Instant Access ISACA.CISM.v2022-07-24.q824 Actual Practice Test Engine for Free (Page 27)

Question 126

During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?

A.Updating configuration baselines to allow exceptions
B.Conducting periodic vulnerability scanning
C.Providing annual information security awareness training
D.Implementing a strict change control process

Question 127

A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

A.Run a port scan on the system
B.Disable the logon ID
C.Investigate the system logs
D.Validate the incident

Question 128

An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:

A.an audit of the service provider uncovers no significant weakness.
B.the contract includes a nondisclosure agreement (NDA) to protect the organization's intellectual property.
C.the contract should mandate that the service provider will comply with security policies.
D.the third-party service provider conducts regular penetration testing.

Question 129

Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:

A.map the major threats to business objectives.
B.review available sources of risk information.
C.identify the value of the critical assets.
D.determine the financial impact if threats materialize.

Question 130

Which of the following would be the FIRST step in establishing an information security program?

A.Develop the security policy.
B.Develop security operating procedures.
C.Develop the security plan.
D.Conduct a security controls study.

Question 126

Question 127

Question 128

Question 129

Question 130

Download PDF File