Isaca CISM Quiz 13 Topic 6 Questions 61-65

Question: 1

The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of GREATEST concern?

AConflicting legal requirements

BVarying threat environments

CDisparate reporting lines

DDifferences in work culture

Show Answer

Question: 2

Which of the following is an Information security manager's BEST recommendation to senior management following a breach at the organization's Software as a Service (SaaS) vendor?

ATerminate the relationship with the vendor.

BUpdate the vendor risk assessment.

CEngage legal counsel.

DRenegotiate the vendor contract.

Show Answer

Question: 3

Which of the following clauses would represent the MOST significant potential exposure tf included in a contract with a third-party service provider?

AProvider liability for loss of data limited to cost of physical media

BProvider responsibility in a disaster limited to best reasonable efforts

CAccess to escrowed software restricted to specific conditions

DAudit rights limited to customer data and supporting infrastructure

Show Answer

Question: 4

Which of the following is an information security manager's BEST course of action to gain approval for investment in a technical control?

ACalculate the exposure factor.

BPerform a cost-benefit analysis.

CConduct a business impact analysis (BIA).

DConduct a risk assessment

Show Answer

Question: 5

What is the PRIMARY goal of an incident management program?

AMinimize impact to the organization.

BContain the incident.

CIdentify root cause.

DCommunicate to external entities.

Show Answer

Isaca CISM Quiz:13 Topic:6 Questions:61-65