Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 161

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

A.

Adopt the cloud provider ' s incident response procedures.

B.

Transfer responsibility for incident response to the cloud provider.

C.

Continue using the existing incident response procedures.

D.

Revise incident response procedures to encompass the cloud environment.

Full Access
Question # 162

An organization is in the process of selecting a third party to process customer information. Which of the following provides the BEST evidence that the third party’s controls will operate as required?

A.

Results of incident response tests

B.

An independent assessment

C.

An external vulnerability assessment

D.

An information security questionnaire

Full Access
Question # 163

Which of the following BEST indicates that an information security governance framework has been successfully implemented?

A.

The framework aligns internal and external resources.

B.

The framework aligns security processes with industry best practices.

C.

The framework aligns management and other functions within the security organization.

D.

The framework includes commercial off-the-shelf security solutions.

Full Access
Question # 164

A backdoor has been identified that enabled a cyberattack on an organization’s systems. Integrating which of the following into the software development life cycle would BEST enable the organization to mitigate similar attacks in the future?

A.

Enhanced user acceptance testing (UAT)

B.

Separation of duties

C.

Customized developer training

D.

Vulnerability testing

Full Access
Question # 165

Which of the following should be done FIRST when developing an information security strategy?

A.

Identify owners of information assets

B.

Develop security policies and standards

C.

Determine the desired state of information security

D.

Establish an information security steering committee

Full Access
Question # 166

Which of the following MOST effectively identifies the organization’s ability to comply with legal, regulatory, and contractual requirements?

A.

Vulnerability scan

B.

Control self-assessment (CSA)

C.

Gap analysis

D.

Risk assessment

Full Access
Question # 167

Which of the following would BEST mitigate accidental data loss events?

A.

Conduct periodic user awareness training.

B.

Obtain senior management support for the information security strategy.

C.

Conduct a data loss prevention (DLP) audit.

D.

Enforce a data hard drive encryption policy.

Full Access
Question # 168

Which of the following should be triggered FIRST when unknown malware has infected an organization ' s critical system?

A.

Incident response plan

B.

Disaster recovery plan (DRP)

C.

Business continuity plan (BCP)

D.

Vulnerability management plan

Full Access
Go to page: