Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 257

The information security manager of a multinational organization has been asked to consolidate the information security policies of its regional locations. Which of the following would be of

GREATEST concern?

A.

Varying threat environments

B.

Disparate reporting lines

C.

Conflicting legal requirements

D.

Differences in work culture

Full Access
Question # 258

Which of the following should be the PRIMARY objective of an information security governance framework?

A.

Provide a baseline for optimizing the security profile of the organization.

B.

Demonstrate senior management commitment.

C.

Demonstrate compliance with industry best practices to external stakeholders.

D.

Ensure that users comply with the organization ' s information security policies.

Full Access
Question # 259

A KEY consideration in the use of quantitative risk analysis is that it:

A.

aligns with best practice for risk analysis of information assets.

B.

assigns numeric values to exposures of information assets.

C.

applies commonly used labels to information assets.

D.

is based on criticality analysis of information assets.

Full Access
Question # 260

Which of the following documents should contain the INITIAL prioritization of recovery of services?

A.

IT risk analysis

B.

Threat assessment

C.

Business impact analysis (BIA)

D.

Business process map

Full Access
Question # 261

An information security manager developing an incident response plan MUST ensure it includes:

A.

an inventory of critical data.

B.

criteria for escalation.

C.

a business impact analysis (BIA).

D.

critical infrastructure diagrams.

Full Access
Question # 262

Which of the following is the BEST approach for managing user access permissions to ensure alignment with data classification?

A.

Enable multi-factor authentication on user and admin accounts.

B.

Review access permissions annually or whenever job responsibilities change

C.

Lock out accounts after a set number of unsuccessful login attempts.

D.

Delegate the management of access permissions to an independent third party.

Full Access
Question # 263

Which of the following BEST supports the adoption of effective information security practices throughout an organization?

A.

Business continuity measures

B.

A security-aware culture

C.

The latest security technologies

D.

Information security metrics

Full Access
Question # 264

Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?

A.

Disconnect the system from the network.

B.

Change passwords on the compromised system.

C.

Restore the system from a known good backup.

D.

Perform operation system hardening.

Full Access
Go to page: