Isaca CISM Quiz 7 Topic 3 Questions 31-35

Question: 1

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

ADevelop a project plan to implement the strategy.

BReview alignment with business goals.

CObtain consensus on the strategy from the executive board.

DDefine organizational risk tolerance.

Show Answer

Question: 2

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the system?

ARemove all signs of the intrusion from the OS and application.

BRestore the OS, patches, and application from a backup.

CRestore the application and data from a forensic copy.

DInstall the OS, patches, and application from the original source.

Show Answer

Question: 3

When a critical system incident is reported, the FIRST step of the incident handler should be to:

Apower off the system.

Bnotify the appropriate parties.

Cdetermine the scope of the incident.

Dvalidate the incident.

Show Answer

Question: 4

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

AExamine firewall logs to identify the attacker.

BNotify the regulatory agency of the incident.

CImplement mitigating controls.

DEvaluate the impact to the business.

Show Answer

Question: 5

Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

AProviding information security policy training to the process owners

BIdentifying risks in the processes and managing those risks

CEnsuring that key controls are embedded in the processes

DAllocating sufficient resources

Show Answer

Isaca CISM Quiz:7 Topic:3 Questions:31-35