New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Isaca CISM Practice Exam with Questions & Answers | Set: 5

Questions 61

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Options:
A.

the organization has the required funds to implement the plan.

B.

compliance with legal and regulatory requirements.

C.

staff participation in information security efforts.

D.

the plan aligns with corporate governance.

Isaca CISM Premium Access
Questions 62

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

Options:
A.

Inform senior management

B.

Re-evaluate the risk

C.

Implement compensating controls

D.

Ask the business owner for the new remediation plan

Questions 63

An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?

Options:
A.

Wipe and reset the endpoint device.

B.

Isolate the endpoint device.

C.

Power off the endpoint device.

D.

Run a virus scan on the endpoint device.

Questions 64

To help ensure that an information security training program is MOST effective its contents should be

Options:
A.

focused on information security policy.

B.

aligned to business processes

C.

based on employees' roles

D.

based on recent incidents

Questions 65

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Options:
A.

Maintaining a repository base of security policies

B.

Measuring impact of exploits on business processes

C.

Facilitating the monitoring of risk occurrences

D.

Redirecting event logs to an alternate location for business continuity plan

Questions 66

To support effective risk decision making, which of the following is MOST important to have in place?

Options:
A.

Established risk domains

B.

Risk reporting procedures

C.

An audit committee consisting of mid-level management

D.

Well-defined and approved controls

Questions 67

Which of the following is the BEST indication of effective information security governance?

Options:
A.

Information security is considered the responsibility of the entire information security team.

B.

Information security controls are assigned to risk owners.

C.

Information security is integrated into corporate governance.

D.

Information security governance is based on an external security framework.

Questions 68

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

Options:
A.

increasing budget and staffing levels for the incident response team.

B.

implementing an intrusion detection system (IDS).

C.

revalidating and mitigating risks to an acceptable level.

D.

testing the business continuity plan (BCP).

Questions 69

Which of the following BEST enables an organization to transform its culture to support information security?

Options:
A.

Periodic compliance audits

B.

Strong management support

C.

Robust technical security controls

D.

Incentives for security incident reporting

Questions 70

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Options:
A.

Existence of a right-to-audit clause

B.

Results of the provider's business continuity tests

C.

Technical capabilities of the provider

D.

Existence of the provider's incident response plan

Questions 71

Which of the following is MOST important to convey to employees in building a security risk-aware culture?

Options:
A.

Personal information requires different security controls than sensitive information.

B.

Employee access should be based on the principle of least privilege.

C.

Understanding an information asset's value is critical to risk management.

D.

The responsibility for security rests with all employees.

Questions 72

Which of the following has The GREATEST positive impact on The ability to execute a disaster recovery plan (DRP)?

Options:
A.

Storing the plan at an offsite location

B.

Communicating the plan to all stakeholders

C.

Updating the plan periodically

D.

Conducting a walk-through of the plan

Questions 73

Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?

Options:
A.

Enhanced security monitoring and reporting

B.

Reduced control complexity

C.

Enhanced threat detection capability

D.

Reduction of organizational risk

Questions 74

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Options:
A.

Security risk assessment

B.

Security operations program

C.

Information security policy

D.

Business impact analysis (BIA)

Questions 75

An incident management team is alerted ta a suspected security event. Before classifying the suspected event as a security incident, it is MOST important for the security manager to:

Options:
A.

notify the business process owner.

B.

follow the business continuity plan (BCP).

C.

conduct an incident forensic analysis.

D.

follow the incident response plan.

Isaca Related Exams

How to pass Isaca CISA - Certified Information Systems Auditor Exam
How to pass Isaca CRISC - Certified in Risk and Information Systems Control Exam
How to pass Isaca CGEIT - Certified in the Governance of Enterprise IT Exam Exam
How to pass Isaca COBIT5 - COBIT 5 Foundation Exam Exam
How to pass Isaca CDPSE - Certified Data Privacy Solutions Engineer Exam
How to pass Isaca COBIT-2019 - COBIT 2019 Foundation Exam
How to pass Isaca NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam

Isaca Free Exams

Isaca Free Exams
Examstrack offers comprehensive free resources and practice tests for Isaca exams.