Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 24)

Question 111

An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements. Which of the following should be the information security manager's FIRST course of action?

A.Isolate the non-compliant system from the rest of the network

B.Request risk acceptance from senior management

C.Conduct an impact analysis to quantify the associated risk

D.Submit the issue to the steering committee for escalation

Question 112

Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?

A.Reducing organizational security risk

B.Improving the protection of information

C.Minimizing the cost of security controls

D.Achieving organizational objectives

Question 113

The business continuity policy should contain which of the following?

A.Emergency call trees

B.Recovery criteria

C.Business impact assessment (BIA)

D.Critical backups inventory

Question 114

As an organization grows, exceptions to information security policies that were not originally specified may become necessary at a later date. In order to ensure effective management of business risks, exceptions to such policies should be:

A.considered at the discretion of the information owner.

B.approved by the next higher person in the organizational structure.

C.formally managed within the information security framework.

D.reviewed and approved by the security manager.

Question 115

Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?

A.Configuration of firewalls

B.Strength of encryption algorithms

C.Authentication within application

D.Safeguards over keys

Other Version: 1042ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 12740ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 173PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 147Adobe.AD0-E605.v2025-09-05.q50

Question 111

Question 112

Question 113

Question 114

Question 115

Download PDF File