Isaca CISM Quiz 61 Topic 5 Questions 301-305

Question: 1

Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?

ALabeling is not consistent throughout the organization.

BThe program allows exceptions to be granted.

CData retention requirements are not defined.

DThe classifications do not fallow industry best practices.

Show Answer

Question: 2

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

Aescalation procedures.

Bdisaster recovery plan (DRP).

Cinformation security manager.

Show Answer

Question: 3

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

AConduct a risk assessment.

Binterview senior management.

Cconduct a cost-benefit analysis.

Dperform a gap analysis.

Show Answer

Question: 4

Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?

AThe incident response team

BAffected customers

CSenior management

DCloud service provider

Show Answer

Question: 5

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

ACalculate security implementation costs.

BEvaluate service level agreements (SLAs).

CProvide cloud security requirements.

DReview cloud provider independent assessment reports.

Show Answer

Isaca CISM Quiz:61 Topic:5 Questions:301-305