Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 151

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

Options:

A.

consistent security.

B.

comprehensive audits

C.

a security-aware culture

D.

compliance with policy

Buy Now
Questions 152

Which of the following is the MOST important issue in a penetration test?

Options:

A.

Having an independent group perform the test

B.

Obtaining permission from audit

C.

Performing the test without the benefit of any insider knowledge

D.

Having a defined goal as well as success and failure criteria

Buy Now
Questions 153

Which of the following is the BEST control to protect customer personal information that is stored in the cloud?

Options:

A.

Timely deletion of digital records

B.

Appropriate data anonymization

C.

Strong encryption methods

D.

Strong physical access controls

Buy Now
Questions 154

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

Options:

A.

Increase in false positives

B.

Increase in false negatives

C.

Decrease in false negatives

D.

Decrease in false positives

Buy Now
Questions 155

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

Options:

A.

analysis of current threat landscape.

B.

historical data of reported incidents.

C.

projected return on investment (ROI).

D.

industry benchmarking gap analysis.

Buy Now
Questions 156

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Options:

A.

The third party does not have an independent assessment of controls available for review.

B.

The third party has not provided evidence of compliance with local regulations where data is generated.

C.

The third-party contract does not include an indemnity clause for compensation in the event of a breach.

D.

The third party's service level agreement (SLA) does not include guarantees of uptime.

Buy Now
Questions 157

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Options:

A.

Employees use smartphone tethering when accessing from remote locations.

B.

Employees physically lock PCs when leaving the immediate area.

C.

Employees are trained on the acceptable use policy.

D.

Employees use the VPN when accessing the organization's online resources.

Buy Now
Questions 158

A new application has entered the production environment with deficient technical security controls. Which of the following is MOST Likely the root cause?

Options:

A.

Inadequate incident response controls

B.

Lack of legal review

C.

Inadequate change control

D.

Lack of quality control

Buy Now
Questions 159

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Options:

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Buy Now
Questions 160

Which of the following is the MOST effective way to detect security incidents?

Options:

A.

Analyze recent security risk assessments.

B.

Analyze security anomalies.

C.

Analyze penetration test results.

D.

Analyze vulnerability assessments.

Buy Now
Questions 161

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

Options:

A.

Provide end-user training.

B.

Escalate to senior management.

C.

Continue to enforce the policy.

D.

Conduct a business impact analysis (BIA).

Buy Now
Questions 162

Which of the following is the BEST way to enhance training for incident response teams?

Options:

A.

Perform post-incident reviews.

B.

Establish incident key performance indicators (KPIs).

C.

Conduct interviews with organizational units.

D.

Participate in emergency response activities.

Buy Now
Questions 163

An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

Options:

A.

Information security threat profile

B.

Information security policy

C.

Information security objectives

D.

Information security strategy

Buy Now
Questions 164

Which of the following provides the BEST evidence that a recently established infofmation security program is effective?

Options:

A.

The number of reported incidents has increased

B.

Regular IT balanced scorecards are communicated.

C.

Senior management has reported fewer junk emails.

D.

The number of tickets associated with IT incidents have stayed consistent

Buy Now
Questions 165

Which of the following is ESSENTIAL to ensuring effective incident response?

Options:

A.

Business continuity plan (BCP)

B.

Cost-benefit analysis

C.

Classification scheme

D.

Senior management support

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 14, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6