Free Access ISACA.CISM.v2022-03-24.q890 Practice Test (Page 72)

Question 351

Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

A.Business impact analysis (BIA)

B.Penetration testing

C.Audit and review

D.Threat analysis

Question 352

Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?

A.SWOT analysis

B.Waterfall chart

C.Gap analysis

D.Balanced scorecard

Question 353

For an organization with a large and complex IT infrastructure, which of the following elements of a disaster recovery hot site service will require the closest monitoring?

A.Number of subscribers

B.Employee access

C.Audit tights

D.Systems configurations

Question 354

Which of the following would be MOST helpful when justifying the funding required for a compensating control?

A.Threat assessment

B.Business impact analysis

C.Business case

D.Risk analysis

Question 355

When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

A.Business management

B.Operations manager

C.Information security manager

D.System users

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 12811ISACA.CISM.v2022-06-26.q752; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 193OCEG.GRCP.v2025-09-11.q211; 111HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 141SAP.C-S4EWM-2023.v2025-09-08.q83; 205TheSecOpsGroup.CNSP.v2025-09-08.q20; 322CFAInstitute.ESG-Investing.v2025-09-08.q173; 281PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 351

Question 352

Question 353

Question 354

Question 355

Download PDF File