Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 5 out of 17 pages
Viewing questions 81-100 out of questions
Questions # 81:

Which of the following parties should be responsible for determining access levels to an application that processes client information?

Options:

A.

The business client


B.

The information security tear


C.

The identity and access management team


D.

Business unit management


Expert Solution
Questions # 82:

An incident response policy should include:

Options:

A.

A description of testing methodology.


B.

Notification requirements.


C.

An infrastructure diagram.


D.

Recovery time objectives (RTOs).


Expert Solution
Questions # 83:

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:

A.

Determine whether the organization can benefit from adopting the new standard.


B.

Obtain legal counsel ' s opinion on the standard ' s applicability to regulations,


C.

Perform a risk assessment on the new technology.


D.

Review industry specialists’ analyses of the new standard.


Expert Solution
Questions # 84:

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:

A.

Organizational standards are included in awareness training.


B.

Organizational standards are enforced by technical controls.


C.

Organizational standards are required to be formally accepted.


D.

Organizational standards are documented in operational procedures.


Expert Solution
Questions # 85:

Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?

Options:

A.

Restore affected systems for normal operations.


B.

Mitigate exploited vulnerabilities to stop future incidents.


C.

Estimate the amount of damage caused by the incident.


D.

Isolate affected systems to prevent further damage


Expert Solution
Questions # 86:

A global organization is considering its geopolitical security risks. Which of the following is the information security manager ' s BEST approach?

Options:

A.

Seek advice from environmental and physical security experts


B.

Implement a third-party risk management framework


C.

Implement controls that deny access from specific jurisdictions


D.

Seek advice from enterprise risk and legal experts


Expert Solution
Questions # 87:

Which of the following BEST facilitates the development of a comprehensive information security policy?

Options:

A.

Alignment with an established information security framework


B.

An established internal audit program


C.

Security key performance indicators (KPIs)


D.

Areview of recent information security incidents


Expert Solution
Questions # 88:

Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

Options:

A.

Escalation processes


B.

Technological capabilities


C.

Recovery time objective (RTO)


D.

Security audit reports


Expert Solution
Questions # 89:

An organization ' s disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the following is the BEST way to ensure the plan can be carried out in an emergency?

Options:

A.

Store disaster recovery documentation in a public cloud.


B.

Maintain an outsourced contact center in another country.


C.

Require disaster recovery documentation be stored with all key decision makers.


D.

Provide annual disaster recovery training to appropriate staff.


Expert Solution
Questions # 90:

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options:

A.

cannot encrypt attachments


B.

cannot interoperate across product domains.


C.

has an insufficient key length.


D.

has no key-recovery mechanism.


Expert Solution
Questions # 91:

Meeting which of the following security objectives BEST ensures that information is protected against unauthorized disclosure?

Options:

A.

Integrity


B.

Authenticity


C.

Confidentiality


D.

Nonrepudiation


Expert Solution
Questions # 92:

Which of the following is PRIMARILY determined by asset classification?

Options:

A.

Insurance coverage required for assets


B.

Level of protection required for assets


C.

Priority for asset replacement


D.

Replacement cost of assets


Expert Solution
Questions # 93:

Which of the following is the MOST important factor in successfully implementing Zero Trust?

Options:

A.

Preferring networks that have undergone penetration testing


B.

Focusing on logging and monitoring of user behavior


C.

Authenticating and authorizing strategic points of the architecture


D.

Understanding each component of the network


Expert Solution
Questions # 94:

In which cloud model does the cloud service buyer assume the MOST security responsibility?

Options:

A.

Disaster Recovery as a Service (DRaaS)


B.

Infrastructure as a Service (laaS)


C.

Platform as a Service (PaaS)


D.

Software as a Service (SaaS)


Expert Solution
Questions # 95:

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?

Options:

A.

Focus on addressing conflicts between security and performance.


B.

Collaborate with business and IT functions in determining controls.


C.

Include information security requirements in the change control process.


D.

Obtain assistance from IT to implement automated security cantrals.


Expert Solution
Questions # 96:

Following an employee security awareness training program, what should be the expected outcome?

Options:

A.

A decrease in the number of viruses detected in incoming emails


B.

A decrease in reported social engineering attacks


C.

An increase in reported social engineering attempts


D.

An increase in user-reported false positive incidents


Expert Solution
Questions # 97:

Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?

Options:

A.

Data protection regulations


B.

Data storage limitations


C.

Business requirements


D.

Type and nature of data


Expert Solution
Questions # 98:

Which of the following is MOST important when designing security controls for new cloud-based services?

Options:

A.

Evaluating different types of deployment models according to the associated risks


B.

Understanding the business and IT strategy for moving resources to the cloud


C.

Defining an incident response policy to protect data moving between onsite and cloud applications


D.

Performing a business impact analysis (BIA) to gather information needed to develop recovery strategies


Expert Solution
Questions # 99:

Which of the following should be the PRIMARY goal of information security?

Options:

A.

Information management


B.

Regulatory compliance


C.

Data governance


D.

Business alignment


Expert Solution
Questions # 100:

Which of the following is an information security manager ' s MOST important course of action after receiving information about a new cybersecurity threat?

Options:

A.

Assess the impact of the new threat on the organization in the event of materialization.


B.

Update correlation rules for log monitoring to detect the possible emerging threat.


C.

Report the threat to senior management immediately to enable an informed decision.


D.

Review the enterprise architecture (EA) for vulnerabilities exploited by the threat.


Expert Solution
Viewing page 5 out of 17 pages
Viewing questions 81-100 out of questions