Download ISACA.CISM.VCEplus.2024-08-31.225q.tqb

Download Exam

File Info

Exam Certified Information Security Manager
Number CISM
File Name ISACA.CISM.VCEplus.2024-08-31.225q.tqb
Size 885 KB
Posted Aug 31, 2024
Download ISACA.CISM.VCEplus.2024-08-31.225q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?


  1. Integrate information security risk assessments into the procurement process.
  2. Provide regular information security training to the procurement team.
  3. Invite IT members into regular procurement team meetings to influence best practice.
  4. Enforce the right to audit in procurement contracts with SaaS vendors.
Correct answer: A



Question 2

Which of the following will result in the MOST accurate controls assessment?


  1. Mature change management processes
  2. Senior management support
  3. Well-defined security policies
  4. Unannounced testing
Correct answer: B



Question 3

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?


  1. Determine whether the organization can benefit from adopting the new standard.
  2. Obtain legal counsel's opinion on the standard's applicability to regulations,
  3. Perform a risk assessment on the new technology.
  4. Review industry specialists' analyses of the new standard.
Correct answer: C



Question 4

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?


  1. Data is encrypted in transit and at rest at the vendor site.
  2. Data is subject to regular access log review.
  3. The vendor must be able to amend data.
  4. The vendor must agree to the organization's information security policy,
Correct answer: D



Question 5

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?


  1. Conduct an impact assessment.
  2. Isolate the affected systems.
  3. Rebuild the affected systems.
  4. Initiate incident response.
Correct answer: B



Question 6

In which cloud model does the cloud service buyer assume the MOST security responsibility?


  1. Disaster Recovery as a Service (DRaaS)
  2. Infrastructure as a Service (laaS)
  3. Platform as a Service (PaaS)
  4. Software as a Service (SaaS)
Correct answer: B



Question 7

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:


  1. current international standard was used to assess security processes.
  2. certification will remain current through the life of the contract.
  3. certification scope is relevant to the service being offered.
  4. certification can be extended to cover the client's business.
Correct answer: C



Question 8

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?


  1. Management's business goals and objectives
  2. Strategies of other non-regulated companies
  3. Risk assessment results
  4. Industry best practices and control recommendations
Correct answer: A



Question 9

When investigating an information security incident, details of the incident should be shared:


  1. widely to demonstrate positive intent.
  2. only with management.
  3. only as needed,
  4. only with internal audit.
Correct answer: C



Question 10

Which of the following should be the PRIMARY consideration when developing an incident response plan?


  1. The definition of an incident
  2. Compliance with regulations
  3. Management support
  4. Previously reported incidents
Correct answer: B









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files