Instant Access ISACA.CISM.v2024-03-13.q421 Actual Practice Test Engine for Free (Page 44)

Question 211

After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

A.Information security officer
B.Chief information officer (CIO)
C.Business owner
D.Chief executive officer (CF.O)

Question 212

Which of the following is MOST important for effective communication during incident response?

A.Establishing a mean time to resolve (MTTR) metric
B.Maintaining an updated contact list
C.Establishing a recovery time objective (RTO)
D.Maintaining a relationship with media and law enforcement

Question 213

An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?

A.Restrict account access to read only
B.Log all usage of this account
C.Suspend the account and activate only when needed
D.Require that a change request be submitted for each download

Question 214

Which of the following is MOST likely to be included in an enterprise security policy?

A.Organizational risk
B.Retention schedules
C.System access specifications
D.Definitions of responsibilities

Question 215

A recent audit has identified that security controls by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?

A.Discuss the issue with the data owners to determine the reason for the exception
B.Discuss the issue with data custodians to determine the reason for the exception
C.Report the issue to senior management and request funding to fix the issue
D.Deny access to the application until the issue is resolved

Question 211

Question 212

Question 213

Question 214

Question 215

Download PDF File