileges.

Options:

A.

Implement an identity and access management (IDM) tool.


Expert Solution
Viewing page 1 out of 17 pages
Viewing questions 1-20 out of questions