Free Access to ISACA.CISM.v2023-01-28.q301 with Valid Practice Test (Page 50)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2023-01-28.q301 Dumps

««
«
…
45
46
47
48
49
50
51
52
53
54
…
»
»»

Question 241

A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?

A.Add mitigating controls.
B.Take the server off-line and install the patch.
C.Check the server's security and install the patch.
D.Conduct an impact analysis.

Correct Answer: D

Section: INFORMATION SECURITY PROGRAM MANAGEMENT

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 242

Logging is an example of which type of defense against systems compromise?

A.Containment
B.Detection
C.Reaction
D.Recovery

Correct Answer: B

Explanation/Reference:
Explanation:
Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses.
Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 243

The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information security program is to:

A.ensure the confidentiality of sensitive material.
B.provide a high assurance of identity.
C.allow deployment of the active directory.
D.implement secure sockets layer (SSL) encryption.

Correct Answer: B

The primary purpose of a public key infrastructure (PKI) is to provide strong authentication. Confidentiality is a function of the session keys distributed by the PKI. An active directory can use PKI for authentication as well as using other means. Even though secure sockets layer (SSL) encryption requires keys to authenticate, it is not the main reason for deploying PKI.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 244

Risk management programs are designed to reduce risk to:

A.a level that is too small to be measurable.
B.the point at which the benefit exceeds the expense.
C.a level that the organization is willing to accept.
D.a rate of return that equals the current cost of capital.

Correct Answer: C

Section: INFORMATION RISK MANAGEMENT
Explanation:
Risk should be reduced to a level that an organization is willing to accept. Reducing risk to a level too small to measure is impractical and is often cost-prohibitive. To tie risk to a specific rate of return ignores the qualitative aspects of risk that must also be considered. Depending on the risk preference of an organization, it may or may not choose to pursue risk mitigation to the point at which the benefit equals or exceeds the expense. Therefore, choice C is a more precise answer.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 245

Which of the following results from the risk assessment process would BEST assist risk management decision making?

A.Control risk
B.Inherent risk
C.Risk exposure
D.Residual risk

Correct Answer: D

Section: INFORMATION RISK MANAGEMENT
Explanation:
Residual risk provides management with sufficient information to decide to the level of risk that an organization is willing to accept. Control risk is the risk that a control may not succeed in preventing an undesirable event.
Risk exposure is the likelihood of an undesirable event occurring. Inherent risk is an important factor to be considered during the risk assessment.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
45
46
47
48
49
50
51
52
53
54
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2023-01-28.q301 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter