Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 6 out of 17 pages
Viewing questions 101-120 out of questions
Questions # 101:

Which of the following should be an information security manager ' s PRIMARY concern when an organization is expanding business to a new country?

Options:

A.

Compliance with local regulations


B.

Changes in IT infrastructure


C.

Cultural differences in the new country


D.

Ability to gather customer data


Expert Solution
Questions # 102:

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:

A.

Data is encrypted in transit and at rest at the vendor site.


B.

Data is subject to regular access log review.


C.

The vendor must be able to amend data.


D.

The vendor must agree to the organization ' s information security policy,


Expert Solution
Questions # 103:

An organization ' s quality process can BEST support security management by providing:

Options:

A.

security configuration controls.


B.

assurance that security requirements are met.


C.

guidance for security strategy.


D.

a repository for security systems documentation.


Expert Solution
Questions # 104:

Which is MOST important to identify when developing an effective information security strategy?

Options:

A.

Security awareness training needs


B.

Potential savings resulting from security governance


C.

Business assets to be secured


D.

Residual risk levels


Expert Solution
Questions # 105:

Which of the following would BEST enable senior management to integrate security into all organizational processes following an increase in cyberattacks on business applications?

Options:

A.

Updating process diagrams to align with organizational strategy


B.

Requiring developers to attend customized training on secure application development


C.

Providing security training to key stakeholders within each business area


D.

Establishing security policies that align with business objectives


Expert Solution
Questions # 106:

Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?

Options:

A.

Establishing risk metrics


B.

Training on risk management procedures


C.

Reporting on documented deficiencies


D.

Assigning a risk owner


Expert Solution
Questions # 107:

The MOST appropriate time to conduct a disaster recovery test would be after:

Options:

A.

major business processes have been redesigned.


B.

the business continuity plan (BCP) has been updated.


C.

the security risk profile has been reviewed


D.

noncompliance incidents have been filed.


Expert Solution
Questions # 108:

Which of the following would be MOST important to include in communications to customers impacted by an information security incident?

Options:

A.

Details of the type of data exposed


B.

Identities of the attackers


C.

Costs of the incident to the organization


D.

Technical information related to the incident


Expert Solution
Questions # 109:

Which of the following should be the PRIMARY focus of an organization with immature incident detection capabilities?

Options:

A.

Performing penetration testing


B.

Improving user awareness


C.

Installing new firewalls


D.

Updating security policies


Expert Solution
Questions # 110:

The PRIMARY goal of the eradication phase in an incident response process is to:

Options:

A.

maintain a strict chain of custody.


B.

provide effective triage and containment of the incident.


C.

remove the threat and restore affected systems


D.

obtain forensic evidence from the affected system.


Expert Solution
Questions # 111:

Application data integrity risk is MOST directly addressed by a design that includes:

Options:

A.

reconciliation routines such as checksums, hash totals, and record counts.


B.

strict application of an authorized data dictionary.


C.

application log requirements such as field-level audit trails and user activity logs.


D.

access control technologies such as role-based entitlements.


Expert Solution
Questions # 112:

Which of the following risks is an example of risk transfer?

Options:

A.

Utilizing third-party applications


B.

Moving risk ownership to another department


C.

Conducting off-site backups


D.

Purchasing cybersecurity insurance


Expert Solution
Questions # 113:

At what point should risk ownership be assigned?

Options:

A.

When the risk treatment plan is executed


B.

When asset ownership is assigned


C.

When the risk is identified


D.

When the related vulnerability is identified


Expert Solution
Questions # 114:

Which of the following should be the PRIMARY objective of the information security incident response process?

Options:

A.

Conducting incident triage


B.

Communicating with internal and external parties


C.

Minimizing negative impact to critical operations


D.

Classifying incidents


Expert Solution
Questions # 115:

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Options:

A.

Evaluate the results of business continuity testing.


B.

Review key performance indicators (KPIs).


C.

Evaluate the business impact of incidents.


D.

Engage business process owners.


Expert Solution
Questions # 116:

When defining a security baseline, it is MOST important that the baseline:

Options:

A.

can vary depending on the security classification of systems.


B.

is uniform for all assets of the same type.


C.

is developed based on stakeholder consensus.


D.

aligns to key risk indicators (KRIs).


Expert Solution
Questions # 117:

Senior management has expressed concern that the organization ' s intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Options:

A.

Increasing false negatives


B.

Decreasing false negatives


C.

Decreasing false positives


D.

Increasing false positives


Expert Solution
Questions # 118:

Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

Options:

A.

Allow temporary use of the site and monitor for data leakage


B.

Report the activity to senior management


C.

Conduct a risk assessment and develop an impact analysis


D.

Update the risk register and review the information security strategy


Expert Solution
Questions # 119:

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Options:

A.

The solution contributes to business strategy.


B.

The solution improves business risk tolerance levels.


C.

The solution improves business resiliency.


D.

The solution reduces the cost of noncompliance with regulations.


Expert Solution
Questions # 120:

Which of the following is the PRIMARY benefit of an information security awareness training program?

Options:

A.

Influencing human behavior


B.

Evaluating organizational security culture


C.

Defining risk accountability


D.

Enforcing security policy


Expert Solution
Viewing page 6 out of 17 pages
Viewing questions 101-120 out of questions