Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 4 out of 17 pages
Viewing questions 61-80 out of questions
Questions # 61:

How would the information security program BEST support the adoption of emerging technologies?

Options:

A.

Conducting a control assessment


B.

Developing an emerging technology roadmap


C.

Providing effective risk governance


D.

Developing an acceptable use policy


Expert Solution
Questions # 62:

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Options:

A.

Impact on information security program


B.

Cost of controls


C.

Impact to business function


D.

Cost to replace


Expert Solution
Questions # 63:

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:

A.

a process for identifying and analyzing threats and vulnerabilities.


B.

an annual loss expectancy (ALE) determined from the history of security events,


C.

the reporting of consistent and periodic assessments of risks.


D.

the formalized acceptance of risk analysis by management,


Expert Solution
Questions # 64:

Which of the following should be an information security manager ' s FIRST course of action when a potential business breach is discovered in a critical business system?

Options:

A.

Implement mitigating actions immediately.


B.

Invoke the incident response plan.


C.

Inform senior management of the breach.


D.

Validate the breach.


Expert Solution
Questions # 65:

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

Options:

A.

The information security manager


B.

The service provider that hosts the data


C.

The incident response team


D.

The business data owner


Expert Solution
Questions # 66:

The manager of a key project has bypassed the standard contractor onboarding process to acquire additional resources for delivering the project on time. Contracts were executed offline, and contractors were provided organizational access without going through the standard due diligence process. Which of the following should be the PRIMARY concern?

Options:

A.

The contractors may inappropriately outsource the business functions to fourth-party suppliers


B.

There are insufficient contractual requirements in place to govern third-party arrangements


C.

The project may be delayed further if the incident is reported


D.

The contractors may not operate in line with industry benchmarks


Expert Solution
Questions # 67:

Which of the following is the FIRST step in developing a business continuity plan (BCP)?

Options:

A.

Determine the business recovery strategy


B.

Determine available resources.


C.

Identify the applications with the shortest recovery time objectives (RTOs).


D.

Identify critical business processes.


Expert Solution
Questions # 68:

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Options:

A.

Developing an information security policy based on risk assessments


B.

Establishing an information security steering committee


C.

Documenting the information security governance framework


D.

Implementing an information security awareness program


Expert Solution
Questions # 69:

Which of the following is MOST appropriate to communicate to senior management regarding information risk?

Options:

A.

Emerging security technologies


B.

Risk profile changes


C.

Defined risk appetite


D.

Vulnerability scanning progress


Expert Solution
Questions # 70:

When collecting admissible evidence, which of the following is the MOST important requirement?

Options:

A.

Need to know


B.

Preserving audit logs


C.

Due diligence


D.

Chain of custody


Expert Solution
Questions # 71:

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Options:

A.

Temporarily suspend wire transfers for the organization.


B.

Provide awareness training to the CEO for this type of phishing attack.


C.

Provide awareness training to staff responsible for wire transfers.


D.

Disable emails for staff responsible for wire transfers.


Expert Solution
Questions # 72:

Which of the following should have the MOST influence on an organization ' s response to a new industry regulation?

Options:

A.

The organization ' s control objectives


B.

The organization ' s risk management framework


C.

The organization ' s risk appetite


D.

The organization ' s risk control baselines


Expert Solution
Questions # 73:

An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?

Options:

A.

Scan the entire application using a vulnerability scanning tool.


B.

Run the application from a high-privileged account on a test system.


C.

Perform security code reviews on the entire application.


D.

Monitor Internet traffic for sensitive information leakage.


Expert Solution
Questions # 74:

For which of the following is it MOST important that system administrators be restricted to read-only access?

Options:

A.

User access log files


B.

Administrator user profiles


C.

Administrator log files


D.

System logging options


Expert Solution
Questions # 75:

Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?

Options:

A.

To validate the incident


B.

To review network configurations


C.

To validate the payload signature


D.

To devise the incident response strategy


Expert Solution
Questions # 76:

Which of the following should be the PRIMARY basis for the development of a business case to obtain support for an information security project?

Options:

A.

Budgetary requirements


B.

Feasibility study


C.

Enterprise architecture (EA)


D.

Risk tolerance levels


Expert Solution
Questions # 77:

An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?

Options:

A.

Conduct a risk assessment.


B.

Communicate the changes to stakeholders.


C.

Update the organization ' s risk register.


D.

Develop a policy exception process.


Expert Solution
Questions # 78:

An organization would like to invest in a new emerging technology. Which of the following is MOST important for the information security manager to consider when evaluating its impact?

Options:

A.

Secure configuration


B.

Vulnerabilities in the technology


C.

Systems compatibility


D.

Industry peer reviews of the technology


Expert Solution
Questions # 79:

An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager ' s BEST course of action?

Options:

A.

Report the findings to senior management with recommendations.


B.

Implement a phishing reporting tool in the email system.


C.

Include regular phishing campaigns after each training session.


D.

Make the training program mandatory for all employees.


Expert Solution
Questions # 80:

Which of the following BEST helps to ensure risk appetite is considered during the risk treatment process?

Options:

A.

Formalized risk management framework


B.

Organization-wide risk awareness and training programs


C.

Use of a quantitative risk measurement approach


D.

Automated monitoring of key risk indicators (KRIs)


Expert Solution
Viewing page 4 out of 17 pages
Viewing questions 61-80 out of questions