Isaca CISM Quiz 298 Topic 2 Questions 1486-1490

Question: 1

Which of the following is the MOST significant advantage of developing a well-defined information security strategy?

ASupport for buy-in from organizational employees

BPrevention of deviations from risk tolerance thresholds

CAllocation of resources to highest priorities

DIncreased maturity of incident response processes

Show Answer

Question: 2

An information security manager has discovered that a business unit is planning on implementing a new

application and has not engaged anyone from the information security department. Which of the following is

the BEST course of action?

ABlock the application from going into production.

BDiscuss the issue with senior leadership.

CRecommend involvement with the change manager.

DReview and update the change management process

Show Answer

Question: 3

Which of the following is MOST important to have in place to effectively manage security incidents that could potentially escalate to disasters?

AAlignment of incident management activities with business continuity and disaster recovery plans

BSenior management commitment to funding the disaster recovery program

CWell-defined disaster recovery time and recovery point objectives (RTOs and RPOs)

DAn incident response team with a clear understanding of their roles and responsibilities

Show Answer

Question: 4

An information security manager has noticed a large number of security policy exceptions have been approved by business unit leaders. Which of the following would be the BEST course of action to address this situation?

AProvide security awareness training to business unit leaders more frequently.

BEnsure that business unit leaders are aware of the relevant risk.

CReport the exceptions as a security incident.

DRevise the security policy to accommodate the exceptions

Show Answer

Question: 5

An information security team has been tasked with identifying confidential data within the organization to formalize its asset classification scheme. The MOST relevant input would be provided by:

Athe chief information officer (CIO),

Bthe legal department.

Cdatabase administrators (DBAs).

Dbusiness process owners.

Show Answer

Isaca CISM Quiz:298 Topic:2 Questions:1486-1490