Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 63)

Question 306

A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?

A.Sign a legal agreement assigning them all liability for any breach

B.Remove all trading partner access until the situation improves

C.Set up firewall rules restricting network traffic from that location

D.Send periodic reminders advising them of their noncompliance

Question 307

An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?

A.Request that the third-party provider perform background checks on their employees.

B.Perform an internal risk assessment to determine needed controls.

C.Audit the third-party provider to evaluate their security controls.

D.Perform a security assessment to detect security vulnerabilities.

Question 308

The data access requirements for an application should be determined by the:

A.legal department.

B.compliance officer.

C.information security manager.

D.business owner.

Question 309

An information security manager wishing to establish security baselines would:

A.include appropriate measurements in the system development life cycle.

B.implement the security baselines to establish information security best practices.

C.implement the security baselines to fulfill laws and applicable regulations in different jurisdictions.

D.leverage information security as a competitive advantage.

Question 310

Which of the following should an information security manager consider when reviewing an existing security investment plan?

A.The plan has summarized IT costs for implementation.

B.The plan focuses on meeting industry best practices and industry standards.

C.The plan is based on a review of threats. and vulnerabilities in existing IT systems.

D.The plan identifies all potential threats and their impact on business processes

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12811ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 151OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 186TheSecOpsGroup.CNSP.v2025-09-08.q20; 282CFAInstitute.ESG-Investing.v2025-09-08.q173; 264PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 306

Question 307

Question 308

Question 309

Question 310

Download PDF File