Free Access ISACA.CISM.v2022-06-26.q752 Practice Test (Page 9)

Question 36

An organization has a process in place that involves the use of a vendor. A risk assessment was completed during the development of the process. A year after the implementation a monetary decision has been made to use a different vendor. What, if anything, should occur?

A.Nothing, since a risk assessment was completed during development.

B.A vulnerability assessment should be conducted.

C.A new risk assessment should be performed.

D.The new vendor's SAS 70 type II report should be reviewed.

Question 37

A security awareness program should:

A.present top management's perspective.

B.address details on specific exploits.

C.address specific groups and roles.

D.promote security department procedures.

Question 38

Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?

A.Seek policy buy-in from business stakeholders.

B.Implement an authentication and authorization system.

C.Identify relevant information security frameworks for adoption.

D.Promote awareness of the policy among employees.

Question 39

An information security manager that is utilizing a public cloud is performing a root cause investigation of an incident that took place in that environment. Which of the following should be the security manager's MAIN concern?

A.Lack of security log filtering

B.Transaction records split into multiple cloud locations

C.Shared infrastructure with other subscribers

D.Limited access to information

Question 40

Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?

A.Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.

B.Require employees to undergo training before permitting access to the corporate email service.

C.Require employees to install a reputable mobile anti-virus solution on their personal devices.

D.Use a mobile device management (MDM) solution to isolate the local corporate email storage.

Other Version: 1008ISACA.CISM.v2025-02-21.q785; 619ISACA.CISM.v2024-12-21.q371; 15450ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 208CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File