Free Access to ISACA.CISM.v2025-07-07.q684 with Valid Practice Test (Page 59)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2025-07-07.q684 Dumps

««
«
…
54
55
56
57
58
59
60
61
62
63
…
»
»»

Question 286

Which of the following metrics provides the BEST evidence of alignment of information security governance with corporate governance?

A.Average return on investment (ROI) associated with security initiatives
B.Average number of security incidents across business units
C.Mean time to resolution (MTTR) for enterprise-wide security incidents
D.Number of vulnerabilities identified for high-risk information assets

Correct Answer: A

Average return on investment (ROI) associated with security initiatives is the best metric to provide evidence of alignment of information security governance with corporate governance because it demonstrates the value and benefits of security investments to the organization's strategic goals and objectives. Average number of security incidents across business units is not a good metric because it does not measure the effectiveness or efficiency of security initiatives or their alignment with corporate governance. Mean time to resolution (MTTR) for enterprise-wide security incidents is not a good metric because it does not measure the impact or outcome of security initiatives or their alignment with corporate governance. Number of vulnerabilities identified for high-risk information assets is not a good metric because it does not measure the performance or improvement of security initiatives or their alignment with corporate governance. References: https://www.
isaca.org/resources/isaca-journal/issues/2015/volume-6/measuring-the-value-of-information-security- investments https://www.isaca.org/resources/isaca-journal/issues/2015/volume-1/how-to-measure-the- effectiveness-of-information-security-governance

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 287

Network isolation techniques are immediately implemented after a security breach to:

A.preserve evidence as required for forensics
B.reduce the extent of further damage.
C.allow time for key stakeholder decision making.
D.enforce zero trust architecture principles.

Correct Answer: B

Network isolation techniques are immediately implemented after a security breach to reduce the extent of further damage by limiting the access and communication of the compromised systems or networks with the rest of the environment. This can help prevent the spread of malware, the exfiltration of data, or the escalation of privileges by the attackers. Network isolation techniques can include disconnecting the affected systems or networks from the internet, blocking or filtering certain ports or protocols, or creating separate VLANs or subnets for the isolated systems or networks. Network isolation techniques are part of the incident response process and should be performed as soon as possible after detecting a security breach. Reference = CISM Review Manual 15th Edition, page 308-3091; CISM Review Questions, Answers & Explanations Database - 12 Month Subscription, Question ID: 1162

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 288

Which of the following is the BEST justification to convince management to invest in an information security program?

A.Cost reduction
B.Compliance with company policies
C.Protection of business assets
D.Increased business value

Correct Answer: D

Explanation
Investing in an information security program should increase business value and confidence. Cost reduction by itself is rarely the motivator for implementing an information security program. Compliance is secondary to business value. Increasing business value may include protection of business assets.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 289

Which of the following should an information security manager do FIRST when creating an organization's disaster recovery plan (DRP)?

A.Conduct a business impact analysis (BIA)
B.Identify the response and recovery learns.
C.Review the communications plan.
D.Develop response and recovery strategies.

Correct Answer: A

Conducting a business impact analysis (BIA) is the first step when creating an organization's disaster recovery plan (DRP) because it helps to identify and prioritize the critical business functions or processes that need to be restored after a disruption, and determine their recovery time objectives (RTOs) and recovery point objectives (RPOs)2. Identifying the response and recovery teams is not the first step, but rather a subsequent step that involves assigning roles and responsibilities for executing the DRP. Reviewing the communications plan is not the first step, but rather a subsequent step that involves defining the communication channels and protocols for notifying and updating the stakeholders during and after a disruption. Developing response and recovery strategies is not the first step, but rather a subsequent step that involves selecting and implementing the appropriate solutions and procedures for restoring the critical business functions or processes. Reference: 2 https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/business-impact-analysis-bia-and-disaster-recovery-planning-drp

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 290

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

A.Corporate culture
B.Clarity of security roles and responsibilities
C.Corporate risk framework
D.Maturity of the security policy

Correct Answer: A

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
54
55
56
57
58
59
60
61
62
63
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2025-07-07.q684 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter