Isaca CISM Quiz 138 Topic 3 Questions 686-690

Question: 1

An information security manager has identified numerous violations of security policy which prohibits text messaging from personal devices to conduct official business following is the MOST effective way to reduce the number of violations?

AReport violations to senior management.

BProvide awareness training to end users.

CRequire management approval for policy exceptions.

DImplement a mobile device management (MDM) solution.

Show Answer

Question: 2

What is the BEST way for an information security manager to maintain continuous insight into the effectiveness of the organization's information security program?

AEstablish information security metrics.

BDevelop timely information security risk reporting.

CConduct quarterly penetration testing.

DSolicit feedback from end users

Show Answer

Question: 3

Which of the following measures BEST indicates an improvement in the information security program to stakeholders?

AA downward trend in reported security incidents

BAn increase in awareness training quiz pass rates

CA decrease in click rates during phishing simulations

DA reduction in reported viruses

Show Answer

Question: 4

Which of the following would be the BEST course of action to address a privileged user's unauthorized modifications to a security application?

AEnforce the security configuration and require the change to be reverted.

BReport the risk associated with the policy breach.

CImplement compensating controls to address the risk.

DUpdate the applicable security configuration to accommodate the modification

Show Answer

Question: 5

Which of the following should be the FIRST course of action when it becomes apparent that the recovery time objective (RTO) will not be met during incident response

AEscalate the emergency status rating.

BRequest additional financial recovery resources.

CNotify the risk management team.
D Modify the RTO as needed

Show Answer

Isaca CISM Quiz:138 Topic:3 Questions:686-690