New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 5 Question 26 Discussion

Actual exam question for Isaca's CISM exam
Question #: 26
Topic #: 5
[All CISM Questions]

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the

following should be the information security manager's FIRST course of action?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Raul at May 06, 2022, 06:26 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Marilynn
4 months ago
D feels too extreme, we should handle it internally first.
upvoted 0 times
...
Lenna
4 months ago
Surprised the patches weren't installed at all! How did that happen?
upvoted 0 times
...
Dorthy
4 months ago
C seems like a good move too, get the committee involved.
upvoted 0 times
...
Paulina
4 months ago
I think A is better, we need a plan first.
upvoted 0 times
...
Cory
5 months ago
Definitely B, the app owner needs to know the risks!
upvoted 0 times
...
Tayna
5 months ago
Reporting to the steering committee sounds like a good idea, but I wonder if that’s too far down the line. I think we should first communicate with the application owner, so option B seems right.
upvoted 0 times
...
Jonell
5 months ago
I feel like determining mitigation options with IT management is crucial, but it might not be the first thing to do. I lean towards option B, but I could be wrong.
upvoted 0 times
...
Martina
5 months ago
I'm not entirely sure, but I think we practiced a similar scenario where escalation was key. Maybe option D could be the right choice if the risk is severe enough?
upvoted 0 times
...
Tijuana
5 months ago
I remember discussing the importance of communication in risk management. I think option B might be the best first step to ensure the application owner understands the risks involved.
upvoted 0 times
...
Gene
5 months ago
Okay, I think I know the answer to this. The key is understanding that test analysis and design involve extracting information from the test basis, which can uncover defects.
upvoted 0 times
...
Margarita
5 months ago
I think this might be related to encryption, but I'm not entirely sure since it sounds like it could also be some sort of obfuscation.
upvoted 0 times
...
Antione
5 months ago
I feel pretty good about this one. The key is to maximize the camera's view of the people entering the store. That means it should be facing the entrance, either at eye level (B) or directly above (C). I'd probably go with B since that seems a bit more reliable.
upvoted 0 times
...
Noel
5 months ago
Wasn't there a practice question that mentioned spontaneous changes disrupting generalization? I'm really unsure if normalization is the right term here either.
upvoted 0 times
...

Save Cancel