New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 136

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Options:
A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Isaca CISM Premium Access
Questions 137

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

Options:
A.

Number of blocked intrusion attempts

B.

Number of business cases reviewed by senior management

C.

Trends in the number of identified threats to the business

D.

Percentage of controls integrated into business processes

Questions 138

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

Options:
A.

Recommend canceling the outsourcing contract.

B.

Request an independent review of the provider's data center.

C.

Notify affected customers of the data breach.

D.

Determine the extent of the impact to the organization.

Questions 139

An online bank identifies a successful network attack in progress. The bank should FIRST:

Options:
A.

isolate the affected network segment.

B.

report the root cause to the board of directors.

C.

assess whether personally identifiable information (Pll) is compromised.

D.

shut down the entire network.

Questions 140

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

Options:
A.

Definition of when a disaster should be declared

B.

Requirements for regularly testing backups

C.

Recovery time objectives (RTOs)

D.

The disaster recovery communication plan

Questions 141

Network isolation techniques are immediately implemented after a security breach to:

Options:
A.

preserve evidence as required for forensics

B.

reduce the extent of further damage.

C.

allow time for key stakeholder decision making.

D.

enforce zero trust architecture principles.

Questions 142

Which is the BEST method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Options:
A.

Parallel test

B.

Full interruption test

C.

Simulation test

D.

Tabletop test

Questions 143

Which of the following BEST indicates that information assets are classified accurately?

Options:
A.

Appropriate prioritization of information risk treatment

B.

Increased compliance with information security policy

C.

Appropriate assignment of information asset owners

D.

An accurate and complete information asset catalog

Questions 144

An organization needs to comply with new security incident response requirements. Which of the following should the information security manager do FIRST?

Options:
A.

Create a business case for a new incident response plan.

B.

Revise the existing incident response plan.

C.

Conduct a gap analysis.

D.

Assess the impact to the budget,

Questions 145

Which of the following should be the MOST important consideration when establishing information security policies for an organization?

Options:
A.

Job descriptions include requirements to read security policies.

B.

The policies are updated annually.

C.

Senior management supports the policies.

D.

The policies are aligned to industry best practices.

Questions 146

Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

Options:
A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Questions 147

Which of the following will result in the MOST accurate controls assessment?

Options:
A.

Mature change management processes

B.

Senior management support

C.

Well-defined security policies

D.

Unannounced testing

Questions 148

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security.

Which of the following should be given immediate focus?

Options:
A.

Moving to a zero trust access model

B.

Enabling network-level authentication

C.

Enhancing cyber response capability

D.

Strengthening endpoint security

Questions 149

Which of the following would be MOST useful to a newly hired information security manager who has been tasked with developing and implementing an information security strategy?

Options:
A.

The capabilities and expertise of the information security team

B.

The organization's mission statement and roadmap

C.

A prior successful information security strategy

D.

The organization's information technology (IT) strategy

Questions 150

Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?

Options:
A.

Perform a risk assessment.

B.

Reduce security hardening settings.

C.

Inform business management of the risk.

D.

Document a security exception.

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.