Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 226

Which of the following is MOST effective for communicating forward-looking trends within security reporting?

Options:

A.

Key control indicator (KCIs)

B.

Key risk indicators (KRIs)

C.

Key performance indicators (KPIs)

D.

Key goal indicators (KGIs)

Buy Now
Questions 227

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Options:

A.

Security risk assessment

B.

Security operations program

C.

Information security policy

D.

Business impact analysis (BIA)

Buy Now
Questions 228

Reverse lookups can be used to prevent successful:

Options:

A.

denial of service (DoS) attacks

B.

session hacking

C.

phishing attacks

D.

Internet protocol (IP) spoofing

Buy Now
Questions 229

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:

A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Buy Now
Questions 230

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Options:

A.

Patch management files

B.

Network system logs

C.

Configuration management files

D.

Intrusion detection system (IDS) logs

Buy Now
Questions 231

Which of the following is the MOST important requirement for a successful security program?

Options:

A.

Mapping security processes to baseline security standards

B.

Penetration testing on key systems

C.

Management decision on asset value

D.

Nondisclosure agreements (NDA) with employees

Buy Now
Questions 232

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

Options:

A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Buy Now
Questions 233

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:

A.

Maintaining a repository base of security policies

B.

Measuring impact of exploits on business processes

C.

Facilitating the monitoring of risk occurrences

D.

Redirecting event logs to an alternate location for business continuity plan

Buy Now
Questions 234

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

Options:

A.

External consultant

B.

Information owners

C.

Information security manager

D.

Business continuity coordinator

Buy Now
Questions 235

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

Options:

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Buy Now
Questions 236

Which of the following has the GREATEST influence on an organization's information security strategy?

Options:

A.

The organization's risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Buy Now
Questions 237

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:

A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Dec 4, 2024
Questions: 793

PDF + Testing Engine

$249
$99.6

Testing Engine

$225
$90

PDF (Q&A)

$199
$79.6