ISACA CISM Certified Information Security Manager Practice Exam-IV

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Write down your full name. *

Write down your phone numbers *

QUESTION NO: 301 Which of the following is the BEST method to ensure the overall effectiveness of a risk management program? *

1 point

A. User assessments of changes

B. Comparison of the program results with industry standards

C. Assignment of risk within the organization

D. Participation by all members of the organization

QUESTION NO: 302 The MOST effective use of a risk register is to: *

1 point

A. identify risks and assign roles and responsibilities for mitigation.

B. identify threats and probabilities.

C. facilitate a thorough review of all IT-related risks on a periodic basis.

D. record the annualized financial amount of expected losses due to risks.

QUESTION NO: 303 After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program? *

1 point

A. Define security metrics

B. Conduct a risk assessment

C. Perform a gap analysis

D. Procure security tools

QUESTION NO: 304 Which of the following are the essential ingredients of a business impact analysis (B1A)? *

1 point

A. Downtime tolerance, resources and criticality

B. Cost of business outages in a year as a factor of the security budget

C. Business continuity testing methodology being deployed

D. Structure of the crisis management team

QUESTION NO: 305 A risk management approach to information protection is: *

1 point

A. managing risks to an acceptable level, commensurate with goals and objectives.

B. accepting the security posture provided by commercial security products.

C. implementing a training program to educate individuals on information protection and risks.

D. managing risk tools to ensure that they assess all information protection vulnerabilities.

QUESTION NO: 306 Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level? *

1 point

A. Implement countermeasures.

B. Eliminate the risk.

C. Transfer the risk.

D. Accept the risk.

QUESTION NO: 307 To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning? *

1 point

A. Conducting a qualitative and quantitative risk analysis.

B. Assigning value to the assets.

C. Weighing the cost of implementing the plan vs. financial loss.

D. Conducting a business impact analysis (BIA)

QUESTION NO: 308 An information security organization should PRIMARILY: *

1 point

A. support the business objectives of the company by providing security-related support services.

B. be responsible for setting up and documenting the information security responsibilities of the information security team members.

C. ensure that the information security policies of the company are in line with global best practices and standards.

D. ensure that the information security expectations are conveyed to employees.

QUESTION NO: 309 When implementing security controls, an information security manager must PRIMARILY focus on: *

1 point

A. minimizing operational impacts.

B. eliminating all vulnerabilities.

C. usage by similar organizations.

D. certification from a third party.

QUESTION NO: 310 All risk management activities are PRIMARILY designed to reduce impacts to: *

1 point

A. a level defined by the security manager.

B. an acceptable level based on organizational risk tolerance.

C. a minimum level consistent with regulatory requirements

D. the minimum level possible.

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. - Terms of Service - Privacy Policy

Does this form look suspicious? Report

Forms