Isaca CISM Quiz 41 Topic 4 Questions 201-205

Question: 1

An organization's operations have been significantly impacted by a cyber

attack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?

AImplement compensating controls.

BUpdate the incident response plan.

CConduct a lessons learned exercise,

DPerform a root cause analysis.

Show Answer

Question: 2

When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

AInclude information security criteria as part of vendor selection.

BDevelop metrics for vendor performance.

CReview third-party reports of potential vendors

DInclude information security clauses in the vendor contract.

Show Answer

Question: 3

When designing security controls, it is MOST important to:

Aapply a risk-based approach.

Bevaluate the costs associated with the controls.

Cfocus on preventive controls.

Dapply controls to confidential information.

Show Answer

Question: 4

An information security manager discovers that the organization's new information security policy is not being followed across all departments, Which of the following should be of GREATEST concern to the information security manager?

ADifferent communication methods may be required for each business unit.

BThe corresponding controls are viewed as prohibitive to business operations.

CThe wording of the policy is not tailored to the audience.

DBusiness unit management has not emphasized the importance of the new policy.

Show Answer

Question: 5

Which of the following is the PRIMARY responsibility of an information security steering committee composed of management representation from business units?

APerform business impact analyses (BIAS).

BMonitor the treatment of information security risk.

COversee the execution of the information security strategy

DManage the implementation of the information security plan.

Show Answer

Isaca CISM Quiz:41 Topic:4 Questions:201-205