Free Access to ISACA.CISM.v2025-07-07.q684 with Valid Practice Test (Page 10)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2025-07-07.q684 Dumps

««
«
…
5
6
7
8
9
10
11
12
13
14
…
»
»»

Question 41

The MOST appropriate time to conduct a disaster recovery test would be after:

A.major business processes have been redesigned.
B.the business continuity plan (BCP) has been updated.
C.the security risk profile has been reviewed
D.noncompliance incidents have been filed.

Correct Answer: B

The most appropriate time to conduct a disaster recovery test would be after the business continuity plan (BCP) has been updated, as it ensures that the disaster recovery plan (DRP) is aligned with the current business requirements, objectives, and priorities. The BCP should be updated regularly to reflect any changes in the business environment, such as new threats, risks, processes, technologies, or regulations. The disaster recovery test should validate the effectiveness and efficiency of the DRP, as well as identify any gaps, issues, or improvement opportunities123. References =
* 1: CISM Review Manual 15th Edition, page 2114
* 2: CISM Practice Quiz, question 1042
* 3: Business Continuity Planning and Disaster Recovery Testing, section "Testing the Plan"

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 42

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

A.A validation of the current firewall rule set
B.A port scan of the firewall from an internal source
C.A ping test from an external source
D.A simulated denial of service (DoS) attack against the firewall

Correct Answer: A

A validation of the current firewall rule set is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense because it verifies that the firewall rules are consistent, accurate, and effective in allowing or blocking traffic according to the security policies and standards of the organization. A port scan of the firewall from an internal source is not a good method because it does not test the firewall's behavior from an external perspective, which is more relevant for perimeter defense. A ping test from an external source is not a good method because it only tests the firewall's availability and responsiveness, not its security or functionality. A simulated denial of service (DoS) attack against the firewall is not a good method because it only tests the firewall's resilience and performance under high traffic load, not its security or functionality. Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/technical-security-standards-for-information-systems https://www.isaca.org/resources/isaca-journal/issues/2017/volume-2/the-value-of-penetration-testing https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/security-scanning-versus-penetration-testing

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 43

Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?

A.Encrypting first by receiver's private key and second by sender's public key
B.Encrypting first by sender's private key and second by receiver's public key
C.Encrypting first by sender's private key and second decrypting by sender's public key
D.Encrypting first by sender's public key and second by receiver's private key

Correct Answer: B

Encrypting by the sender's private key ensures authentication. By being able to decrypt with the sender's public key, the receiver would know that the message is sent by the sender only and the sender cannot deny/repudiate the message. By encrypting with the sender's public key secondly, only the sender will be able to decrypt the message and confidentiality is assured. The receiver's private key is private to the receiver and the sender cannot have it for encryption. Similarly, the receiver will not have the private key of the sender to decrypt the second-level encryption. In the case of encrypting first by the sender's private key and. second, decrypting by the sender's public key, confidentiality is not ensured since the message can be decrypted by anyone using the sender's public key. The receiver's private key would not be available to the sender for second-level encryption. Similarly, the sender's private key would not be available to the receiver for decrypting the message.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 44

The "separation of duties" principle is violated if which of the following individuals has update rights to the database access control list (ACL)?

A.Data owner
B.Data custodian
C.Systems programmer
D.Security administrator

Correct Answer: C

Explanation
A systems programmer should not have privileges to modify the access control list (ACL) because this would give the programmer unlimited control over the system. The data owner would request and approve updates to the ACL, but it is not a violation of the separation of duties principle if the data owner has update rights to the ACL. The data custodian and the security administrator could carry out the updates on the ACL since it is part of their duties as delegated to them by the data owner.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 45

Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is:

A.mandatory access controls.
B.discretionary access controls.
C.lattice-based access controls.
D.role-based access controls.

Correct Answer: D

Role-based access controls will grant temporary employee access based on the job function to be performed. This provides a better means of ensuring that the access is not more or less than what is required. Discretionary, mandatory and lattice-based access controls are all security models, hut they do not address the issue of temporary employees as well as role-based access controls.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
5
6
7
8
9
10
11
12
13
14
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2025-07-07.q684 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter