Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 170)

Question 841

Information security managers should use risk assessment techniques to:

A.justify selection of risk mitigation strategies.

B.maximize the return on investment (ROD.

C.provide documentation for auditors and regulators.

D.quantify risks that would otherwise be subjective.

Question 842

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?

A.Results from a gap analysis

B.Results from a business impact analysis

C.Deadlines and penalties for noncompliance

D.An inventory of security controls currently in place

Question 843

When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should:

A.provide unrestricted communication channels to executive leadership to ensure direct access.

B.recommend the same communication path for events to ensure consistency of communication.

C.specify step-by-step escalation paths to ensure an appropriate chain of command.

D.require events to be escalated whenever possible to ensure that management is kept informed.

Question 844

The MOST important objective of a post incident review is to:

A.capture lessons learned to improve the process.

B.develop a process for continuous improvement.

C.develop a business case for the security program budget.

D.identify new incident management tools.

Question 845

Which of the following would be the FIRST step in establishing an information security program?

A.Develop the security policy.

B.Develop security operating procedures.

C.Develop the security plan.

D.Conduct a security controls study.

Other Version: 1012ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 12706ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 101OCEG.GRCP.v2025-09-11.q211; 101HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 841

Question 842

Question 843

Question 844

Question 845

Download PDF File