Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 76

Who is BEST suited to determine how the information in a database should be classified?

Options:
A.

Database analyst

B.

Database administrator (DBA)

C.

Information security analyst

D.

Data owner

Isaca CISM Premium Access
Questions 77

Which of the following is the BEST course of action for an information security manager to align security and business goals?

Options:
A.

Conducting a business impact analysis (BIA)

B.

Reviewing the business strategy

C.

Defining key performance indicators (KPIs)

D.

Actively engaging with stakeholders

Questions 78

Of the following, who is in the BEST position to evaluate business impacts?

Options:
A.

Senior management

B.

Information security manager

C.

IT manager

D.

Process manager

Questions 79

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Options:
A.

Internal security audit

B.

External security audit

C.

Organizational risk appetite

D.

Business impact analysis (BIA)

Questions 80

Security administration efforts will be greatly reduced following the deployment of which of the following techniques?

Options:
A.

Discretionary access control

B.

Role-based access control

C.

Access control lists

D.

Distributed access control

Questions 81

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?

Options:
A.

Evaluate privacy technologies required for data protection.

B.

Encrypt all personal data stored on systems and networks.

C.

Update disciplinary processes to address privacy violations.

D.

Create an inventory of systems where personal data is stored.

Questions 82

Which of the following is the FIRST step to establishing an effective information security program?

Options:
A.

Conduct a compliance review.

B.

Assign accountability.

C.

Perform a business impact analysis (BIA).

D.

Create a business case.

Questions 83

When developing an asset classification program, which of the following steps should be completed FIRST?

Options:
A.

Categorize each asset.

B.

Create an inventory. &

C.

Create a business case for a digital rights management tool.

D.

Implement a data loss prevention (OLP) system.

Questions 84

Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?

Options:
A.

Security policy

B.

Risk management framework

C.

Risk appetite

D.

Security standards

Questions 85

Which of the following would BEST ensure that security is integrated during application development?

Options:
A.

Employing global security standards during development processes

B.

Providing training on secure development practices to programmers

C.

Performing application security testing during acceptance testing

D.

Introducing security requirements during the initiation phase

Questions 86

Which of the following is the BEST evidence of alignment between corporate and information security governance?

Options:
A.

Security key performance indicators (KPIs)

B.

Project resource optimization

C.

Regular security policy reviews

D.

Senior management sponsorship

Questions 87

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

Options:
A.

Revise the policy.

B.

Perform a root cause analysis.

C.

Conduct a risk assessment,

D.

Communicate the acceptable use policy.

Questions 88

Which of the following is the BEST approach for governing noncompliance with security requirements?

Options:
A.

Base mandatory review and exception approvals on residual risk,

B.

Require users to acknowledge the acceptable use policy.

C.

Require the steering committee to review exception requests.

D.

Base mandatory review and exception approvals on inherent risk.

Questions 89

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

Options:
A.

Conduct an impact assessment.

B.

Isolate the affected systems.

C.

Rebuild the affected systems.

D.

Initiate incident response.

Questions 90

Which of the following provides the BEST assurance that security policies are applied across business operations?

Options:
A.

Organizational standards are included in awareness training.

B.

Organizational standards are enforced by technical controls.

C.

Organizational standards are required to be formally accepted.

D.

Organizational standards are documented in operational procedures.

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.