Free Access to ISACA.CISM.v2022-02-28.q183 with Valid Practice Test (Page 18)

Question 81

Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

A.The patch should be validated a hash algorithm.
B.The patch should be deployed quickly to systems that are vulnerable.
C.The patch should be evaluated in a testing environment.
D.The patch should be applied to critical systems.

Question 82

Which of the following is MOST important in developing a security strategy?

A.Creating a positive business security environment
B.Understanding key business objectives
C.Having a reporting line to senior management
D.Allocating sufficient resources to information security

Question 83

Information security managers should use risk assessment techniques to:

A.justify selection of risk mitigation strategies.
B.maximize the return on investment (ROD.
C.provide documentation for auditors and regulators.
D.quantify risks that would otherwise be subjective.

Question 84

When developing security processes for handling credit card data on the business unit's information system, the information security manager should

A.review industry's best practices for handling secure payments.
B.review corporate policies regarding credit card information.
C.implement the credit card companies' security requirements.
D.ensure that systems handle credit card data are segmented.

Question 85

A business previously accepted the risk associated with a zero-day vulnerability. The same vulnerability was recently exploited in a high-profile attack on another organization in the same industry. Which of the following should be the information security manager's FIRST course of action?

A.Report the breach of the other organization to senior management.
B.Develop best and worst case scenarios.
C.Reassess the risk in terms of likelihood and impact.
D.Evaluate the cost of remediating the vulnerability.

Question 81

Question 82

Question 83

Question 84

Question 85

Download PDF File