Free Access to ISACA.CISM.v2022-02-28.q183 with Valid Practice Test (Page 3)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2022-02-28.q183 Dumps

«
1
2
3
4
5
6
7
8
9
10
…
»
»»

Question 6

Which of the following would a security manager establish to determine the target for restoration of normal processing?

A.Recover time objective (RTO)
B.Maximum tolerable outage (MTO)
C.Recovery point objectives (RPOs)
D.Services delivery objectives (SDOs)

Correct Answer: A

Section: INFORMATION RISK MANAGEMENT
Explanation:
Recovery time objective (RTO) is the length of time from the moment of an interruption until the time the process must be functioning at a service level sufficient to limit financial and operational impacts to an acceptable level. Maximum tolerable outage (MTO) is the maximum time for which an organization can operate in a reduced mode. Recovery point objectives (RPOs) relate to the age of the data required for recovery. Services delivery objectives (SDOs) are the levels of service required in reduced mode.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 7

Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked system vulnerabilities?

A.Vulnerability scans
B.Penetration tests
C.Code reviews
D.Security audits

Correct Answer: B

Explanation
A penetration test is normally the only security assessment that can link vulnerabilities together by exploiting them sequentially. This gives a good measurement and prioritization of risks. Other security assessments such as vulnerability scans, code reviews and security audits can help give an extensive and thorough risk and vulnerability overview', but will not be able to test or demonstrate the final consequence of having several vulnerabilities linked together. Penetration testing can give risk a new perspective and prioritize based on the end result of a sequence of security problems.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 8

An information security program should be sponsored by:

A.infrastructure management.
B.the corporate audit department.
C.key business process owners.
D.information security management.

Correct Answer: C

Explanation
The information security program should ideally be sponsored by business managers, as represented by key business process owners. Infrastructure management is not sufficiently independent and lacks the necessary knowledge regarding specific business requirements. A corporate audit department is not in as good a position to fully understand how an information security program needs to meet the needs of the business. Audit independence and objectivity will be lost, impeding traditional audit functions. Information security implements and executes the program. Although it should promote it at all levels, it cannot sponsor the effort due to insufficient operational knowledge and lack of proper authority.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 9

The MOST effective use of a risk register is to:

A.identify risks and assign roles and responsibilities for mitigation.
B.identify threats and probabilities.
C.facilitate a thorough review of all IT-related risks on a periodic basis.
D.record the annualized financial amount of expected losses due to risks.

Correct Answer: C

Section: INFORMATION RISK MANAGEMENT
Explanation:
A risk register is more than a simple list - it should lie used as a tool to ensure comprehensive documentation, periodic review and formal update of all risk elements in the enterprise's IT and related organization. Identifying risks and assigning roles and responsibilities for mitigation are elements of the register. Identifying threats and probabilities are two elements that are defined in the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk register. While the annualized loss expectancy (ALE) should be included in the register, this quantification is only a single element in the overall risk analysis program.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 10

Which of the following BEST describes a buffer overflow?

A.A program contains a hidden and unintended function that presents a security risk.
B.A type of covert channel that captures data.
C.Malicious code designed to interfere with normal operations.
D.A function is carried out with more data than the function can handle.

Correct Answer: D

Section: INFORMATION RISK MANAGEMENT

Comment: *

Name: *

Email: *

Verification: *

insert code

«
1
2
3
4
5
6
7
8
9
10
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2022-02-28.q183 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter