Isaca CISM Quiz 20 Topic 4 Questions 96-100

Question: 1

Which of the following is MOST important to include when reporting information security risk to executive leadership?

AKey performance objectives and budget trends

BSecurity awareness training participation and residual risk exposures

CRisk analysis results and key risk indicators (KRIs)

DInformation security risk management plans and control compliance

Show Answer

Question: 2

Which of the following is MOST important to include in an information security status report to senior management?

AKey risk indicators (KRIs)

BReview of information security policies

CList of recent security events

DInformation security budget requests

Show Answer

Question: 3

Audit trails of changes to source code and object code are BEST tracked through:

Ajob control statements.

Bcode review.

Cuse of compilers.

Dprogram library software.

Show Answer

Question: 4

When developing a tabletop test plan for incident response testing, the PRIMARY purpose of the scenario should be to:

Achallenge the incident response team to solve the problem under pressure.

Bgive the business a measure of the organization's overall readiness.

Cmeasure management engagement as part of an incident response team.

Dprovide participants with situations to ensure understanding of their roles.

Show Answer

Question: 5

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the

following would MOST effectively allow the hospital to avoid paying the ransom?

AA continual server replication process

BEmployee training on ransomware

CA property configured firewall

Dproperly tested offline backup system

Show Answer

Isaca CISM Quiz:20 Topic:4 Questions:96-100