Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 139)

Question 686

An information security manager is evaluating the key risk indicators (KRIs) for an organization's information security program. Which of the following would be the information security manager's GREATEST concern?

A.Undefined thresholds to trigger alerts

B.Multiple KRIs for a single control process

C.Use of qualitative measures

D.Lack of formal KRI approval from IT management

Question 687

A legacy application does not comply with new regulatory requirements to encrypt sensitive data at rest, and remediating this issue would require significant investment. What should the information security manager do FIRST?

A.Investigate alternative options to remediate the noncompliance.

B.Assess the business impact to the organization.

C.Present the noncompliance risk to senior management.

D.Determine the cost to remediate the noncompliance.

Question 688

Risk identification, analysis, and mitigation activities can BEST be integrated into business life cycle processes by linking them to:

A.change management

B.compliance testing

C.configuration management

D.continuity planning

Question 689

Which of the following is the BEST reason to reassess risk following an incident?

A.To capture lessons learned

B.To identify changes in the threat environment

C.To update roles and responsibilities

D.To accurately document risk to the organization

Question 690

Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?

A.Security controls offered by the provider are inadequate

B.There is no right to audit the security of the provider

C.Service level agreements (SLAs) art not well defined.

D.Data retention policies may be violated.

Other Version: 1032ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 15477ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 149Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 686

Question 687

Question 688

Question 689

Question 690

Download PDF File