Isaca CISM Quiz 71 Topic 4 Questions 351-355

Question: 1

Which of the following is the MOST important consideration when developing information security objectives?

AThey are regularly reassessed and reported to stakeholders.

BThey are identified using global security frameworks and standards.

CThey are approved by the IT governance function.

DThey are clear and can be understood by stakeholders.

Show Answer

Question: 2

A security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network. Which of the following is the BEST course of action?

AUpdate the risk register so that senior management is kept informed.

BRemove the rules that trigger the increased number of alerts.

CPresent a risk analysis with recommendations to senior management.

DEvaluate and update the Enterprise network security architecture.

Show Answer

Question: 3

Which of the following is necessary to determine what would constitute a disaster for an organization?

ARecovery strategy analysis

BBackup strategy analysis

CThreat probability analysis

DRisk analysis

Show Answer

Question: 4

Which of the following is the BEST way to build a risk-aware culture?

APeriodically test compliance with security controls and post results.

BPeriodically change risk awareness messages.

CEnsure that threats are communicated organization-wide in a timely manner.

DEstablish incentives and a channel for staff to report risks.

Show Answer

Question: 5

To implement effective continuous monitoring of IT controls, an information security manager needs to FIRST ensure:

Asecurity alerts are centralized.

Bperiodic scanning of IT systems is in place.

Cmetrics are communicated to senior management.

Dinformation assets have been classified.

Show Answer

Isaca CISM Quiz:71 Topic:4 Questions:351-355