Free Access to ISACA.CISM.v2025-07-07.q684 with Valid Practice Test (Page 32)

Question 151

The BEST strategy for risk management is to:

A.achieve a balance between risk and organizational goals.
B.reduce risk to an acceptable level.
C.ensure that policy development properly considers organizational risks.
D.ensure that all unmitigated risks are accepted by management.

Question 152

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ.
Which of the following should be evaluated FIRST?

A.Cross-border data mobility
B.Training requirements of the framework
C.Local regulatory requirements
D.Global framework standards

Question 153

An information security manager believes that information has been classified inappropriately, = the risk of a breach. Which of the following is the information security manager's BEST action?

A.Complete a risk assessment and refer the results to the data owners.
B.Refer the issue to internal audit for a recommendation.
C.Re-classify the data and increase the security level to meet business risk.
D.Instruct the relevant system owners to reclassify the data.

Question 154

Which of the following will MOST likely reduce the chances of an unauthorized individual gaining access to computing resources by pretending to be an authorized individual needing to have his, her password reset?

A.Performing reviews of password resets
B.Conducting security awareness programs
C.Increasing the frequency of password changes
D.Implementing automatic password syntax checking

Question 155

An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is to:

A.validate and sanitize client side inputs.
B.harden the database listener component.
C.normalize the database schema to the third normal form.
D.ensure that the security patches are updated on operating systems.

Question 151

Question 152

Question 153

Question 154

Question 155

Download PDF File