Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 58)

Question 281

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application.
Witch of the following should be the information security manager's FIRST course of action?

A.Report the risk to the information security steering committee.

B.Determine mitigation options with IT management

C.Escalate the risk to senior management.

D.Communicate the potential impact to the application owner.

Question 282

When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?

A.Business continuity plan

B.Disaster recovery plan

C.Incident response plan

D.Vulnerability management plan

Question 283

Which of the following is MOST important for an information security manager to verify before conducting full- functional continuity testing?

A.Risk acceptance by the business has been documented.

B.Incident response and recovery plans are documented in simple language.

C.Teams and individuals responsible for recovery have been identified.

D.Copies of recovery and incident response plans are kept offsite.

Question 284

Which of the following is the MOST important item to include when developing web hosting agreements with third-party providers?

A.Termination conditions

B.Liability limits

C.Service levels

D.Privacy restrictions

Question 285

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

A.The business continuity plan (BCP)

B.Vulnerability assessment results

C.Business impact analysis (BIA) results

D.Recommendations from senior management

Other Version: 1113ISACA.CISM.v2025-02-21.q785; 659ISACA.CISM.v2024-12-21.q371; 15558ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 108Oracle.1z0-1196-25.v2025-09-12.q18; 109NetworkAppliance.NS0-162.v2025-09-12.q86; 149OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 125Oracle.1Z0-1057-23.v2025-09-10.q47; 165Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 183TheSecOpsGroup.CNSP.v2025-09-08.q20; 274CFAInstitute.ESG-Investing.v2025-09-08.q173; 259PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 281

Question 282

Question 283

Question 284

Question 285

Download PDF File