Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 196

Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?

Options:

A.

Indemnification clause

B.

Breach detection and notification

C.

Compliance status reporting

D.

Physical access to service provider premises

Buy Now
Questions 197

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

A.

Update the risk register.

B.

Consult with the business owner.

C.

Restrict application network access temporarily.

D.

Include security requirements in the contract.

Buy Now
Questions 198

Which of the following is the BEST course of action when confidential information is inadvertently disseminated outside the organization?

Options:

A.

Review compliance requirements.

B.

Communicate the exposure.

C.

Declare an incident.

D.

Change the encryption keys.

Buy Now
Questions 199

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Options:

A.

service level agreements (SLAs)

B.

security requirements for the process being outsourced.

C.

risk-reporting methodologies.

D.

security metrics

Buy Now
Questions 200

An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the information security manager?

Options:

A.

Security requirements are included in the vendor contract

B.

External security audit results are reviewed.

C.

Service level agreements (SLAs) meet operational standards.

D.

Business continuity contingency planning is provided

Buy Now
Questions 201

Which of the following is the MOST critical consideration when shifting IT operations to an Infrastructure as a Service (laaS) model hosted in a foreign country?

Options:

A.

Labeling of data may help to ensure data is assigned to the correct cloud type.

B.

Laws and regulations of the origin country may not be applicable.

C.

There may be liabilities and penalties in the event of a security breach.

D.

Data may be stored in unknown locations and may not be easily retrievable.

Buy Now
Questions 202

The PRIMARY goal of a post-incident review should be to:

Options:

A.

establish the cost of the incident to the business.

B.

determine why the incident occurred.

C.

identify policy changes to prevent a recurrence.

D.

determine how to improve the incident handling process.

Buy Now
Questions 203

Which of the following should an information security manager do FIRST after discovering that a business unit has implemented a newly purchased application and bypassed the change management process?

Options:

A.

Revise the procurement process.

B.

Update the change management process.

C.

Discuss the issue with senior leadership.

D.

Remove the application from production.

Buy Now
Questions 204

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Buy Now
Questions 205

The business value of an information asset is derived from:

Options:

A.

the threat profile.

B.

its criticality.

C.

the risk assessment.

D.

its replacement cost.

Buy Now
Questions 206

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

Options:

A.

Service level agreement (SLA)

B.

Business continuity plan (BCP)

C.

Disaster recovery plan (DRP)

D.

Business impact analysis (BIA)

Buy Now
Questions 207

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Options:

A.

Integrate risk management into the vendor management process.

B.

Conduct security reviews on the services and solutions delivered.

C.

Review third-party contracts as part of the vendor management process.

D.

Perform an audit on vendors' security controls and practices.

Buy Now
Questions 208

A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the information security manager's PRIMARY focus in this situation?

Options:

A.

Establishing a strong ongoing risk monitoring process

B.

Presenting the risk profile for approval by the risk owner

C.

Conducting an independent review of risk responses

D.

Updating the information security standards to include the accepted risk

Buy Now
Questions 209

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

Options:

A.

Implementing automated vulnerability scanning in the help desk workflow

B.

Changing the default setting for all security incidents to the highest priority

C.

Integrating automated service level agreement (SLA) reporting into the help desk ticketing system

D.

Integrating incident response workflow into the help desk ticketing system

Buy Now
Questions 210

Which of the following is MOST important for the effective implementation of an information security governance program?

Options:

A.

Employees receive customized information security training

B.

The program budget is approved and monitored by senior management

C.

The program goals are communicated and understood by the organization.

D.

Information security roles and responsibilities are documented.

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 12, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6