Isaca CISM Quiz 95 Topic 1 Questions 471-475

Question: 1

Which of the following should be PRIMARILY included in a security training program for business process owners?

AApplication recovery time

BImpact of security risks

CApplication vulnerabilities

DList of security incidents reported

Show Answer

Question: 2

Which of the following MOST effectively prevents internal users from modifying sensitive data?

ANetwork segmentation

BRole-based access controls

CMulti-factor authentication -

DAcceptable use policies

Show Answer

Question: 3

A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

Aremain unchanged to avoid variations across the organization

Bbe updated to address emerging threats and vulnerabilities.

Cbe changed for different subsets of the systems to minimize impact,

Dnot deviate from industry best practice baselines.

Show Answer

Question: 4

Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Ahas a clearly defined charier and meeting protocols.

Bincludes a mix of members from all levels of management.

Cconducts frequent reviews of the security policy.

Dhas established relationships with external professionals.

Show Answer

Question: 5

An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month,

though no systems have actually been compromised. Which of the following should the information security manager do FIRST?

AReport the increase in hacking attempts to senior management.

BValidate the events identified by the IPS.

CAdd more resources to monitor IPS alerts.

DAssess the risk associated with the hacking attempts.

Show Answer

Isaca CISM Quiz:95 Topic:1 Questions:471-475