Free Isaca CISM Exam Dumps and CISM Exam Questions

Question No: 21

MultipleChoice

Which of the following is the MAJOR advantage of conducting a post-incident review? The review:

Options

Ahelps identify current and desired level of risk.

Bfacilitates reporting on actions taken during the incident process.

Chelps develop business cases for security monitoring tools.

Dprovides continuous process improvement.

Question No: 22

MultipleChoice

The security baselines of an organization should be based on:

Options

Apolicies.

Bprocedures.

Cguidelines.

Dstandards.

Question No: 23

MultipleChoice

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

Options

ABenchmarks of industry peers impacted by ransomware

BThe cost and associated risk reduction

CThe total cost of the investment

DThe number and severity of ransomware incidents

Question No: 24

MultipleChoice

An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:

Options

Athe business strategy includes exceptions to the encryption standard.

Bthe implementation supports the business strategy.

Cdata can be recovered if the encryption keys are misplaced.

Da classification policy has been developed to incorporate the need for encryption.

Question No: 25

MultipleChoice

During the response to a serious security breach, who is the BEST organizational staff member to communicate with external entities?

Options

AThe incident response team leader

BThe resource specified in the incident response plan

CA dedicated public relations spokesperson

DThe resource designated by senior management

Question No: 26

MultipleChoice

Which of the following should be the PRIMARY outcome of an information security program?

Options

AThreat reduction

BStrategic alignment

CCost reduction

DRisk elimination

Question No: 27

MultipleChoice

Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

Options

ARatio of successful to unsuccessful tests

BNumber of published application-recovery plans

CRatio of recovery-plan documents to total applications

DRatio of tested applications to total applications

Question No: 28

MultipleChoice

Which of the following is MOST likely to be included in an enterprise information security policy?

Options

APassword composition requirements

BConsequences of noncompliance

CAudit trail review requirements

DSecurity monitoring strategy

Question No: 29

MultipleChoice

Which of the following would present the GREATEST need to revise information security poll'

Options

AImplementation of a new firewall

BAn increase in reported incidents

CA merger with a competing company

DChanges in standards and procedures

Question No: 30

MultipleChoice

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FWST step?

Options

ABenchmark the processes with best practice to identify gaps.

BIdentify information security risk associated with the processes

CAssess the business objectives of the processes

DEvaluate the cost of information security integration

Free Isaca CISM Exam Dumps - Page 3