Isaca CISM Quiz 176 Topic 3 Questions 876-880

Question: 1

A new mobile application is unable to adhere to the organization's authentication policy. Which of the following would be the information security manager's BEST course of action?

AProvide the estimated return on investment (ROI).

BProvide an analysis of current risk exposures.

CInclude industry benchmarking comparisons.

DInclude historical data of reported incidents.

Show Answer

Question: 2

The PRIMARY objective for using threat modeling in web application development should be to:

Adetermine if penetration testing is necessary.

Bbuild security into the design.

Cdevelop application development standards.

Dreview application source code.

Show Answer

Question: 3

Which of the following BEST demonstrates effective information security management within an organization?

AExcessive risk exposure in one department can be absorbed by other departments.

BEmployees support decisions made by information security management.

CInformation security governance is incorporated into organizational governance.

DControl ownership is assigned to parties who can accept losses related to control failure.

Show Answer

Question: 4

Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

AConduct penetration testing

BExecute regular vulnerability scans.

CPerform an application vulnerability review,

DPerform an independent code review.

Show Answer

Question: 5

Which of the following should be an information security manager's FIRST course of action if notified by a third party that the organization's client data is being sold online?

AValidate whether the information is accurate.

BReport the incident to senior management

CShut down the applications that contain the client data.

DDetermine how the client data was compromised.

Show Answer

Isaca CISM Quiz:176 Topic:3 Questions:876-880