Isaca CISM Quiz 283 Topic 6 Questions 1411-1415

Question: 1

Which of the following is the BEST way to measure the effectiveness of a newly implemented social engineering training program?

ATrack the trending of reported security incidents

BAdminister quizzes upon completion of training.

CTrack the trending of malware infections.

DTest end user response to simulated scenarios

Show Answer

Question: 2

Which of the following is the BEST method to obtain senior management buy-in for an information security investment?

ADemonstrating the reduction in risk

BProviding benchmark results from alternate vendors

CCommunicating the end-of-life support plan from vendor

DIncluding sign-off from key stakeholders

Show Answer

Question: 3

Which of the following is the BEST indication that an organization is able to comply with information security requirements?

AInternal audit has not identified significant information security findings

BMaturity assessments have been performed for key business processes.

CSenior management has approved the information security strategy.

DInformation security is included in business processes

Show Answer

Question: 4

A regulatory organization sends an email to an information security manager warning of an Impending cyber attack. What should the information security manager do FIRST?

ADetermine whether the attack is in progress.

BValidate the authenticity of the alert.

CReply asking for more details.

DAlert the network operations center

Show Answer

Question: 5

The Information security manager and senior management of a global financial institution have been notified of a potential breach to its database containing a large volume of sensitive information Which of the following should be done FIRST?

AAssess the possible impact

BIsolate the breached database.

CNotify law enforcement

DImplement mitigating controls.

Show Answer

Isaca CISM Quiz:283 Topic:6 Questions:1411-1415