Isaca CISM Quiz 226 Topic 2 Questions 1126-1130

Question: 1

Which of the following should be an information security managers FIRST course of action following a decision to implement a new technology?

ADetermine security controls needed to support the new technology.

BPerform a business impact analysis (BIA) on the new technology.

CDetermine whether the new technology will comply with regulatory requirements.

DPerform a return-on-investment (R01) analysis for the new technology.

Show Answer

Question: 2

Which of the following is MOST important when establishing a successful information security governance framework?

ADeveloping an Information security strategy

BIdentifying information security risk scenarios

CSelecting information security steering committee members

DDetermining balanced scorecard metrics for information security

Show Answer

Question: 3

Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?

AAssess the noncompliance risk.

BNotify the affected business units.

CEvaluate the changes with legal counsel.

DInform senior management of the new regulation.

Show Answer

Question: 4

What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?

ADetermine the impact of the breach.

BEngage an audit of the provider's data center.

CApply remediation actions to counteract the breach.

DRecommend canceling the outsourcing contract.

Show Answer

Question: 5

Vulnerability scanning has detected a critical risk in a vital business application. Which of the following should the information security manager do FIRST?

AReport the business risk to senior management.

BConfirm the risk with the business owner.

CCreate an emergency change request

DUpdate the risk register.

Show Answer

Isaca CISM Quiz:226 Topic:2 Questions:1126-1130