Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 169

Which of the following activities is MOST appropriate to conduct during the eradication phase of a cyber incident response?

A.

Restore affected systems for normal operations.

B.

Mitigate exploited vulnerabilities to stop future incidents.

C.

Estimate the amount of damage caused by the incident.

D.

Isolate affected systems to prevent further damage

Full Access
Question # 170

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

A.

Escalate to the chief risk officer (CRO).

B.

Conduct a vulnerability analysis.

C.

Conduct a risk analysis.

D.

Determine compensating controls.

Full Access
Question # 171

Which of the following would be MOST helpful when creating information security policies?

A.

The information security framework

B.

Business impact analysis (BIA)

C.

Information security metrics

D.

Risk assessment results

Full Access
Question # 172

Which of the following is the MOST important reason for an information security manager to archive and retain the organization ' s electronic communication and email data?

A.

To track personal use of electronic communication by users

B.

To provide as evidence in legal proceedings when required

C.

To meet the requirements of global security standards

D.

To identify and scan attachments for malware

Full Access
Question # 173

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

A.

Assessing how peer organizations using the same technologies have been impacted

B.

Understanding the impact on existing resources

C.

Reviewing vendor contracts and service level agreements (SLAs)

D.

Developing training for end users to familiarize them with the new technology

Full Access
Question # 174

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

A.

Availability of resources

B.

Root cause analysis results

C.

Adverse effects on the business

D.

Legal and regulatory requirements

Full Access
Question # 175

The BEST way to identify the risk associated with a social engineering attack is to:

A.

monitor the intrusion detection system (IDS),

B.

review single sign-on (SSO) authentication lags.

C.

test user knowledge of information security practices.

D.

perform a business risk assessment of the email filtering system.

Full Access
Question # 176

The PRIMARY reason to properly classify information assets is to determine:

A.

appropriate encryption strength using a risk-based approach.

B.

the business impact if assets are compromised.

C.

the appropriate protection based on sensitivity.

D.

user access levels based on the need to know.

Full Access
Go to page: