Risk scenarios simplify the risk assessment process by:
A. covering the full range of possible risk.
B. ensuring business risk is mitigated.
C. reducing the need for subsequent risk evaluation.
D. focusing on important and relevant risk.
Which of the following is the MOST important consideration when developing information security objectives?
A. They are regularly reassessed and reported to stakeholders
B. They are approved by the IT governance function
C. They are clear and can be understood by stakeholders
D. They are identified using global security frameworks and standards
Which of the following BEST enables effective information security governance?
A. Security-aware corporate culture
B. Advanced security technologies
C. Periodic vulnerability assessments
D. Established information security metrics
What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
A. Calculate the total cost of ownership (TCO).
B. Define the issues to be addressed.
C. Perform a cost-benefit analysis.
D. Conduct a feasibility study.
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
A. Decision on the classification of cloud-hosted data
B. Expertise of personnel providing incident response
C. Implementation of a SIEM in the organization
D. An agreement on the definition of a security incident
Which of the following is the BEST way for an organization to determine the maturity level of its information security program?
A. Review the results of information security awareness testing.
B. Validate the effectiveness of implemented security controls.
C. Benchmark the information security policy against industry standards.
D. Track the trending of information security incidents.
An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?
A. Increase the frequency of log monitoring and analysis.
B. Implement a security information and event management system (SIEM).
C. Increase the sensitivity of intrusion detection systems (IDSs).
D. Implement multi-factor authentication.
Which of the following is a PRIMARY function of an incident response team?
A. To provide a business impact assessment
B. To provide effective incident mitigation
C. To provide a single point of contact for critical incidents
D. To provide a risk assessment for zero-day vulnerabilities
In a multinational organization, local security regulations should be implemented over global security policy because:
A. business objectives are defined by local business unit managers.
B. deploying awareness of local regulations is more practical than of global policy.
C. global security policies include unnecessary controls for local businesses.
D. requirements of local regulations take precedence.
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
A. Controls to be monitored
B. Reporting capabilities
C. The contract with the SIEM vendor
D. Available technical support
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISM exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.