Isaca CISM Quiz 129 Topic 6 Questions 641-645

Question: 1

Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

AResults of a vulnerability scan

BResults of a security pokey review

CResults of a security risk assessment

DResults of a red team exercise

Show Answer

Question: 2

A potential security breach has been reported to an organization s help desk. Which of the following would be the PRIMARY role of the help desk in the incident response process?

ADocumentation

BTroubleshooting

CEscalation

DDeclaration of an incident

Show Answer

Question: 3

After a risk has been mitigated, which of the following is the BEST way to help ensure residual risk remains within an organization's established risk tolerance?

AConduct programs to promote user risk awareness

BMonitor the security environment for changes in risk.

CIntroduce new risk scenarios to test program effectiveness.

DPerform a business impact analysis (BIA).

Show Answer

Question: 4

When reporting to senior management on an information security vulnerability that could lead to a potential breach, what information is MOST likely to facilitate the decision-making process?

ACost to remediate

BRisk treatment options

CBusiness impact

DRegulatory requirements

Show Answer

Question: 5

Which of the following provides the BEST evidence that a recently established information security program is effective?

AThe number of reported incidents has increased

BSenior management has reported fewer junk emails

CRegular IT balanced scorecards are communicated

DThe number of tickets associated with IT incidents have stayed consistent

Show Answer

Isaca CISM Quiz:129 Topic:6 Questions:641-645