Isaca CISM Quiz 251 Topic 1 Questions 1251-1255

Question: 1

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST

Atransfer risk to a third party to avoid cost of impact

Brecommend that management avoids the business activity

Cimplement controls to mitigate the risk to an acceptable level

Dassess the gap between current and acceptable level of risk

Show Answer

Question: 2

An application system stores customer confidential data and encryption is not practical. The BEST measure to protect against data disclosure is:

Anondisclosure agreements (NDA).

Bsingle sign-on.

Cmulti-factor access controls.

Dregular review of access logs.

Show Answer

Question: 3

Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability to.

Asocial engineering.

Bphishing.

Cbrute force attacks.

Ddenial of service.

Show Answer

Question: 4

What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?

AMetrics of key information security deliverables

BA list of monitored threats, risks and exposures

CDrafts of proposed policy changes

DUpdates on information security projects in development

Show Answer

Question: 5

An information security manager learns of a new international standard related to information security. Which of the following would be the BEST course of action?

AReview industry peers responses to the new standard.

BConsult with legal counsel on the standard's applicability to regulations

CDetermine whether the organization can benefit from adopting the new standard.

DPerform a gap analysis between the new standard and existing practices.

Show Answer

Isaca CISM Quiz:251 Topic:1 Questions:1251-1255