Isaca CISM Quiz 30 Topic 7 Questions 146-150

Question: 1

Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization's project development processes?

AConduct security reviews during design, testing, and implementation.

BDevelop good communications with the project management office (PMO).

CParticipate in project initiation, approval, and funding.

DIntegrate organization's security requirements into project

Show Answer

Question: 2

The BEST way to report to the board on the effectiveness of the information security program is to present:

Aa dashboard illustrating key performance metrics

Ba summary of the most recent audit findings.

BA report of cost savings from process improvements.

Cpeer-group industry benchmarks.

Show Answer

Question: 3

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

ACorresponding breaches associated with each vendor

BCompensating controls in place to protect information security

CCompliance requirements associated with the regulation

DCriticality of the service to the organization

Show Answer

Question: 4

Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?

ATo ensure that the mitigation effort does not exceed the asset value

BTo ensure that benefits are aligned with business strategies

CTo justify information security program activities

DTo present a realistic information security budget

Show Answer

Question: 5

An information security manager has identified that security risks are not being treated in a timely manner. Which of the following is the BEST way to address this situation?

AProvide regular updates about the current state of the risks.

BCreate mitigating controls to manage the risks.

CRe-perform risk analysis at regular intervals.

DAssign a risk owner to each risk.

Show Answer

Isaca CISM Quiz:30 Topic:7 Questions:146-150