Isaca CISM Quiz 55 Topic 1 Questions 271-275

Question: 1

Which of the following is the MOST important consideration in a bring your own device (BYOD) program to protect company data in the event of a loss?

AThe ability to classify types of devices

BThe ability to remotely locate devices

CThe ability to centrally manage devices

DThe ability to restrict unapproved applications

Show Answer

Question: 2

Which of the following provides the MOST useful information for identifying security control gaps on an application server?

AThreat models

BRisk assessments

CPenetration testing

DInternal audit reports

Show Answer

Question: 3

Which of the following is the MOST important reason for an organization to develop an information security governance program?

AEstablishment of accountability

BMonitoring of security incidents

CCreation of tactical solutions

DCompliance with audit requirements

Show Answer

Question: 4

An Tan security manager has been informed of a new vulnerability in an online banking application, and a patch to resolve this issue is expected to be released in the next 72 hours. Which of the following should the information security manager do FIRST?

APerform a business impact analysis (BIA).

BNotify senior management.

CImplement mitigating controls.

DPerform a risk assessment.

Show Answer

Question: 5

When defining and communicating roles and responsibilities between an organization and cloud service provider, which of the following situations would present the GREATEST risk to the organization's ability to ensure information risk is managed appropriately?

AThe service agreement results in unnecessary duplication of effort because shared responsibilities have not been clearly defined.

BThe organization and provider identified multiple information security responsibilities that neither party was planning to provide.

CThe service agreement uses a custom-developed RACI instead of an industry
standard RACI to document responsibilities.

DThe organization believes the provider accepted responsibility for issues affecting
security that the provider did not accept.

Show Answer

Isaca CISM Quiz:55 Topic:1 Questions:271-275