Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 161)

For proper escalation of events, it is MOST important for the information security manager to ensure:

A.incident documentation templates are created.

B.the incident team is adequately staffed.

C.incident severity levels are defined.

D.the incident response plan is approved.

The PRIMARY objective of periodically testing an incident response plan should be to:

A.improve employee awareness of the incident response process,

B.highlight the importance of incident response and recovery.

C.improve internal processes and procedures,

D.harden the technical infrastructure.

When implementing security controls, an information security manager must PRIMARILY focus on:

A.minimizing operational impacts.

B.eliminating all vulnerabilities.

C.usage by similar organizations.

D.certification from a third party.

The MOST important objective of security awareness training for business staff is to:

A.modify behavior

B.increase compliance.

C.understand intrusion methods

D.reduce negative audit findings

Risk assessment is MOST effective when performed:

A.at the beginning of security program development.

B.on a continuous basis.

C.while developing the business case for the security program.

D.during the business change process.

Other Version: 1044ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 12747ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 226CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Download PDF File