Isaca CISM Quiz 48 Topic 5 Questions 236-240

Question: 1

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

ATo estimate the recovery time objective (RTO)

BTo provide metrics ta senior management

CTo assess service level agreements (SLAs)

DTo evaluate how personnel react to the situation

Show Answer

Question: 2

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

ADefining information security requirements with internal IT

BRequiring regular reporting frame the IT service provider

CRequiring an external security audit of the IT service provider

DDefining the business recovery plan with the IT service provider

Show Answer

Question: 3

Which of the following BEST determines what information should be shared with different entities during incident response?

ADisaster recovery policy

BCommunication plan

CBusiness continuity plan (BCP)

DEscalation procedures

Show Answer

Question: 4

Which of the following is MOST important when selecting an information security matric?

ADefining the metric in qualitative terms

BEnsuring the metric is repeatable

CAligning the metric to the IT strategy

DDefining the metric in quantitative terms

Show Answer

Question: 5

Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?

AThe ability to reduce risk in the supply chain

BThe ability to define service level agreements (SLAs)

CThe ability to meet industry compliance requirements

DThe ability to improve vendor performance

Show Answer

Isaca CISM Quiz:48 Topic:5 Questions:236-240