Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 105)

Question 516

In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:

A.develop an operational plan for achieving compliance with the legislation.

B.identify systems and processes that contain privacy components.

C.restrict the collection of personal information until compliant.

D.identify privacy legislation in other countries that may contain similar requirements.

Question 517

To ensure that all information security procedures are functional and accurate, they should be designed with the involvement of:

A.end users.

B.legal counsel.

C.operational units.

D.audit management.

Question 518

The service level agreement (SLA) for an outsourced IT function does not reflect an adequate level of protection. In this situation an information security manager should:

A.ensure the provider is made liable for losses.

B.recommend not renewing the contract upon expiration.

C.recommend the immediate termination of the contract.

D.determine the current level of security.

Question 519

After assessing risk, the decision to treat the risk should be based PRIMARILY on:

A.whether the level of risk exceeds risk appetite.

B.the criticality of the risk.

C.whether the level of risk exceeds inherent risk.

D.availability of financial resources.

Question 520

A validated patch to address a new vulnerability that may affect a mission-critical server has been released.
What should be done immediately?

A.Add mitigating controls.

B.Take the server off-line and install the patch.

C.Check the server's security and install the patch.

D.Conduct an impact analysis.

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12811ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 151OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 186TheSecOpsGroup.CNSP.v2025-09-08.q20; 282CFAInstitute.ESG-Investing.v2025-09-08.q173; 264PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 516

Question 517

Question 518

Question 519

Question 520

Download PDF File