Free Access to ISACA.CISM.v2023-03-13.q122 with Valid Practice Test (Page 14)

Question 61

Which of the following is the MOST effective way to prevent information security incidents?

A.Implementing a security information and event management (SIEM) tool
B.Implementing a security awareness training program for employees
C.Deploying a consistent incident response approach
D.Deploying intrusion detection tools in the network environment

Question 62

Which of the following is the FIRST step to establishing an effective information security program?

A.Create a business case.
B.Conduct a compliance review.
C.Assign accountability.
D.Perform a business impact analysis (BIA).

Question 63

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

A.Instruct the vendor to conduct penetration testing.
B.Suspend the connection to the application in the firewall
C.Report the situation to the business owner of the application.
D.Initiate the organization's incident response process.

Question 64

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

A.Incorporate policy statements derived from third-party standards and benchmarks.
B.Adhere to a unique corporate privacy and security standard
C.Establish baseline standards for all locations and add supplemental standards as required
D.Require that all locations comply with a generally accepted set of industry

Question 65

Which of the following is the BEST indication of an effective information security awareness training program?

A.An increase in positive user feedback
B.An increase in the frequency of phishing tests
C.An increase in the speed of incident resolution
D.An increase in the identification rate during phishing simulations

Question 61

Question 62

Question 63

Question 64

Question 65

Download PDF File