Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 217

An internal audit has revealed that a number of information assets have been inappropriately classified. To correct the classifications, the remediation accountability should be assigned to:

A.

the business users.

B.

the information owners.

C.

the system administrators.

D.

senior management.

Full Access
Question # 218

Which of the following BEST enables an organization to operate smoothly with reduced capacities when service has been disrupted?

A.

Crisis management plan

B.

Disaster recovery plan (DRP)

C.

Incident response plan

D.

Business continuity plan (BCP)

Full Access
Question # 219

Capacity planning would prevent:

A.

file system overload arising from distributed denial of service (DDoS) attacks.

B.

system downtime for scheduled security maintenance.

C.

application failures arising from insufficient hardware resources.

D.

software failures arising from exploitation of buffer capacity vulnerabilities.

Full Access
Question # 220

A new risk has been identified in a high availability system. The BEST course of action is to:

A.

Perform a cost-benefit analysis for mitigating controls

B.

Recommend risk acceptance to the business owner

C.

Develop and implement a plan to mitigate the identified risk

D.

Evaluate and prioritize the identified risk

Full Access
Question # 221

Reevaluation of risk is MOST critical when there is:

A.

resistance to the implementation of mitigating controls.

B.

a management request for updated security reports.

C.

a change in security policy.

D.

a change in the threat landscape.

Full Access
Question # 222

Who should be responsible for determining the level of data classification required for an application related to a new line of business?

A.

Data analyst

B.

Information security officer (ISO)

C.

Data custodian

D.

Data owners

Full Access
Question # 223

Which of the following should be the MOST important consideration when reviewing an information security strategy?

A.

Recent security incidents

B.

New business initiatives

C.

Industry security standards

D.

Internal audit findings

Full Access
Question # 224

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

A.

baseline security controls.

B.

benchmarking security metrics.

C.

security objectives.

D.

cost-benefit analyses.

Full Access
Go to page: