New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Isaca CISM Practice Exam with Questions & Answers | Set: 13

Questions 181

Which of the following is the PRIMARY benefit of an information security awareness training program?

Options:
A.

Influencing human behavior

B.

Evaluating organizational security culture

C.

Defining risk accountability

D.

Enforcing security policy

Isaca CISM Premium Access
Questions 182

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Options:
A.

Incorporating lessons learned

B.

Implementing an IT resilience solution

C.

Implementing management reviews

D.

Documenting critical business processes

Questions 183

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Options:
A.

Manage business process changes.

B.

Update business impact analyses (BIAs) on a regular basis.

C.

Conduct periodic testing.

D.

Review and update emergency contact lists.

Questions 184

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

Options:
A.

Authority of the subscriber to approve access to its data

B.

Right of the subscriber to conduct onsite audits of the vendor

C.

Commingling of subscribers' data on the same physical server

D.

Escrow of software code with conditions for code release

Questions 185

Which of the following is MOST important to the effectiveness of an information security steering committee?

Options:
A.

The committee has strong regulatory knowledge.

B.

The committee is comprised of representatives from senior management.

C.

The committee has cross-organizational representation.

D.

The committee uses a risk management framework.

Questions 186

Which of the following is MOST important to maintain integration among the incident response plan, business continuity plan (BCP). and disaster recovery plan (DRP)?

Options:
A.

Asset classification

B.

Recovery time objectives (RTOs)

C.

Chain of custody

D.

Escalation procedures

Questions 187

After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?

Options:
A.

Calculating cost of the incident

B.

Conducting a postmortem assessment

C.

Performing an impact analysis

D.

Preserving the evidence

Questions 188

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

Options:
A.

Provide end-user training.

B.

Escalate to senior management.

C.

Continue to enforce the policy.

D.

Conduct a business impact analysis (BIA).

Questions 189

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Options:
A.

Report the risk associated with the policy breach.

B.

Enforce the security configuration and require the change to be reverted.

C.

Implement compensating controls to address the risk.

D.

Implement a privileged access management system.

Questions 190

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:
A.

The information security manager

B.

The data custodian

C.

Internal IT audit

D.

The data owner

Questions 191

An organization has acquired a new system with strict maintenance instructions and schedules. Where should this information be documented?

Options:
A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Questions 192

Which of the following should be done FIRST when implementing a security program?

Options:
A.

Perform a risk analysis

B.

Implement data encryption.

C.

Create an information asset inventory.

D.

Determine the value of information assets.

Questions 193

A newly appointed information security manager has been asked to update all security-related policies and procedures that have been static for five years or more. What should be done NEXT?

Options:
A.

Gain an understanding of the current business direction.

B.

Perform a risk assessment of the current IT environment.

C.

Inventory and review current security policies.

D.

Update in accordance with the best business practices.

Questions 194

Which of the following metrics BEST demonstrates the effectiveness of an organization's security awareness program?

Options:
A.

Number of security incidents reported to the help desk

B.

Percentage of employees who regularly attend security training

C.

Percentage of employee computers and devices infected with malware

D.

Number of phishing emails viewed by end users

Questions 195

Which of the following BEST indicates the organizational benefit of an information security solution?

Options:
A.

Cost savings the solution brings to the information security department

B.

Reduced security training requirements

C.

Alignment to security threats and risks

D.

Costs and benefits of the solution calculated over time

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.