Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 35)

Question 166

Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)?

A.Client logins are subject to replay attack.

B.Compromised VPN clients could impact the network.

C.Attackers could compromise the VPN gateway.

D.VPN traffic could be sniffed and captured.

Question 167

Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?

A.Historical cost of the asset

B.Acceptable level of potential business impacts

C.Cost versus benefit of additional mitigating controls

D.Annualized loss expectancy (ALE)

Question 168

An organization's information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?

A.Include tips to identify threats in awareness training.

B.Create a new security policy that staff must read and sign.

C.Conduct a business impact analysis (BIA) of the threat.

D.Update data loss prevention (DLP) rules for email.

Question 169

Which of the following represents a PRIMARY area of interest when conducting a penetration test?

A.Data mining

B.Network mapping

C.Intrusion Detection System (IDS)

D.Customer data

Question 170

The MOST likely cause of a security information event monitoring (SIEM) solution failing to identify a serious incident is that the system:

A.has performance issues.

B.is not collecting logs from relevant devices.

C.is hosted by a cloud service provider.

D.has not been updated with the latest patches.

Other Version: 1073ISACA.CISM.v2025-02-21.q785; 630ISACA.CISM.v2024-12-21.q371; 12773ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 166

Question 167

Question 168

Question 169

Question 170

Download PDF File