Isaca CISM Quiz 27 Topic 3 Questions 131-135

Question: 1

Which of the following is the MOST effective approach for determining whether an organization's information security program supports the information security strategy?

ADevelop key performance indicators (KPIs) of information security.

BEnsure resources meet information security program needs.

CIdentify gaps impacting information security strategy.

DAudit the information security program to identify deficiencies.

Show Answer

Question: 2

The GREATEST benefit resulting from well-documented information security procedures is that they:

Aprovide a basis for auditing security practices.

Bfacilitate security training of new staff.

Censure processes can be followed by temporary staff.

Densure that security policies are consistently applied.

Show Answer

Question: 3

Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents?

ATo facilitate the classification of an organization's IT assets

BTo streamline the risk analysis process

CTo prioritize available incident response resources

DTo facilitate root cause analysis of incidents

Show Answer

Question: 4

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

AProviding information security training to third-party personnel

BIncluding information security clauses within contracts

CRequiring third parties to sign confidentiality agreements

DAuditing the service delivery of third-party providers

Show Answer

Question: 5

The PRIMARY goal of a post-incident review should be to:

Adetermine how to improve the incident handling process.

Bidentify policy changes to prevent a recurrence

Cestablish the cost of the incident to the business.

Ddetermine why the incident occurred.

Show Answer

Isaca CISM Quiz:27 Topic:3 Questions:131-135