Free Access to ISACA.CISM.v2023-01-28.q301 with Valid Practice Test (Page 58)

Question 281

An intranet server should generally be placed on the:

A.internal network.
B.firewall server.
C.external router.
D.primary domain controller.

Question 282

The GREATEST benefit of using a maturity model when providing security reports to management is that it presents the:

A.security program priorities to achieve an accepted risk level
B.level of compliance with internal policy
C.assessed level of security risk at a particular point in time
D.current and target security state for the business

Question 283

An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

A.perform a comprehensive assessment of the organization's exposure to the hacker's techniques.
B.initiate awareness training to counter social engineering.
C.immediately advise senior management of the elevated risk.
D.increase monitoring activities to provide early detection of intrusion.

Question 284

Which of the following would be a MAJOR consideration for an organization defining its business continuity plan (BCP) or disaster recovery program (DRP)?

A.Setting up a backup site
B.Maintaining redundant systems
C.Aligning with recovery time objectives (RTOs)
D.Data backup frequency

Question 285

An organization is considering moving one of its critical business applications to a cloud hosting service.
The cloud provider may not provide the same level of security for this application as the organization. Which of the following will provide the BEST information to help maintain the security posture?

A.Risk assessment
B.Cloud security strategy
C.Vulnerability assessment
D.Risk governance framework

Question 281

Question 282

Question 283

Question 284

Question 285

Download PDF File