Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 41)

Question 196

The PRIMARY purpose of implementing information security governance metrics is to:

A.measure alignment with best practices.

B.guide security towards the desired state.

C.refine control operations.

D.asses operational and program metrics

Question 197

An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?

A.Inadequate buy-in from system owners to support the policies

B.Lack of an information security governance framework

C.Lack of training for end users on security policies

D.Availability of security policy documents on a public website

Question 198

Which of the following is a potential indicator of inappropriate Internet use by staff?

A.Increased help desk calls for password resets

B.Increased number of weakness from vulnerability scans

C.Increased reports of slow system performance

D.Reduced number of pings on firewalls

Question 199

Which of the following risks would BEST be assessed using qualitative risk assessment techniques?

A.Theft of purchased software

B.Power outage lasting 24 hours

C.Permanent decline in customer confidence

D.Temporary loss of e-mail due to a virus attack

Question 200

Which of the following presents the GREATEST concern to the information security manager when using account locking features on an online application? It can increase vulnerability..

A.social engineering.

B.phishing.

C.denial of service.

D.brute force attacks.

Other Version: 1087ISACA.CISM.v2025-02-21.q785; 650ISACA.CISM.v2024-12-21.q371; 12787ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 103Oracle.1z0-1196-25.v2025-09-12.q18; 102NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 253CFAInstitute.ESG-Investing.v2025-09-08.q173; 238PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 196

Question 197

Question 198

Question 199

Question 200

Download PDF File