Isaca CISM Quiz 153 Topic 3 Questions 761-765

Question: 1

Which of the following should the information security manager do FIRST after a security incident has been reported?

AIdentify the scope and size of the affected environment.

BIdentify the possible source of attack.

CDetermine the degree of loss resulting from the incident.

DRetrieve the information needed to confirm the incident.

Show Answer

Question: 2

Which of the following is the FlRST step to promoting acceptable behavior with regard to information security throughout an organization?

AAutomate controls that enforce acceptable use.

BIncorporate information security standards into performance evaluations.

CRequire signed acknowledgment of acceptable use policies.

DConduct targeted acceptable use training for management and staff.

Show Answer

Question: 3

Which of the following is MOST important for an information security manager to consider when developing a new information security policy?

AOrganizational goals and objectives

BAlignment with industry standards

COrganizational culture and complexity

DInformation security budget allocation

Show Answer

Question: 4

Which of the following should an information security manager do FIRST when an organization plans to migrate all internally hosted applications to the cloud?

AAssess the risk associated with the cloud services.

BCreate an information security action plan.

CDetermine information security requirements for the cloud.

DDevelop key risk indicators (KRIs).

Show Answer

Question: 5

A business unit has updated its long-term business plan to include a strategy of upgrading information management system to increase productivity. To support this initiative, with the information security strategy?

Athe information security framework

BThe business strategy

CThe IT strategy

DIt risk assessment results

Show Answer

Isaca CISM Quiz:153 Topic:3 Questions:761-765