Isaca CISM Quiz 94 Topic 4 Questions 466-470

Question: 1

Which of the following is the MOST important reason for an organization to communicate to affected parties that a security has occurred?

ATo improve awareness of information security

BTo disclose the root cause of the incident

CTo increase goodwill towards the organization

DTo comply with regulations regarding notification

Show Answer

Question: 2

When developing metrics related to an organization's information security program, what information will provide the MOST value to

enable strategic decision-making?

AHow many security incidents are reported each month

BHow well information security risk is being predicted

CHow long it takes security incidents to be closed

DHow frequently the information security risk register is updated

Show Answer

Question: 3

An organization Is storing accounting data in an external cloud environment. Which of the following is the MOST important riskrelated consideration?

AAvailability of audit logs

BAccess to physical servers hosting the data

CAccess authorization to the data

DData backup capabilities

Show Answer

Question: 4

An information security manager is reviewing a contract with a third-party service provider. Which of the following issues should be of MOST concerm?

AThe provider lacks compliance certification.

BPenalties for breach of contract are not defined.

CThe provider states the client is responsible for data classification.

DThere is no provision for a right to audit.

Show Answer

Question: 5

Which of the following is the PRIMARY objective of an incident response plan?

ATo communicate escalation procedures

BTo minimize business disruption

CTo establish appropriate service level agreements (SLAs)

DTo define roles and responsibilities

Show Answer

Isaca CISM Quiz:94 Topic:4 Questions:466-470