Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 61)

Question 296

What is the BEST way to ensure that contract programmers comply with organizational security policies?

A.Explicitly refer to contractors in the security standards

B.Have the contractors acknowledge in writing the security policies

C.Create penalties for noncompliance in the contracting agreement

D.Perform periodic security reviews of the contractors

Question 297

An information security manager has been alerted to a possible incident involving a breach at one of the organization's vendors. Which of the following should be done FIRST?

A.Perform incident recovery.

B.Discontinue the relationship with the vendor.

C.Engage the incident response team.

D.Perform incident eradication.

Question 298

Which of the following activities should take place FIRST when a security patch for Internet software is received from a vendor?

A.The patch should be evaluated in a testing environment.

B.The patch should be deployed quickly to systems that are vulnerable.

C.The patch should be validated a hash algorithm.

D.The patch should be applied to critical systems.

Question 299

An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?

A.Executive management

B.The business owner

C.System administrator

D.Key customers

Question 300

To achieve effective strategic alignment of security initiatives, it is important that:

A.Steering committee leadership be selected by rotation.

B.Inputs be obtained and consensus achieved between the major organizational units.

C.The business strategy be updated periodically.

D.Procedures and standards be approved by all departmental heads.

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12811ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 151OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 186TheSecOpsGroup.CNSP.v2025-09-08.q20; 282CFAInstitute.ESG-Investing.v2025-09-08.q173; 264PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 296

Question 297

Question 298

Question 299

Question 300

Download PDF File