Isaca CISM Quiz 110 Topic 6 Questions 546-550

Question: 1

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager's FIRST course of action?

ADesign and document a new process

BUpdate the security policy

CPerform a risk assessment

DReport the issue to senior management

Show Answer

Question: 2

Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?

AImplement more stringent countermeasures.

BEvaluate whether an excessive level of control is being applied.

CAsk senior management to increase the acceptable risk levels

DAsk senior management to lower the acceptable risk levels

Show Answer

Question: 3

Which of the following should be the information security manager's NEXT step following senior management approval of the information security strategy?

ADevelop a security pokey.

BDevelop a budget

CPerform a gap analysis.

DForm a steering committee

Show Answer

Question: 4

The PRIMARY benefit of integrating information security risk into enterprise risk management is to:

Aensure timely risk mitigation.

Bjustify the information security budget

Cobtain senior management's commitment.

Dprovide a holistic view of risk

Show Answer

Question: 5

What is the MAIN reason for an organization to develop an incident response plan?

Identify training requirements for the incident response team.

Priorities treatment based on incident critically.

What is the MAIN reason for an organization to develop an incident response plan?

AIdentity training requirements for the incident response team.

BPrioritize treatment based on incident criticality.

CTrigger immediate recovery procedures.

DProvide a process for notifying stakeholders of trie incident.

Show Answer

Isaca CISM Quiz:110 Topic:6 Questions:546-550