Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 38)

Question 181

When the inherent risk of a business activity is lower than the acceptable risk level, the BEST course of action would be to:

A.monitor for business changes

B.review the residual risk level

C.report compliance to management

D.implement controls to mitigate the risk

Question 182

The MOST effective way to determine the resources required by internal Incident response teams is to

A.determine the scope and charter of incident response

B.test response capabilities with event scenarios.

C.request guidance (rom incident management consultants.

D.benchmark against other incident management programs

Question 183

An information security manager developing an incident response plan MUST ensure it includes:

A.an inventory of critical data

B.criteria for escalation

C.critical infrastructure diagrams

D.a business impact analysis

Question 184

An organization's information security manager has learned that similar organizations have become increasingly susceptible to spear phishing attacks. What is the BEST way to address this concern?

A.Include tips to identify threats in awareness training.

B.Create a new security policy that staff must read and sign.

C.Update data loss prevention (DLP) rules for email.

D.Conduct a business impact analysis (BIA) of the threat.

Question 185

What should be the PRIMARY basis for establishing a recovery time objective (RTO) for a critical business application?

A.Business impact analysis (BIA) results

B.Related business benchmarks

C.Risk assessment results

D.Legal and regulatory requirements

Other Version: 1068ISACA.CISM.v2025-02-21.q785; 630ISACA.CISM.v2024-12-21.q371; 15513ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 181

Question 182

Question 183

Question 184

Question 185

Download PDF File