Isaca CISM Quiz 315 Topic 1 Questions 1571-1575

Question: 1

Which of the following is the BEST methodology to manage access nghts?

AMandatory access control

BZero trust model

CTwo-factor authentication

DDiscretionary access control

Show Answer

Question: 2

A senior executive asks the information security manager to bypass the organization's Internet traffic filters due to a business need.

Which of the following should be the information security manager's NEXT course of action?

ADeny the request as noncompliant with policy

BAccept the request immediately based on the business criticality.

CNotify the IT network manager and make an approval decision jointly.

DDocument the risk and mark for future review.

Show Answer

Question: 3

An organization must meet rigorous breach reporting standards in order to comply with regulatory requirements. Which of the following

is the BEST way to minimize the organization's financial exposure if a service provider experiences a breach?

AInclude the reporting requirements in the provider contract.

BRequire the provider to comply with organization's information security policy.

CReview the reporting requirements and processes contained in the provider's policies.

DVerify the provider has automated reporting processes in place.

Show Answer

Question: 4

Which of the following is the MOST important consideration when designing a disaster recovery test?

AThe test fully recovers the storage infrastructure

BThe test assesses the adequacy of network redundancy.

CThe test includes the recovery time objectives (RTOs).

DThe test addresses critical business functions.

Show Answer

Question: 5

Which of the following is the MOST efficient tool for identifying advanced persistent threats (APTs)?

ASecurity incident and event management (SIEM) tool

BWeb application firewall

CIntrusion detection system (IDS)

DInternet gateway filter

Show Answer

Isaca CISM Quiz:315 Topic:1 Questions:1571-1575