Free ISACA CISM Exam Dumps Questions & Answers

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

• A.  Wipe the device remotely.
• B.  Remove user's access to corporate data.
• C.  Report the incident to the police.
• D.  Prevent the user from using personal mobile devices.

A business requires a legacy version of an application to operate but the application cannot be patched. To limit the risk exposure to the business, a firewall is implemented in front of the legacy application. Which risk treatment option has been applied?

• A.  Avoid
• B.  Mitigate
• C.  Transfer
• D.  Accept

An information security manager learns that an existing supplier plans to begin using its recently developed generative AI technology for the same scope of service. A risk assessment was performed on the supplier three months ago with no outstanding findings. Which of the following is the BEST course of action to address the associated risk?

• A.  Report the change in risk to senior management
• B.  Review the results of the previous risk assessment
• C.  Suspend the use of the supplier until a risk assessment of the AI technology has been performed
• D.  Add an indemnity clause in the contractual agreement at the renewal stage

Which of the following should be the MOST important consideration of business continuity management?

• A.  Securing critical information assets
• B.  Ensuring the reliability of backup data
• C.  Ensuring human safety
• D.  Identifying critical business processes

Which of the following is the BEST justification for making a revision to a password policy?

• A.  Vendor recommendation
• B.  Industry best practice
• C.  Audit recommendation
• D.  A risk assessment