Isaca CISM Quiz 15 Topic 3 Questions 71-75

Question: 1

The BEST indication of a change in risk that may negatively impact an organization is an increase

Asecurity incidents reported by staff to the information security team.

Balerts triggered by the security information and event management (SIEM) solution.

Cevents logged by the intrusion detection system (IDS).

Dmalware infections detected by the organization's anti-virus software.

Show Answer

Question: 2

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator's account?

AApply the latest patch programs to the production operating systems.

BImplement controls for continuous monitoring of middleware transactions.

CSet up an agent to run a virus-scanning program across platforms.

DEnsure that proper controls exist for code review and release management.

Show Answer

Question: 3

A measure of the effectiveness of the incident response capabilities of an organization is the:

Areduction of the annual loss expectancy (ALE).

Btime to closure of incidents.

Cnumber of employees receiving incident response training.

Dnumber of incidents detected.

Show Answer

Question: 4

Which of the following is MOST important for an organization to have in place to determine the effectiveness of information security governance?

AKey risk indicators (KRIs)

BSecurity strategy

CProgram metrics

DRisk register

Show Answer

Question: 5

The PRIMARY purpose of an information security governance framework is to ensure that the information security strategy is an extension of:

Ainformation technology strategies.

Borganizational strategies.

Capproved business cases.

Dformal enterprise architecture.

Show Answer

Isaca CISM Quiz:15 Topic:3 Questions:71-75