Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 3 out of 17 pages
Viewing questions 41-60 out of questions
Questions # 41:

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Options:

A.

Projected Increase in maturity level


B.

Estimated reduction in risk


C.

Projected costs over time


D.

Estimated increase in efficiency


Expert Solution
Questions # 42:

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Options:

A.

Ensure security is involved in the procurement process.


B.

Review the third-party contract with the organization ' s legal department.


C.

Conduct an information security audit on the third-party vendor.


D.

Communicate security policy with the third-party vendor.


Expert Solution
Questions # 43:

A serious vulnerability was detected in a business application that can be exploited by external attackers to compromise the system. What is the information security manager’s BEST course of action?

Options:

A.

Ask the business application owner to apply the fix immediately


B.

Implement temporary remediation


C.

Immediately shut down the application


D.

Report the risk to the business application owner


Expert Solution
Questions # 44:

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Options:

A.

The vendor ' s proposal allows for contract modification during technology refresh cycles.


B.

The vendor ' s proposal aligns with the objectives of the organization.


C.

The vendor ' s proposal requires the provider to have a business continuity plan (BCP).


D.

The vendor ' s proposal allows for escrow in the event the third party goes out of business.


Expert Solution
Questions # 45:

Which of the following is the PRIMARY role of an information security manager in a software development project?

Options:

A.

To enhance awareness for secure software design


B.

To assess and approve the security application architecture


C.

To identify noncompliance in the early design stage


D.

To identify software security weaknesses


Expert Solution
Questions # 46:

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Options:

A.

Incorporate policy statements derived from third-party standards and benchmarks.


B.

Adhere to a unique corporate privacy and security standard


C.

Establish baseline standards for all locations and add supplemental standards as required


D.

Require that all locations comply with a generally accepted set of industry


Expert Solution
Questions # 47:

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager ' s FIRST response?

Options:

A.

Notify the regulatory agency of the incident.


B.

Implement mitigating controls.


C.

Evaluate the impact to the business.


D.

Examine firewall logs to identify the attacker.


Expert Solution
Questions # 48:

Which of the following should an information security manager do FIRST when there is a conflict between the organization ' s information security policy and a local regulation?

Options:

A.

Enforce the local regulation.


B.

Obtain legal guidance.


C.

Enforce the organization ' s information security policy.


D.

Obtain an independent assessment of the regulation.


Expert Solution
Questions # 49:

Which of the following is the PRIMARY impact of organizational culture on the effectiveness of an information security program?

Options:

A.

The culture shapes behaviors toward information security.


B.

The culture defines responsibilities necessary for program implementation.


C.

The culture helps determine budget for information security controls.


D.

The culture has minimal impact as long as information security controls are adhered to.


Expert Solution
Questions # 50:

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

A.

)the information security officer.


B.

the steering committee.


C.

the board of directors.


D.

the internal audit manager.


Expert Solution
Questions # 51:

Which of the following is the PRIMARY reason to involve stakeholders from various business units when developing an information security policy?

Options:

A.

To reduce the overall cost of policy development


B.

To share responsibility for addressing security breaches


C.

To decrease the workload of the IT department


D.

To gain acceptance of the policy across the organization


Expert Solution
Questions # 52:

Which of the following will BEST facilitate timely and effective incident response?

Options:

A.

Including penetration test results in incident response planning


B.

Assessing the risk of compromised assets


C.

Classifying the severity of an incident


D.

Notifying stakeholders when invoking the incident response plan


Expert Solution
Questions # 53:

When developing security processes for handling credit card data on the business unit ' s information system, the information security manager should FIRST:

Options:

A.

ensure alignment with industry encryption standards.


B.

ensure that systems that handle credit card data are segmented.


C.

review industry best practices for handling secure payments.


D.

review corporate policies regarding credit card information.


Expert Solution
Questions # 54:

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

A.

Improved staff attendance in awareness sessions


B.

Decreased number of phishing emails received


C.

Improved feedback on the anti-phishing campaign


D.

Decreased number of incidents that have occurred


Expert Solution
Questions # 55:

An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step to address this situation is to:

Options:

A.

disable the user ' s access to corporate resources.


B.

terminate the device connectivity.


C.

remotely wipe the device


D.

escalate to the user ' s management


Expert Solution
Questions # 56:

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

Options:

A.

Providing evidence that resources are performing as expected


B.

Verifying security costs do not exceed the budget


C.

Demonstrating risk is managed at the desired level


D.

Confirming the organization complies with security policies


Expert Solution
Questions # 57:

After a ransomware incident an organization ' s systems were restored. Which of the following should be of MOST concern to the information security manager?

Options:

A.

The service level agreement (SLA) was not met.


B.

The recovery time objective (RTO) was not met.


C.

The root cause was not identified.


D.

Notification to stakeholders was delayed.


Expert Solution
Questions # 58:

A business impact analysis (BIA) BEST enables an organization to establish:

Options:

A.

Total cost of ownership (TCO).


B.

Restoration priorities.


C.

Annualized loss expectancy (ALE).


D.

Recovery methods.


Expert Solution
Questions # 59:

An information security manager is concerned with continued security policy violations in a particular business unit despite recent efforts to rectify the situation. What is the BEST course of action?

Options:

A.

Enforce sanctions on the business unit.


B.

Revise the policy to accommodate the business unit.


C.

Report the business unit for policy noncompliance.


D.

Review the business unit’s function against the policy.


Expert Solution
Questions # 60:

Which of the following is MOST important to include in an information security strategy?

Options:

A.

Stakeholder requirements


B.

Risk register


C.

Industry benchmarks


D.

Regulatory requirements


Expert Solution
Viewing page 3 out of 17 pages
Viewing questions 41-60 out of questions