Isaca CISM Quiz 64 Topic 3 Questions 316-320

Question: 1

Which of the following BEST indicates the effectiveness of the vendor risk management process?

AIncrease in the percentage of vendors certified to a globally recognized security
standard

BIncrease in the percentage of vendors that have reported security breaches

CIncrease in the percentage of vendors conducting mandatory security training

DIncrease in the percentage of vendors with a completed due diligence review

Show Answer

Question: 2

What is the PRIMARY benefit of effective configuration management?

AReduced frequency of incidents

BImproved vulnerability management

CDecreased risk to the organization's systems

DStandardization of system support

Show Answer

Question: 3

A risk was identified during a risk assessment. The business process owner has chosen to accept the risk because the cost of remediation is greater than the projected cost of a worst-case scenario. What should be the information security manager's NEXT course of action?

AShutdown the business application.

BDetermine a lower-cost approach to remediation.

CDocument and escalate to senior management.

DDocument and schedule a date to revisit the issue.

Show Answer

Question: 4

For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?

AAmount of infection-related downtime

BNumber of virus infections detected

CAverage recovery time per incident

DNumber of downtime-related help desk calls

Show Answer

Question: 5

After a server has been attacked, which of the following is the BEST course of action?

AInitiate incident response.

BConduct a security audit.

CReview vulnerability assessment.

DIsolate the system.

Show Answer

Isaca CISM Quiz:64 Topic:3 Questions:316-320