Isaca CISM Quiz 65 Topic 5 Questions 321-325

Question: 1

Which of the following is the BEST way to determine if a recent investment in access control software was successful?

AA comparison of security incidents before and after software installation

BA business impact analysis (BIA) of the systems protected by the software

CSenior management acceptance of the access control software

DA review of the number of key risk indicators (KRIs) implemented for the software

Show Answer

Question: 2

Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?

ASWOT analysis

BBalanced scorecard

CCost-benefit analysis

DIndustry benchmarks

Show Answer

Question: 3

Which of the following is the MOST important objective of testing a security incident response plan?

AEnsure the thoroughness of the response plan.

BVerify the response assumptions are valid.

CConfirm that systems are recovered in the proper order.

DValidate the business impact analysis (BIA).

Show Answer

Question: 4

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

AEstablish an audit committee.

BConduct a threat analysis.

CImplement an information security awareness training program.

DCreate an information security steering committee.

Show Answer

Question: 5

An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?

AControl owner responses based on a root cause analysis

BAn accountability report to initiate remediation activities

CThe impact of noncompliance on the organization's risk profile

DA plan for mitigating the risk due to noncompliance

Show Answer

Isaca CISM Quiz:65 Topic:5 Questions:321-325