Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 106)

When aligning an organization's information security program with other risk and control activities, it is MOST important to:

A.develop an information security governance framework.

B.have information security management report to the chief risk officer.

C.ensure adequate financial resources are available.

D.integrate security within the system development life cycle.

The BEST way to ensure that an external service provider complies with organizational security policies is to:

A.Explicitly include the service provider in the security policies.

B.Receive acknowledgment in writing stating the provider has read all policies.

C.Cross-reference to policies in the service level agreement

D.Perform periodic reviews of the service provider.

Which of the following are the MOST important individuals to include as members of an information security steering committee?

A.Direct reports to the chief information officer

B.IT management and key business process owners

C.Cross-section of end users and IT professionals

D.Internal audit and corporate legal departments

Which of the following is the MOST important consideration when establishing an information security governance framework?

A.Security steering committee meetings are held at least monthly.

B.Business unit management acceptance is obtained.

C.Executive management support is obtained.

D.Members of the security steering committee are trained in information security.

Which of the following is a PRIMARY security responsibility of an information owner?

A.Testing information classification controls

B.Deciding what level of classification the information requires

C.Maintaining the integrity of data in the information system

D.Determining the controls associated with information classification

Other Version: 1087ISACA.CISM.v2025-02-21.q785; 650ISACA.CISM.v2024-12-21.q371; 15531ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 103Oracle.1z0-1196-25.v2025-09-12.q18; 102NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 253CFAInstitute.ESG-Investing.v2025-09-08.q173; 238PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Download PDF File