Instant Access ISACA.CISM.v2022-01-28.q253 Actual Practice Test Engine for Free (Page 27)

Welcome to DumpsDB

- Passing Exams, Dumps for Free

Request Exam Contact

Home
Popular Exams
- Oracle
- Fortinet
- Juniper
- Microsoft
- Cisco
- Citrix
- CompTIA
- VMware
- ISC
- SAP
- EMC
- PMI
- HP
- Salesforce
View All Exams
New Dumps
Upload

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2022-01-28.q253 Dumps

««
«
…
22
23
24
25
26
27
28
29
30
31
…
»
»»

Question 126

Which of the following would present the GREATEST risk to information security?

A.Virus signature files updates are applied to all servers every day
B.Security access logs are reviewed within five business days
C.Critical patches are applied within 24 hours of their release
D.Security incidents are investigated within five business days

Correct Answer: D

Security incidents are configured to capture system events that are important from the security perspective; they include incidents also captured in the security access logs and other monitoring tools. Although, in some instances, they could wait for a few days before they are researched, from the options given this would have the greatest risk to security. Most often, they should be analyzed as soon as possible. Virus signatures should be updated as often as they become available by the vendor, while critical patches should be installed as soon as they are reviewed and tested, which could occur in 24 hours.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 127

The MOST basic requirement for an information security governance program is to:

A.be aligned with the corporate business strategy.
B.be based on a sound risk management approach.
C.provide adequate regulatory compliance.
D.provide best practices for security- initiatives.

Correct Answer: A

To receive senior management support, an information security program should be aligned with the corporate business strategy. Risk management is a requirement of an information security program which should take into consideration the business strategy. Security governance is much broader than just regulatory compliance. Best practice is an operational concern and does not have a direct impact on a governance program.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 128

Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

A.Request a list of the software to be used
B.Provide clear directions to IT staff
C.Monitor intrusion detection system (IDS) and firewall logs closely
D.Establish clear rules of engagement

Correct Answer: D

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
It is critical to establish a clear understanding on what is permissible during the engagement. Otherwise, the tester may inadvertently trigger a system outage or inadvertently corrupt files. Not as important, but still useful, is to request a list of what software will be used. As for monitoring the intrusion detection system (IDS) and firewall, and providing directions to IT staff, it is better not to alert those responsible for monitoring (other than at the management level), so that the effectiveness of that monitoring can be accurately assessed.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 129

Which of the following is MOST important for an information security manager to verify before conducting full- functional continuity testing?

A.Risk acceptance by the business has been documented.
B.Incident response and recovery plans are documented in simple language.
C.Teams and individuals responsible for recovery have been identified.
D.Copies of recovery and incident response plans are kept offsite.

Correct Answer: C

Section: INFORMATION SECURITY PROGRAM MANAGEMENT

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 130

The MOST important reason for an information security manager to be involved in the change management process is to ensure that:

A.security controls are updated regularly.
B.potential vulnerabilities are identified.
C.risks have been evaluated.
D.security controls drive technology changes.

Correct Answer: D

Section: MIXED QUESTIONS

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
22
23
24
25
26
27
28
29
30
31
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2022-01-28.q253 Dumps

Email:

We are the Largest and the most Updated website for all vendors Certification Exam materials around the world.

Using resources of we provide, we strive using dumps to strengthen the community of High level Certification professionals for free.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 DumpsDB

www.dumpsdb.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics