Isaca CISM Quiz 60 Topic 4 Questions 296-300

Question: 1

An information security manager has identified a major security event with potential noncompliance implications. Who should be notified FIRST?

AInternal audit

BSenior management

CPublic relations team

DRegulatory authorities

Show Answer

Question: 2

An organization is developing a disaster recovery strategy and needs to identify each application's criticality so that the recovery sequence can be established. Which of the following is the BEST course of action?

ADocument the data flow and review the dependencies.

BPerform a business impact analysis (BIA) on each application.

CRestore the applications with the shortest recovery times first.

DIdentify which applications contribute the most cash flow.

Show Answer

Question: 3

Which of the following is the MOST important step when establishing guidelines for the use of social networking sites in an organization?

APerform a vulnerability assessment.

BDefine acceptable information for posting

CIdentify secure social networking sites.

DEstablish disciplinary actions for noncompliance.

Show Answer

Question: 4

An organization has established a bring your own device (BYOD) program. Which of the following is the MOST important security consideration when allowing employees to use personal devices for corporate applications remotely?

ASecurity awareness training

BSecure application development

CMobile operating systems support

DMandatory controls for maintaining security policy

Show Answer

Question: 5

An information security manager has identified the organization is not in compliance with new legislation that will soon be in effect. Which of the following is MOST important to consider when determining additional controls to be implemented?

AThe information security strategy

BThe cost of noncompliance

CThe organization's risk appetite

DThe information security policy

Show Answer

Isaca CISM Quiz:60 Topic:4 Questions:296-300