Free Access to ISACA.CISM.v2025-07-07.q684 with Valid Practice Test (Page 33)

Question 156

Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?

A.Company A's security architecture
B.The organizational structure of Company B
C.The cost to align to Company A's security policies
D.Company B's security policies

Question 157

Which of the following is the MOST practical control that an organization can implement to prevent unauthorized downloading of data to universal serial bus (USB) storage devices?

A.Disciplinary action
B.Two-factor authentication
C.Restrict drive usage
D.Strong encryption

Question 158

Which of the following are the essential ingredients of a business impact analysis (B1A)?

A.Downtime tolerance, resources and criticality
B.Cost of business outages in a year as a factor of the security budget
C.Business continuity testing methodology being deployed
D.Structure of the crisis management team

Question 159

A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is

A.the risk assessment has not defined the likelihood of occurrence
B.the reported vulnerability has not been validated
C.executive management is not aware of the impact potential
D.the cost of implementing controls exceeds the potential financial losses.

Question 160

Which of the following BEST supports effective communication during information security incidents7

A.Frequent incident response training sessions
B.Centralized control monitoring capabilities
C.Responsibilities defined within role descriptions
D.Predetermined service level agreements (SLAs)

Question 156

Question 157

Question 158

Question 159

Question 160

Download PDF File