New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Top Tips for Passing the Isaca CISM Exam on Your First Try

Questions 106

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

Options:
A.

Formalizing a security strategy and program

B.

Developing an awareness program for staff

C.

Ensuring current documentation of security processes

D.

Establishing processes within the security operations team

Isaca CISM Premium Access
Questions 107

When properly implemented, secure transmission protocols protect transactions:

Options:
A.

from eavesdropping.

B.

from denial of service (DoS) attacks.

C.

on the client desktop.

D.

in the server's database.

Questions 108

The BEST way to identify the risk associated with a social engineering attack is to:

Options:
A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Questions 109

Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Options:
A.

Providing ongoing training to the incident response team

B.

Implementing proactive systems monitoring

C.

Implementing a honeypot environment

D.

Updating information security awareness materials

Questions 110

Which of the following activities MUST be performed by an information security manager for change requests?

Options:
A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Questions 111

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Options:
A.

Compatibility with legacy systems

B.

Application of corporate hardening standards

C.

Integration with existing access controls

D.

Unknown vulnerabilities

Questions 112

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

Options:
A.

Risk assessment

B.

Business impact analysis (BIA)

C.

Vulnerability assessment

D.

Industry best practices

Questions 113

The effectiveness of an information security governance framework will BEST be enhanced if:

Options:
A.

consultants review the information security governance framework.

B.

a culture of legal and regulatory compliance is promoted by management.

C.

risk management is built into operational and strategic activities.

D.

IS auditors are empowered to evaluate governance activities

Questions 114

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Options:
A.

Defining information stewardship roles

B.

Defining security asset categorization

C.

Assigning information asset ownership

D.

Developing a records retention schedule

Questions 115

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:
A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Questions 116

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.

Before relying on this certification, it is MOST important that the information security manager confirms that the:

Options:
A.

current international standard was used to assess security processes.

B.

certification will remain current through the life of the contract.

C.

certification scope is relevant to the service being offered.

D.

certification can be extended to cover the client's business.

Questions 117

Which of the following BEST facilitates effective incident response testing?

Options:
A.

Including all business units in testing

B.

Simulating realistic test scenarios

C.

Reviewing test results quarterly

D.

Testing after major business changes

Questions 118

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Options:
A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Questions 119

Which of the following is MOST important for building 4 robust information security culture within an organization?

Options:
A.

Mature information security awareness training across the organization

B.

Strict enforcement of employee compliance with organizational security policies

C.

Security controls embedded within the development and operation of the IT environment

D.

Senior management approval of information security policies

Questions 120

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Options:
A.

Data is encrypted in transit and at rest at the vendor site.

B.

Data is subject to regular access log review.

C.

The vendor must be able to amend data.

D.

The vendor must agree to the organization's information security policy,

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.