New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 4 Question 49 Discussion

Actual exam question for Isaca's CISM exam
Question #: 49
Topic #: 4
[All CISM Questions]

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Chaya at May 03, 2022, 08:15 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rosalia
4 months ago
Surprised that threat models aren't getting more love here!
upvoted 0 times
...
Dorsey
4 months ago
Internal audit reports can be useful too, though!
upvoted 0 times
...
Emelda
4 months ago
Wait, aren't penetration tests more effective for this?
upvoted 0 times
...
Hassie
4 months ago
Totally agree, they give a comprehensive view!
upvoted 0 times
...
Lacresha
5 months ago
I think risk assessments are key for identifying gaps.
upvoted 0 times
...
Devon
5 months ago
Threat models seem relevant, but I feel like penetration testing would give more direct evidence of vulnerabilities.
upvoted 0 times
...
Darrin
5 months ago
I remember practicing a question where risk assessments were highlighted as crucial for identifying security gaps. That might be the answer here.
upvoted 0 times
...
Malinda
5 months ago
I think internal audit reports might provide some insights, but I'm not sure if they're the most comprehensive for identifying gaps.
upvoted 0 times
...
Celestina
5 months ago
I’m a bit confused; I thought penetration testing was more about testing existing controls rather than identifying gaps. Maybe risk assessments are better?
upvoted 0 times
...
Cortney
5 months ago
Hmm, I'm a bit unsure about this one. The options seem to cover different aspects of managing an Oracle VM environment. I'll need to think through the purpose of priority and process cap % to figure out the right scenario.
upvoted 0 times
...
Margret
5 months ago
Okay, let me see. "Encryption and Key Management" sounds like it could be a control specification, but I think it's more likely a domain. I'll go with B.
upvoted 0 times
...
Reed
5 months ago
I think I can handle this one. I just need to figure out the right COUNTIFS function to use.
upvoted 0 times
...

Save Cancel