Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 117)

Question 576

Which of the following is MOST important for an information security manager to ensure when evaluating change requests?

A.Contingency plans have been created.

B.Requests are approved by process owners.

C.Requests add value to the business.

D.Residual risk is within risk tolerance.

Question 577

An IT department is having difficulty controlling the installation and use of unauthorized software that is in breach of organizational policy. Which of the following is the MOST effective solution?

A.Install a software monitoring tool on the network.

B.Restrict local desktop administration rights.

C.Conduct random workstation audits.

D.Train users on the acceptable use policies.

Question 578

Which of the following is MOST important for an information security manager to communicate to senior management regarding the security program?

A.User roles and responsibilities

B.Impact analysis results

C.Security architecture changes

D.Potential risks and exposures

Question 579

Investments in information security technologies should be based on:

A.vulnerability assessments.

B.value analysis.

C.business climate.

D.audit recommendations.

Question 580

The BEST way to ensure that an external service provider complies with organizational security policies is to:

A.Explicitly include the service provider in the security policies.

B.Receive acknowledgment in writing stating the provider has read all policies.

C.Cross-reference to policies in the service level agreement

D.Perform periodic reviews of the service provider.

Other Version: 1107ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12805ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 108Oracle.1z0-1196-25.v2025-09-12.q18; 109NetworkAppliance.NS0-162.v2025-09-12.q86; 149OCEG.GRCP.v2025-09-11.q211; 109HP.HPE0-V27.v2025-09-11.q78; 125Oracle.1Z0-1057-23.v2025-09-10.q47; 161Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 139SAP.C-S4EWM-2023.v2025-09-08.q83; 183TheSecOpsGroup.CNSP.v2025-09-08.q20; 267CFAInstitute.ESG-Investing.v2025-09-08.q173; 257PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 576

Question 577

Question 578

Question 579

Question 580

Download PDF File