Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 34)

Question 161

Which of the following should an information security manager do when a recent internal audit reveals a security risk is more severe than previously assessed?

A.Review the remainder of the internal audit report.

B.Update the risk register and notify the CISC

C.Validate the finding is legitimate and not a false positive.

D.Escalate the finding to the business owner and obtain a remediation plan.

Question 162

Which of the following is the MOST important consideration when designing a disaster recovery test?

A.The test fully recovers the storage infrastructure

B.The test addresses critical business functions.

C.The test includes the recovery time objectives (RTOs).

D.The test assesses the adequacy of network redundancy.

Question 163

Which of the following is MOST important for an information security manager to regularly report to senior management?

A.Results of penetration tests

B.Threat analysis reports

C.Impact of untreated risks

D.Audit reports

Question 164

Which if the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?

A.Compliance risk assessment

B.Critical audit findings

C.Industry comparison analysis

D.Number of reported security incidents

Question 165

To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.

A.create a separate account for the programmer as a power user.

B.log all of the programmers' activity for review by supervisor.

C.have the programmer sign a letter accepting full responsibility.

D.perform regular audits of the application.

Other Version: 1071ISACA.CISM.v2025-02-21.q785; 630ISACA.CISM.v2024-12-21.q371; 12771ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 161

Question 162

Question 163

Question 164

Question 165

Download PDF File