Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the Isaca Isaca Certification CISM Questions and answers with CertsForce

Viewing page 9 out of 17 pages
Viewing questions 161-180 out of questions
Questions # 161:

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training


B.

Defining security strategies to support organizational programs


C.

Ensuring adequate support for solutions using emerging technologies


D.

Advising senior management on optimal levels of risk appetite and tolerance


Expert Solution
Questions # 162:

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:

A.

Prevent the user from using personal mobile devices.


B.

Report the incident to the police.


C.

Wipe the device remotely.


D.

Remove user ' s access to corporate data.


Expert Solution
Questions # 163:

What should be an information security manager ' s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

Options:

A.

Define the issues to be addressed.


B.

Perform a cost-benefit analysis.


C.

Calculate the total cost of ownership (TCO).


D.

Conduct a feasibility study.


Expert Solution
Questions # 164:

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

Options:

A.

To enforce security policy requirements


B.

To maintain business asset inventories


C.

To ensure audit and compliance requirements are met


D.

To ensure the availability of business operations


Expert Solution
Questions # 165:

Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?

Options:

A.

Conducting periodic vulnerability assessments


B.

Communicating business impact analysis (BIA) results


C.

Establishing effective stakeholder relationships


D.

Defining the organization ' s risk management framework


Expert Solution
Questions # 166:

Which of the following BEST illustrates residual risk within an organization?

Options:

A.

Heat map


B.

Risk management framework


C.

Business impact analysis (BIA)


D.

Balanced scorecard


Expert Solution
Questions # 167:

From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often

Options:

A.

website transactions and taxation.


B.

software patches and corporate date.


C.

encryption tools and personal data.


D.

lack of competition and free trade.


Expert Solution
Questions # 168:

Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?

Options:

A.

It identifies appropriate follow-up work to address shortcomings in the plan.


B.

It allows for greater participation and planning from the business side.


C.

It helps in assessing the availability of compatible backup hardware.


D.

It provides a low-cost method of assessing the BCP ' s completeness.


Expert Solution
Questions # 169:

Information security controls should be designed PRIMARILY based on:

Options:

A.

a business impact analysis (BIA).


B.

regulatory requirements.


C.

business risk scenarios,


D.

a vulnerability assessment.


Expert Solution
Questions # 170:

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

Options:

A.

Place the web server in quarantine.


B.

Rebuild the server from the last verified backup.


C.

Shut down the server in an organized manner.


D.

Rebuild the server with relevant patches from the original media.


Expert Solution
Questions # 171:

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Options:

A.

Root cause analysis


B.

Post-incident review


C.

Chain of custody


D.

Incident logging


Expert Solution
Questions # 172:

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Perform a gap analysis based on the current state


B.

Create a roadmap to identify security baselines and controls.


C.

Identify key stakeholders to champion information security.


D.

Determine acceptable levels of information security risk.


Expert Solution
Questions # 173:

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

Options:

A.

Management support and approval has been obtained.


B.

The incident response team has the appropriate training.


C.

An incident response maturity assessment has been conducted.


D.

A reputable managed security services provider has been engaged.


Expert Solution
Questions # 174:

Which of the following should be the FIRST step in developing an information security strategy?

Options:

A.

Determine acceptable levels of information security risk


B.

Create a roadmap to identify security baselines and controls


C.

Perform a gap analysis based on the current state


D.

Identify key stakeholders to champion information security


Expert Solution
Questions # 175:

Which of the following should be done FIRST to prioritize response to incidents?

Options:

A.

Containment


B.

Escalation


C.

Analysis


D.

Triage


Expert Solution
Questions # 176:

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:

A.

enhance the organization ' s antivirus controls.


B.

eliminate the risk of data loss.


C.

complement the organization ' s detective controls.


D.

reduce the need for a security awareness program.


Expert Solution
Questions # 177:

An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?

Options:

A.

Assemble the incident response team to evaluate the incidents


B.

Initiate the crisis communication plan to notify stakeholders of the incidents


C.

Engage external incident response consultants to conduct an independent investigation


D.

Prioritize the incidents based on data classification standards


Expert Solution
Questions # 178:

Which of the following would be MOST helpful when creating information security policies?

Options:

A.

The information security framework


B.

Business impact analysis (BIA)


C.

Information security metrics


D.

Risk assessment results


Expert Solution
Questions # 179:

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Options:

A.

Increase in the percentage of vendors certified to a globally recognized security standard


B.

Increase in the percentage of vendors with a completed due diligence review


C.

Increase in the percentage of vendors conducting mandatory security training


D.

Increase in the percentage of vendors that have reported security breaches


Expert Solution
Questions # 180:

A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?

Options:

A.

Implement compensating controls.


B.

Analyze the identified risk.


C.

Prepare a risk mitigation plan.


D.

Add the risk to the risk register.


Expert Solution
Viewing page 9 out of 17 pages
Viewing questions 161-180 out of questions