Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 7 out of 17 pages
Viewing questions 121-140 out of questions
Questions # 121:

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

Options:

A.

Business process owner


B.

Business continuity coordinator


C.

Senior management


D.

Information security manager


Expert Solution
Questions # 122:

Which of the following should an information security manager do FIRST after a new cybersecunty regulation has been introduced?

Options:

A.

Conduct a cost-benefit analysis.


B.

Consult corporate legal counsel


C.

Update the information security policy.


D.

Perform a gap analysis.


Expert Solution
Questions # 123:

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

Options:

A.

A validation of the current firewall rule set


B.

A port scan of the firewall from an internal source


C.

A ping test from an external source


D.

A simulated denial of service (DoS) attack against the firewall


Expert Solution
Questions # 124:

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

Options:

A.

Intrusion detection


B.

Log monitoring


C.

Patch management


D.

Antivirus software


Expert Solution
Questions # 125:

Which of the following is MOST important to the effectiveness of an information security program?

Options:

A.

Security metrics


B.

Organizational culture


C.

IT governance


D.

Risk management


Expert Solution
Questions # 126:

After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase of incident response was not successful?

Options:

A.

EradicationB Recovery


B.

Lessons learned review


C.

Incident declaration


Expert Solution
Questions # 127:

An organization has multiple data repositories across different departments. The information security manager has been tasked with creating an enterprise strategy for protecting data. Which of the following information security initiatives should be the HIGHEST priority for the organization?

Options:

A.

Data masking


B.

Data retention strategy


C.

Data encryption standards


D.

Data loss prevention (DLP)


Expert Solution
Questions # 128:

Which risk is introduced when using only sanitized data for the testing of applications?

Options:

A.

Data loss may occur during the testing phase.


B.

Data disclosure may occur during the migration event


C.

Unexpected outcomes may arise in production


D.

Breaches of compliance obligations will occur.


Expert Solution
Questions # 129:

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

Options:

A.

Frequent updates to the risk register


B.

Regularly scheduled security audits


C.

Frequent security architecture reviews


D.

Regularly scheduled risk assessments


Expert Solution
Questions # 130:

A penetration test against an organization ' s external web application shows several vulnerabilities. Which of the following presents the GREATEST concern?

Options:

A.

A rules of engagement form was not signed prior to the penetration test


B.

Vulnerabilities were not found by internal tests


C.

Vulnerabilities were caused by insufficient user acceptance testing (UAT)


D.

Exploit code for one of the vulnerabilities is publicly available


Expert Solution
Questions # 131:

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

Options:

A.

Training project managers on risk assessment


B.

Having the information security manager participate on the project steering committees


C.

Applying global security standards to the IT projects


D.

Integrating the risk assessment into the internal audit program


Expert Solution
Questions # 132:

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager ' s FIRST course of action?

Options:

A.

Identify the skill set of the provider ' s incident response team.


B.

Evaluate the provider ' s audit logging and monitoring controls.


C.

Review the provider’s incident definitions and notification criteria.


D.

Update the incident escalation process.


Expert Solution
Questions # 133:

The MOST important reason for an organization to establish a social media policy is to:

Options:

A.

Protect the company brand


B.

Increase employee productivity


C.

Monitor employee activity on the internet


D.

Prevent the spread of malware


Expert Solution
Questions # 134:

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Options:

A.

Initiate incident response.


B.

Disable remote


C.

Initiate a device reset.


D.

Conduct a risk assessment.


Expert Solution
Questions # 135:

An organization ' s main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

Options:

A.

The information security manager


B.

The data owner


C.

The application owner


D.

The security engineer


Expert Solution
Questions # 136:

Of the following, who is BEST positioned to approve specific information security risk treatment options?

Options:

A.

Risk owner


B.

Information security manager


C.

Head of risk management


D.

Senior management


Expert Solution
Questions # 137:

A forensic examination of a PC is required, but the PC has been switched off. Which of the following should be done FIRST?

Options:

A.

Perform a backup of the hard drive using backup utilities.


B.

Perform a bit-by-bit backup of the hard disk using a write-blocking device


C.

Perform a backup of the computer using the network


D.

Reboot the system using third-party forensic software in the CD-ROM drive


Expert Solution
Questions # 138:

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options:

A.

The total cost of the investment


B.

The cost and associated risk reduction


C.

The number and severity of ransomware incidents


D.

Benchmarks of industry peers impacted by ransomware


Expert Solution
Questions # 139:

When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?

Options:

A.

Gap analysis


B.

Project plans


C.

Vulnerability assessment


D.

Business impact analysis (BIA)


Expert Solution
Questions # 140:

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

Options:

A.

Determine security controls for the new service.


B.

Establish a compliance program,


C.

Perform a gap analysis against the current state


D.

Hire new resources to support the service.


Expert Solution
Viewing page 7 out of 17 pages
Viewing questions 121-140 out of questions