Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 46)

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

A.Requiring an external security audit of the IT service provider

B.Defining information security requirements with internal IT

C.Requiring regular reporting from the IT service provider

D.Defining the business recovery plan with the IT service provider

Which of the following should be the PRIMARY input when defining the desired state of security within an organization?

A.External audit results

B.Acceptable risk level

C.Level of business impact

D.Annual loss expectancy

Who is ultimately responsible for ensuring that information is categorized and that protective measures are taken?

A.Information security officer

B.Security steering committee

C.Data owner

D.Data custodian

Which of the following is the MOST effective type of access control?

A.Centralized

B.Role-based

C.Decentralized

D.Discretionary

The MAIN reason for an information security manager to monitor industry level changes in the business and FT is to:

A.update information security policies in accordance with the changes

B.identify changes in the risk environment

C.change business objectives based on potential impact

D.evaluate the effect of the changes on the levels of residual risk.

Other Version: 1087ISACA.CISM.v2025-02-21.q785; 650ISACA.CISM.v2024-12-21.q371; 15533ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 103Oracle.1z0-1196-25.v2025-09-12.q18; 102NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 253CFAInstitute.ESG-Investing.v2025-09-08.q173; 238PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Download PDF File