Isaca CISM Quiz 24 Topic 1 Questions 116-120

Question: 1

An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?

AAssess the extent of the issue.

BInitiate contract renegotiation.

CNotify senior management of the issue.

DReport the issue to legal personnel.

Show Answer

Question: 2

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

AGuidelines

BAutomated controls

CStandards

DSecurity policies

Show Answer

Question: 3

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Aservice level agreements (SLAs).

Bsecurity metrics.

Crisk-reporting methodologies.

Dsecurity requirements for the process being outsourced.

Show Answer

Question: 4

Deciding the level of protection a particular asset should be given is BEST determined by:

Aa threat assessment.

Bthe corporate risk appetite.

Ca risk analysis.

Da vulnerability assessment.

Show Answer

Question: 5

Which of the following is the MOST relevant information to include in an information security risk report to facilitate senior management's understanding of impact to the organization?

ADetailed assessment of the security risk profile

BRisks inherent in new security technologies

CStatus of identified key security risks

DFindings from recent penetration testing

Show Answer

Isaca CISM Quiz:24 Topic:1 Questions:116-120