New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Isaca CISM Practice Exam with Questions & Answers | Set: 15

Questions 211

Which of the following is the BEST justification for making a revision to a password policy?

Options:
A.

Vendor recommendation

B.

Audit recommendation

C.

A risk assessment

D.

Industry best practice

Isaca CISM Premium Access
Questions 212

After a server has been attacked, which of the following is the BEST course of action?

Options:
A.

Initiate incident response.

B.

Review vulnerability assessment.

C.

Conduct a security audit.

D.

Isolate the system.

Questions 213

A security incident has been reported within an organization. When should an information security manager contact the information owner?

Options:
A.

After the incident has been contained

B.

After the incident has been mitigated

C.

After the incident has been confirmed

D.

After the potential incident has been logged

Questions 214

Which of the following factors would have the MOST significant impact on an organization's information security governance mode?

Options:
A.

Outsourced processes

B.

Security budget

C.

Number of employees

D.

Corporate culture

Questions 215

Which of the following should be the GREATEST concern for an information security manager when an annual audit reveals the organization's business continuity plan (BCP) has not been reviewed or updated in more than a year?

Options:
A.

An outdated BCP may result in less efficient recovery if an actual incident occurs.

B.

The organization may suffer reputational damage for not following industry best practices.

C.

The audit finding may impact the overall risk rating of the organization.

D.

The lack of updates to the BCP may result in noncompliance with internal policies.

Questions 216

Which of the following BEST facilitates the reporting of useful information about the effectiveness of the information security program?

Options:
A.

Risk heat map.

B.

Security benchmark report.

C.

Security metrics dashboard.

D.

Key risk indicators (KRIs).

Questions 217

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Options:
A.

Disaster recovery plan (DRP)

B.

Incident notification plan

C.

Risk response scenarios

D.

Security procedures

Questions 218

Which of the following should be the NEXT step after a security incident has been reported?

Options:
A.

Recovery

B.

Investigation

C.

Escalation

D.

Containment

Questions 219

An organization has identified a large volume of old data that appears to be unused. Which of the following should the information

security manager do NEXT?

Options:
A.

Consult the record retention policy.

B.

Update the awareness and training program.

C.

Implement media sanitization procedures.

D.

Consult the backup and recovery policy.

Questions 220

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

Options:
A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Questions 221

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Options:
A.

Increase in the percentage of vendors certified to a globally recognized security standard

B.

Increase in the percentage of vendors with a completed due diligence review

C.

Increase in the percentage of vendors conducting mandatory security training

D.

Increase in the percentage of vendors that have reported security breaches

Questions 222

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

Options:
A.

Internal IT audit

B.

The data custodian

C.

The information security manager

D.

The data owner

Questions 223

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Options:
A.

Calculate the return on investment (ROI).

B.

Provide security awareness training to HR.

C.

Benchmark the processes with best practice to identify gaps.

D.

Assess the business objectives of the processes.

Questions 224

When developing an information security strategy for an organization, which of the following is MOST helpful for understanding where to focus efforts?

Options:
A.

Gap analysis

B.

Project plans

C.

Vulnerability assessment

D.

Business impact analysis (BIA)

Questions 225

A security incident has been reported within an organization When should an information security manager contact the information owner?

Options:
A.

After the incident has been mitigated

B.

After the incident has been confirmed.

C.

After the potential incident has been togged

D.

After the incident has been contained

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.