Isaca CISM Quiz 29 Topic 3 Questions 141-145

Question: 1

An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?

AEnable activity logging.

BDevelop an incident response plan.

CInstall biometric access control.

DDefine data retention criteria.lag

Show Answer

Question: 2

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

AKey performance indicators (KPIs)

BBusiness impact analysis (BIA) results

CIndustry benchmarks

DRisk assessment results

Show Answer

Question: 3

To set security expectations across the enterprise, it is MOST important

for the information security policy to be regularly reviewed and endorsed by:

Asenior management.

Bsecurity administrators.

Cthe chief information security officer (CISQ).

Dthe IT steering committee.

Show Answer

Question: 4

It is MOST important for an information security manager to ensure that security risk assessments are performed:

Aduring a root cause analysis

Bconsistently throughout the enterprise.

Cas part of the security business case.

Din response to the threat landscape.

Show Answer

Question: 5

Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?

ANotify legal and internal audit of the noncompliant legacy application.

BDevelop a business case for funding remediation efforts.

CAdvise senior management to accept the risk of noncompliance.

DAssess the consequences of noncompliance against the cost of remediation.

Show Answer

Isaca CISM Quiz:29 Topic:3 Questions:141-145