Isaca CISM Quiz 66 Topic 7 Questions 326-330

Question: 1

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

AInvoke the organization's incident response plan.

BSet up communication channels for the target audience

CCreate a comprehensive singular communication

DDetermine the needs and requirements of each audience.

Show Answer

Question: 2

Executive leadership becomes involved in decisions about information security governance.

Executive leadership views information security governance primarily as a concern of the information security management team. What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?

AEnsuring residual risk is within appetite

BEnsuring the application inventory is updated

CEnsuring a cost-benefit analysis is completed

DEnsuring senior management is aware of associated risk

Show Answer

Question: 3

The PRIMARY goal of the eradication phase in an incident response process is to:

Aprovide effective triage and containment of the incident.

Bremove the threat and restore affected systems.

Cmaintain a strict chain of custody.

Dobtain forensic evidence from the affected system.

Show Answer

Question: 4

Which of the following is the MOST effective way to mitigate the risk of confidential data leakage to unauthorized stakeholders?

AImplement role-based access controls.

BRequire the use of login credentials and passwords.

CConduct information security awareness training.

DCreate a data classification policy.

Show Answer

Question: 5

Which of the following would be MOST helpful when determining appropriate access controls for an application?

AEnd-user input

BIndustry best practices

CData criticality

DGap analysis results

Show Answer

Isaca CISM Quiz:66 Topic:7 Questions:326-330