Instant Access ISACA.CISM.v2022-07-24.q824 Actual Practice Test Engine for Free (Page 32)

Welcome to DumpsDB

- Passing Exams, Dumps for Free

Request Exam Contact

Home
Popular Exams
- Oracle
- Fortinet
- Juniper
- Microsoft
- Cisco
- Citrix
- CompTIA
- VMware
- ISC
- SAP
- EMC
- PMI
- HP
- Salesforce
View All Exams
New Dumps
Upload

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2022-07-24.q824 Dumps

««
«
…
27
28
29
30
31
32
33
34
35
36
…
»
»»

Question 151

The PRIMARY reason for using information security metrics is to:

A.ensure alignment with corporate requirements.
B.adhere to legal and regulatory requirements
C.monitor the effectiveness of controls
D.achieve senior management commitment.

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 152

Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?

A.Countermeasure cost-benefit analysis
B.Penetration testing
C.Frequent risk assessment programs
D.Annual loss expectancy (ALE) calculation

Correct Answer: A

Explanation
In a countermeasure cost-benefit analysis, the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure. Penetration testing may indicate the extent of a weakness but, by itself, will not establish the cost/benefit of a control. Frequent risk assessment programs will certainly establish what risk exists but will not determine the maximum cost of controls. Annual loss expectancy (ALE) is a measure which will contribute to the value of the risk but. alone, will not justify a control.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 153

A risk mitigation report would include recommendations for:

A.assessment.
B.acceptance.
C.evaluation.
D.quantification.

Correct Answer: B

Explanation
Acceptance of a risk is an alternative to be considered in the risk mitigation process. Assessment. evaluation and risk quantification are components of the risk analysis process that are completed prior to determining risk mitigation solutions.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 154

Of the following, retention of business records should be PRIMARILY based on:

A.periodic vulnerability assessment.
B.regulatory and legal requirements.
C.device storage capacity and longevity.
D.past litigation.

Correct Answer: B

Explanation/Reference:
Explanation:
Retention of business records is a business requirement that must consider regulatory and legal requirements based on geographic location and industry. Options A and C are important elements for making the decision, but the primary driver is the legal and regulatory requirements that need to be followed by all companies. Record retention may take into consideration past litigation, but it should not be the primary decision factor.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 155

The MOST important element in achieving executive commitment to an information security governance program is:

A.a defined security framework
B.identified business drivers
C.established security strategies
D.a process improvement model

Correct Answer: B

Section: INFORMATION SECURITY GOVERNANCE

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
27
28
29
30
31
32
33
34
35
36
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2022-07-24.q824 Dumps

Email:

We are the Largest and the most Updated website for all vendors Certification Exam materials around the world.

Using resources of we provide, we strive using dumps to strengthen the community of High level Certification professionals for free.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 DumpsDB

www.dumpsdb.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics