Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 62)

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

A.information security manager

B.escalation procedures

C.disaster recovery plan

D.chain of custody

A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

A.it simulates the real-1ife situation of an external security attack.

B.human intervention is not required for this type of test.

C.less time is spent on reconnaissance and information gathering.

D.critical infrastructure information is not revealed to the tester.

Which of the following is MOST important when carrying out a forensic examination of a laptop to determine an employee s involvement in a fraud?

A.The investigation should be conducted on an image of the original disk drive.

B.An HR representative should be present during the laptop examination.

C.The employee's network access should be suspended.

D.The laptop should not be removed from (he company premises.

Which of the following is the MOST usable deliverable of an information security risk analysis?

A.Business impact analysis (BIA) report

B.List of action items to mitigate risk

C.Assignment of risks to process owners

D.Quantification of organizational risk

Which of the following situations would MOST inhibit the effective implementation of security governance?

A.The complexity of technology

B.Budgetary constraints

C.Conflicting business priorities

D.High-level sponsorship

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12811ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 151OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 186TheSecOpsGroup.CNSP.v2025-09-08.q20; 282CFAInstitute.ESG-Investing.v2025-09-08.q173; 264PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Download PDF File