Free Access to ISACA.CISM.v2022-02-28.q183 with Valid Practice Test (Page 20)

Question 91

Which is the BEST way for an organization to monitor security risk?

A.Using a dashboard to assess vulnerabilities
B.Analyzing key risk indicators (KRIs)
C.Analyzing key performance indicators (KPIs)
D.Using external risk intelligence services

Question 92

A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

A.Enable access through a separate device that requires adequate authentication
B.Implement manual procedures that require password change after each use
C.Request the vendor to add multiple user IDs
D.Analyze the logs to detect unauthorized access

Question 93

In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:

A.original cost to acquire.
B.cost of the software stored.
C.annualized loss expectancy (ALE).
D.cost to obtain a replacement.

Question 94

When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:

A.this is a requirement of the security policy.
B.software licenses may expire in the future without warning.
C.the asset inventory must be maintained.
D.service level agreements may not otherwise be met.

Question 95

Which of the following should be the PRIMARY consideration for an information security manager when designing security controls for a newly acquired business application?

A.The IT security architecture framework
B.Known vulnerabilities in the application
C.Cost-benefit analysis of current controls
D.Business processes supported by the application

Question 91

Question 92

Question 93

Question 94

Question 95

Download PDF File