Isaca CISM Quiz 56 Topic 6 Questions 276-280

Question: 1

An organization has implemented a new security control in response to a recently discovered vulnerability. Several employees have voiced concerns that the control disrupts their ability to work. Which of the following is the information security manager's BEST course of action?

AEducate users about the vulnerability.

BReport the control risk to senior management.

CAccept the vulnerability.

DEvaluate compensating control options.

Show Answer

Question: 2

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?

ARight-to-audit clause

BEscalation paths

CTermination language

DKey performance indicators (KPIs)

Show Answer

Question: 3

An organization has fallen victim to a spear-phishing attack that compromised the multi-factor authentication code. What is the information security manager's MOST important follow-up action?

AInstall client anti-malware solutions.

BImplement an advanced email filtering system.

CCommunicate the threat to users.

DImplement firewall blocking of known attack signatures.

Show Answer

Question: 4

Which of the following is the MOST effective method of determining security priorities?

AGap analysis

BThreat assessment

CImpact analysis

DVulnerability assessment

Show Answer

Question: 5

Which of the following is MOST important to ensuring that incident management plans are executed effectively?

AThe incident response team has the appropriate training.

BManagement support and approval has been obtained.

CAn incident response maturity assessment has been conducted.

DA reputable managed security services provider has been engaged.

Show Answer

Isaca CISM Quiz:56 Topic:6 Questions:276-280