Isaca CISM Quiz 17 Topic 3 Questions 81-85

Question: 1

Which of the following should be the PRIMARY driver for selecting and implementing appropriate controls to address the risk associated with weal user passwords?

AThe cost of risk mitigation controls

BThe organization's risk tolerance

CThe organization's culture

DDirection from senior management

Show Answer

Question: 2

The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?

AThe CISO reports to the CIO.

BThere was a lack of engagement with the business during development.

CThe strategy does not include a cost-benefit analysis.

DThe strategy does not comply with security standards.

Show Answer

Question: 3

Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?

AOpen-source reconnaissance

BIncident response experts from highly regarded peer organizations

CDisaster recovery consultants widely endorsed in industry forums

DRecognized threat intelligence communities

Show Answer

Question: 4

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged.

Which of the following is the BEST automated control to resolve this issue?

AIntegrating automated service level agreement (SLA) reporting into the help desk ticketing system

BIntegrating incident response workflow into the help desk ticketing system

CImplementing automated vulnerability scanning in the help desk workflow

DChanging the default setting for all security incidents to the highest priority

Show Answer

Question: 5

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?

AConduct benchmarking.

BDetermine the disruption to the business.

CPerform a gap analysis.

DNotify the legal department.

Show Answer

Isaca CISM Quiz:17 Topic:3 Questions:81-85