Isaca CISM Quiz 213 Topic 7 Questions 1061-1065

Question: 1

When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident is that it helps to:

Acommunicate the incident response process to stakeholders

Bmake tabletop testing more effective.

Cdevelop effective escalation and response procedures.

Dadequately staff and train incident response teams.

Show Answer

Question: 2

Which of the following threats is prevented by using token-based authentication?

ADenial of service attack over the network

BPassword sniffing attack on the network

CMan-in-the-middle attack on the client

DSession eavesdropping attack on the network

Show Answer

Question: 3

The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present:

Adetailed threat analysis results.

Bbusiness impact analysis (BIA) results.

Crisk treatment options.

Da risk heat map.

Show Answer

Question: 4

An inexperienced information security manager is relying on its internal audit department to design and implement key security controls. Which of the following is the GREATEST risk?

AConflict of interest

BInadequate audit skills

CViolation of the audit charter

DInadequate implementation of controls

Show Answer

Question: 5

Senior management has decided to accept a significant risk within a security remediation plan. Which of the following is the information security manager's BEST course of action?

AReport the risk acceptance to regulatory agencies.

BCommunicate the remediation plan to the board of directors.

CUpdate the risk register with the risk acceptance.

DRemediate the risk and document the rationale.

Show Answer

Isaca CISM Quiz:213 Topic:7 Questions:1061-1065