Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 32)

Question 151

During the security review of organizational servers, it was found that a file server containing confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the security manager should:

A.copy sample files as evidence.

B.remove access privileges to the folder containing the data.

C.report this situation to the data owner.

D.train the HR team on properly controlling file permissions.

Question 152

Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?

A.Risk tolerance levels

B.Maturity models

C.Key risk indicators (KRIs)

D.Key performance indicators (KPIs)

Question 153

Which of the following is MOST relevant for an information security manager to communicate to business units?

A.Threat assessments

B.Vulnerability assessments

C.Risk ownership

D.Business impact analysis (BIA)

Question 154

A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited.
What process should the information security manager deploy to determine the necessity for remedial action?

A.A penetration test

B.A security baseline review

C.A risk assessment

D.A business impact analysis (BIA)

Question 155

Which of the following is the BEST way to enhance training for incident response teams?

A.Participate in emergency response activities

B.Conduct interviews with organizational units

C.Perform post-incident reviews

D.Establish incident key performance indicators (KPIs).

Other Version: 1064ISACA.CISM.v2025-02-21.q785; 620ISACA.CISM.v2024-12-21.q371; 15508ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 105HP.HPE0-V27.v2025-09-11.q78; 120Oracle.1Z0-1057-23.v2025-09-10.q47; 156Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 237CFAInstitute.ESG-Investing.v2025-09-08.q173; 220PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 155Salesforce.Data-Architect.v2025-09-05.q216; 149Adobe.AD0-E605.v2025-09-05.q50

Question 151

Question 152

Question 153

Question 154

Question 155

Download PDF File