Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 23)

Question 106

During the security review of organizational servers it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:

A.copy sample files as evidence.

B.remove access privileges to the folder containing the data.

C.report this situation to the data owner.

D.train the HR team on properly controlling file permissions.

Question 107

An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?

A.Change the DLP system.

B.Request risk acceptance.

C.Perform a risk assessment.

D.Review alternative controls.

Question 108

Which is MOST important when contracting an external party to perform a penetration test?

A.Provide network documentation

B.Obtain approval from IT management

C.Define the project scope

D.Increase the frequency of log reviews

Question 109

Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?

A.A bit-level copy of all hard drive data

B.The last verified backup stored offsite

C.Data from volatile memory

D.Backup servers

Question 110

An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?

A.Perform regular audits on the implementation of critical patches.

B.Assess the patch management process

C.Evaluate patch management training.

D.Monitor and notify IT staff of critical patches

Other Version: 1042ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 12740ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 173PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 147Adobe.AD0-E605.v2025-09-05.q50

Question 106

Question 107

Question 108

Question 109

Question 110

Download PDF File