Isaca CISM Quiz 45 Topic 1 Questions 221-225

Question: 1

Which of the following should be an information security manager's.

MOST important consideration when determining if an information asset has been classified appropriately?

ASecurity policy requirements

BLevel of protection

CValue to the business

DOwnership of information

Show Answer

Question: 2

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?

ADetermine the cost to remediate the noncompliance.

BAssess the business impact to the organization,

CPresent the noncompliance risk to senior management.

DInvestigate alternative options to remediate the noncompliance.

Show Answer

Question: 3

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

AConfiguration management

BRisk management

CChange management

DAccess control management

Show Answer

Question: 4

In a multinational organization, local security regulations should be implemented over global security policy because:

Arequirements of local regulations take precedence

Bbusiness objectives are defined by local business unit managers.

Cdeploying awareness of local regulations is more practical than of global policy

Dglobal security policies include unnecessary controls for local businesses.

Show Answer

Question: 5

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

APerform a cost-benefit analysis.

BCalculate the total cost of ownership (TCO).

CConduct a feasibility study,

DDefine the issues to be addressed.

Show Answer

Isaca CISM Quiz:45 Topic:1 Questions:221-225