Isaca CISM Quiz 6 Topic 1 Questions 26-30

Question: 1

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

AThe individual who manages the process supported by the application.

BThe individual responsible for providing support for the application.

CThe individual who has the most privileges within the application

DThe individual who manages users of the application

Show Answer

Question: 2

Which of the following is the BEST justification for making a revision to a password policy?

AAudit recommendation

BIndustry best practice

CA risk assessment

DVendor recommendation

Show Answer

Question: 3

An organization's HR department requires that employee account privileges be removed from all corporate IT systems within three days of termination to comply with a government regulation. However, the systems all have different user directories, and it currently takes up to four weeks to remove the privileges. Which of the following would BEST enable regulatory compliance?

AGovernance, risk, and compliance (GRC) system

BPrivileged access management (PAM) system

CMulti-factor authentication (MFA) system

DIdentity and access management (1AM) system

Show Answer

Question: 4

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?

AEstablish a capability maturity model.

BPerform a skills gap analysis.

CDevelop a training plan.

DConduct a risk assessment.

Show Answer

Question: 5

Which of the following is the MOST important output from a post-incident review?

ARevised business impact analysis (BIA)

BCompilation of incident-related costs

CRepository of digital forensic artifacts

DDocumentation of lessons learned

Show Answer

Isaca CISM Quiz:6 Topic:1 Questions:26-30