Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 46

Which of the following should be the MOST important consideration of business continuity management?

Options:
A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Isaca CISM Premium Access
Questions 47

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Options:
A.

Prevent the user from using personal mobile devices.

B.

Report the incident to the police.

C.

Wipe the device remotely.

D.

Remove user's access to corporate data.

Questions 48

Which of the following is the BEST reason for an organization to use Disaster Recovery as a Service (DRaaS)?

Options:
A.

It transfers the risk associated with recovery to a third party.

B.

It lowers the annual cost to the business.

C.

It eliminates the need to maintain offsite facilities.

D.

It eliminates the need for the business to perform testing.

Questions 49

A Seat a-hosting organization's data center houses servers, appli

BEST approach for developing a physical access control policy for the organization?

Options:
A.

Review customers’ security policies.

B.

Conduct a risk assessment to determine security risks and mitigating controls.

C.

Develop access control requirements for each system and application.

D.

Design single sign-on (SSO) or federated access.

Questions 50

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

Options:
A.

Employee training on ransomware

B.

A properly tested offline backup system

C.

A continual server replication process

D.

A properly configured firewall

Questions 51

A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating, ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment diagnostics. Which of the following should be the information security manager's FIRST course of action?

Options:
A.

Conduct a penetration test of the vendor.

B.

Review the vendor's technical security controls

C.

Review the vendor contract

D.

Disconnect the real-time access

Questions 52

When collecting admissible evidence, which of the following is the MOST important requirement?

Options:
A.

Need to know

B.

Preserving audit logs

C.

Due diligence

D.

Chain of custody

Questions 53

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Options:
A.

Multi-factor authentication

B.

Digital encryption

C.

Data masking

D.

Digital signatures

Questions 54

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Options:
A.

Purchase cyber insurance

B.

Encrypt sensitive production data

C.

Perform Integrity checks on backups

D.

Maintain multiple offline backups

Questions 55

Which of the following BEST facilitates an information security manager's efforts to obtain senior management commitment for an information security program?

Options:
A.

Presenting evidence of inherent risk

B.

Reporting the security maturity level

C.

Presenting compliance requirements

D.

Communicating the residual risk

Questions 56

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

Options:
A.

Impact on information security program

B.

Cost of controls

C.

Impact to business function

D.

Cost to replace

Questions 57

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Options:
A.

Determine operational losses.

B.

Improve the change control process.

C.

Update the threat landscape.

D.

Review the effectiveness of controls

Questions 58

What is the PRIMARY benefit to an organization when information security program requirements are aligned with employment and staffing processes?

Options:
A.

Security incident reporting procedures are followed.

B.

Security staff turnover is reduced.

C.

Information assets are classified appropriately.

D.

Access is granted based on task requirements.

Questions 59

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

Options:
A.

normal network behavior and using it as a baseline lor measuring abnormal activity

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections

C.

abnormal network behavior and using it as a baseline for measuring normal activity

D.

attack pattern signatures from historical data

Questions 60

An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Options:
A.

Include security requirements in the contract

B.

Assess security controls.

C.

Perform a risk assessment

D.

Review data architecture.

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.