Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CISM Exam Dumps - Certified Information Security Manager

Go to page:
Question # 161

Which of the following BEST facilitates effective strategic alignment of security initiatives?

A.

The business strategy is periodically updated

B.

Procedures and standards are approved by department heads.

C.

Periodic security audits are conducted by a third-party.

D.

Organizational units contribute to and agree on priorities

Full Access
Question # 162

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

A.

Vulnerability assessment

B.

Asset classification

C.

Threat analysis

D.

Internal audit findings

Full Access
Question # 163

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

A.

Collect additional metrics.

B.

Perform a cost-benefit analysis.

C.

Submit funding request to senior management.

D.

Begin due diligence on the outsourcing company.

Full Access
Question # 164

A new risk has been identified in a high availability system. The BEST course of action is to:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Full Access
Question # 165

Which of the following should an information security manager do FIRST when noncompliance with security standards is identified?

A.

Report the noncompliance to senior management.

B.

Validate the noncompliance.

C.

Include the noncompliance in the risk register.

D.

Implement compensating controls to mitigate the noncompliance.

Full Access
Question # 166

An information security manager is working to incorporate media communication procedures into the security incident communication plan. It would be MOST important to include:

A.

a directory of approved local media contacts

B.

pre-prepared media statements

C.

procedures to contact law enforcement

D.

a single point of contact within the organization

Full Access
Question # 167

Which of the following BEST determines the allocation of resources during a security incident response?

A.

Senior management commitment

B.

A business continuity plan (BCP)

C.

An established escalation process

D.

Defined levels of severity

Full Access
Question # 168

If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:

A.

contact law enforcement.

B.

document the chain of custody.

C.

capture evidence using standard server-backup utilities.

D.

reboot affected machines in a secure area to search for evidence.

Full Access
Go to page: