Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 249

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

A.

Management ' s business goals and objectives

B.

Strategies of other non-regulated companies

C.

Risk assessment results

D.

Industry best practices and control recommendations

Full Access
Question # 250

To improve the efficiency of the development of a new software application, security requirements should be defined:

A.

based on code review.

B.

based on available security assessment tools.

C.

after functional requirements.

D.

concurrently with other requirements.

Full Access
Question # 251

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

A.

Process owners

B.

End users

C.

Security architects.

D.

Corporate auditors

Full Access
Question # 252

The MOST important reason for an organization to establish a social media policy is to:

A.

Protect the company brand

B.

Increase employee productivity

C.

Monitor employee activity on the internet

D.

Prevent the spread of malware

Full Access
Question # 253

An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:

A.

organizational alignment

B.

IT strategy alignment

C.

threats to the organization

D.

existing control costs

Full Access
Question # 254

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

A.

Business impact analysis (BIA) results

B.

Vulnerability assessment results

C.

The business continuity plan (BCP)

D.

Recommendations from senior management

Full Access
Question # 255

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

A.

While responding to the incident

B.

During a tabletop exercise

C.

During post-incident review

D.

After a risk reassessment

Full Access
Question # 256

Which of the following activities MUST be performed by an information security manager for change requests?

A.

Perform penetration testing on affected systems.

B.

Scan IT systems for operating system vulnerabilities.

C.

Review change in business requirements for information security.

D.

Assess impact on information security risk.

Full Access
Go to page: