Isaca CISM Quiz 28 Topic 7 Questions 136-140

Question: 1

The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Aexplain the organization's preferred practices for security.

Bensure that all business units have the same strategic security goals.

Censure that all business units implement identical security procedures.

Dprovide evidence for auditors that security practices are adequate.

Show Answer

Question: 2

When scoping a risk assessment, assets need to be classified by:

Alikelihood and impact.

Bsensitivity and criticality

Credundancy and recoverability.

Dthreats and opportunities.

Show Answer

Question: 3

When supporting an organization's privacy officer, which of the following is the information security manager's PRIMARY role regarding privacy requirements?

AConducting privacy awareness programs

BMonitoring the transfer of private data

CEnsuring appropriate controls are in place

DDetermining data classification

Show Answer

Question: 4

Which of the following is the MOST essential element of an information security program?

ABenchmarking the program with global standards for relevance

BApplying project management practices used by the business

CPrioritizing program deliverables based on available resources

DInvolving functional managers in program development

Show Answer

Question: 5

An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?

ADetermine the classification level of the information.

BBlock access to the cloud storage service.

CSeek business justification from the employee.

DInform higher management of a4 security breach.

Show Answer

Isaca CISM Quiz:28 Topic:7 Questions:136-140