Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 7)

Question 26

Which of the following is the PRIMARY purpose of data classification?

A.To provide a basis for protecting data

B.To determine access rights to data

C.To ensure integrity of data

D.To select encryption technology

Question 27

System logs and audit logs for sensitive systems should be stored

A.In an encrypted folder on each server.

B.on a shared Internal server

C.on a dedicated encrypted storage server,

D.on a cold site server.

Question 28

Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following is the manager s BEST course of action?

A.Re-assess the outstanding risk of the acquired company.

B.Add the outstanding risk to the acquiring organization's risk registry

C.Perform a vulnerability assessment of the acquired company s infrastructure.

D.Re-evaluate the risk treatment plan for the outstanding risk.

Question 29

The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager

A.report risks in other departments.

B.obtain support from other departments.

C.report significant security risks.

D.have knowledge of security standards.

Question 30

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

A.uses multiple redirects for completing a data commit transaction.

B.has implemented cookies as the sole authentication mechanism.

C.has been installed with a non-legitimate license key.

D.is hosted on a server along with other applications.

Other Version: 1009ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 12706ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 220CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 26

Question 27

Question 28

Question 29

Question 30

Download PDF File