Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 29)

Question 136

Which of the following approaches is BEST for selecting controls to minimize information security risks?

A.Risk assessment

B.Cost-benefit analysis

C.Industry best practices

D.Control-effectiveness

Question 137

The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?

A.Ensure better identification of incidents in the incident response plan.

B.Discuss the definition of roles in the incident response plan.

C.Require management approval of the incident response plan.

D.Disseminate the incident response plan throughout the organization.

Question 138

Which of the following is the MOST important component of a risk profile?

A.Risk management framework

B.Data classification results

C.Penetration test results

D.Risk assessment methodology

Question 139

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FWST step?

A.Assess the business objectives of the processes

B.Evaluate the cost of information security integration

C.Identify information security risk associated with the processes

D.Benchmark the processes with best practice to identify gaps.

Question 140

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

A.Number of controls implemented

B.Percent of control objectives accomplished

C.Percent of compliance with the security policy

D.Reduction in the number of reported security incidents

Other Version: 1054ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 15499ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 119Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 229CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 136

Question 137

Question 138

Question 139

Question 140

Download PDF File