Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 91

Which of the following is MOST critical when creating an incident response plan?

Options:
A.

Identifying vulnerable data assets

B.

Identifying what constitutes an incident

C.

Documenting incident notification and escalation processes

D.

Aligning with the risk assessment process

Isaca CISM Premium Access
Questions 92

Which of the following is the MOST important reason to ensure information security is aligned with the organization's strategy?

Options:
A.

To identify the organization's risk tolerance

B.

To improve security processes

C.

To align security roles and responsibilities

D.

To optimize security risk management

Questions 93

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Options:
A.

Walk-through of the incident response plan

B.

Black box penetration test

C.

Simulated phishing exercise

D.

Red team exercise

Questions 94

Management decisions concerning information security investments will be MOST effective when they are based on:

Options:
A.

a process for identifying and analyzing threats and vulnerabilities.

B.

an annual loss expectancy (ALE) determined from the history of security events,

C.

the reporting of consistent and periodic assessments of risks.

D.

the formalized acceptance of risk analysis by management,

Questions 95

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Options:
A.

Including service level agreements (SLAs) in vendor contracts

B.

Establishing communication paths with vendors

C.

Requiring security awareness training for vendor staff

D.

Performing integration testing with vendor systems

Questions 96

An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?

Options:
A.

Determine which country's information security regulations will be used.

B.

Merge the two existing information security programs.

C.

Apply the existing information security program to the acquired company.

D.

Evaluate the information security laws that apply to the acquired company.

Questions 97

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Options:
A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Questions 98

Which of the following is PRIMARILY determined by asset classification?

Options:
A.

Insurance coverage required for assets

B.

Level of protection required for assets

C.

Priority for asset replacement

D.

Replacement cost of assets

Questions 99

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Options:
A.

enhance the organization's antivirus controls.

B.

eliminate the risk of data loss.

C.

complement the organization's detective controls.

D.

reduce the need for a security awareness program.

Questions 100

Which of the following will have the GREATEST influence on the successful adoption of an information security governance program?

Options:
A.

Security policies

B.

Control effectiveness

C.

Security management processes

D.

Organizational culture

Questions 101

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Options:
A.

Security risk analysis

B.

Gap assessment

C.

Maturity assessment

D.

Vulnerability scan report

Questions 102

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Options:
A.

Disaster recovery plan (DRP)

B.

Incident response plan

C.

Business continuity plan (BCP)

D.

Business contingency plan

Questions 103

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

Options:
A.

Determine whether the organization can benefit from adopting the new standard.

B.

Obtain legal counsel's opinion on the standard's applicability to regulations,

C.

Perform a risk assessment on the new technology.

D.

Review industry specialists’ analyses of the new standard.

Questions 104

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Options:
A.

Instruct the vendor to conduct penetration testing.

B.

Suspend the connection to the application in the firewall

C.

Report the situation to the business owner of the application.

D.

Initiate the organization's incident response process.

Questions 105

An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?

Options:
A.

Risk levels may be elevated beyond acceptable limits.

B.

Security audits may report more high-risk findings.

C.

The compensating controls may not be cost efficient.

D.

Noncompliance with industry best practices may result.

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.