Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 61

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:

A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Buy Now
Questions 62

Which of the following is MOST critical when creating an incident response plan?

Options:

A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Decumenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Buy Now
Questions 63

Which of the following is a desired outcome of information security governance?

Options:

A.

Penetration test

B.

Improved risk management

C.

Business agility

D.

A maturity model

Buy Now
Questions 64

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Options:

A.

Integrate information security risk assessments into the procurement process.

B.

Provide regular information security training to the procurement team.

C.

Invite IT members into regular procurement team meetings to influence best practice.

D.

Enforce the right to audit in procurement contracts with SaaS vendors.

Buy Now
Questions 65

An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:

Options:

A.

the chief risk officer (CRO).

B.

business senior management.

C.

the information security manager.

D.

the compliance officer.

Buy Now
Questions 66

Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?

Options:

A.

Capability maturity model

B.

Vulnerability assessment

C.

IT security risk and exposure

D.

Business impact analysis (BIA)

Buy Now
Questions 67

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:

A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Buy Now
Questions 68

Which of the following BEST ensures timely and reliable access to services?

Options:

A.

Nonrepudiation

B.

Authenticity

C.

Availability

D.

Recovery time objective (RTO)

Buy Now
Questions 69

Which of the following is the responsibility of a risk owner?

Options:

A.

Performing risk assessments to direct risk response

B.

Determining the organization's risk appetite

C.

Ensuring control effectiveness is monitored

D.

Implementing controls to mitigate the risk

Buy Now
Questions 70

When developing a business case to justify an information security investment, which of the following would BEST enable an informed decision by senior management?

Options:

A.

The information security strategy

B.

Losses due to security incidents

C.

The results of a risk assessment

D.

Security investment trends in the industry

Buy Now
Questions 71

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

Options:

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Buy Now
Questions 72

Which of the following should be the PRIMARY basis for an information security strategy?

Options:

A.

The organization's vision and mission

B.

Results of a comprehensive gap analysis

C.

Information security policies

D.

Audit and regulatory requirements

Buy Now
Questions 73

Which of the following BEST demonstrates the added value of an information security program?

Options:

A.

Security baselines

B.

A gap analysis

C.

A SWOT analysis

D.

A balanced scorecard

Buy Now
Questions 74

What is the PRIMARY benefit to an organization that maintains an information security governance framework?

Options:

A.

Resources are prioritized to maximize return on investment (ROI)

B.

Information security guidelines are communicated across the enterprise_

C.

The organization remains compliant with regulatory requirements.

D.

Business risks are managed to an acceptable level.

Buy Now
Questions 75

Which of the following has the GREATEST influence on an organization's information security strategy?

Options:

A.

The organization's risk tolerance

B.

The organizational structure

C.

Industry security standards

D.

Information security awareness

Buy Now