Free Access to ISACA.CISM.v2025-07-07.q684 with Valid Practice Test (Page 81)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2025-07-07.q684 Dumps

««
«
…
76
77
78
79
80
81
82
83
84
85
…
»
»»

Question 396

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

A.Benchmark the processes with best practice to identify gaps.
B.Calculate the return on investment (ROI).
C.Provide security awareness training to HR.
D.Assess the business objectives of the processes.

Correct Answer: D

Explanation
The first step when integrating information security into HR management processes is to assess the business objectives of the processes, which means understanding the purpose, scope, and expected outcomes of the HR functions and activities, and how they relate to the organization's strategy and goals. The assessment will help to identify the information security requirements, risks, and controls that are relevant and applicable to the HR processes, and to align the information security objectives with the business objectives.
References = CISM Review Manual 15th Edition, CISM: Overview of domains [updated 2022]

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 397

The MOST important success factor to design an effective IT security awareness program is to:

A.customize the content to the target audience.
B.ensure senior management is represented.
C.ensure that all the staff is trained.
D.avoid technical content but give concrete examples.

Correct Answer: A

Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Awareness training can only be effective if it is customized to the expectations and needs of attendees. Needs will be quite different depending on the target audience and will vary between business managers, end users and IT staff; program content and the level of detail communicated will therefore be different. Other criteria are also important; however, the customization of content is the most important factor.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 398

Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system?

A.User ad hoc reporting is not logged
B.Network traffic is through a single switch
C.Operating system (OS) security patches have not been applied
D.Database security defaults to ERP settings

Correct Answer: C

Explanation
The fact that operating system (OS) security patches have not been applied is a serious weakness. Routing network traffic through a single switch is not unusual. Although the lack of logging for user ad hoc reporting is not necessarily good, it does not represent as serious a security-weakness as the failure to install security patches. Database security defaulting to the ERP system's settings is not as significant.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 399

Which of the following is the BEST way to protect against unauthorized access to an encrypted file sent via email?

A.Using a digital signature in the email
B.Utilizing a separate distribution channel for the password
C.Validating the recipient's identity
D.Ensuring a policy exists for encrypting files in transit

Correct Answer: B

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 400

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

A.Perform a patch update.
B.Conduct a risk assessment.
C.Perform a penetration test.
D.Conduct an impact assessment.

Correct Answer: B

According to the CISM Review Manual, the first step an information security manager should take when a vulnerability has been disclosed is to conduct a risk assessment to determine the likelihood and impact of the vulnerability being exploited, and the appropriate response strategy. Performing a patch update, a penetration test or an impact assessment are possible subsequent steps, but not the first one.
Reference = CISM Review Manual, 27th Edition, Chapter 3, Section 3.3.2, page 1331.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
76
77
78
79
80
81
82
83
84
85
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2025-07-07.q684 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter