Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 10)

Question 41

Data owners are normally responsible for which of the following?

A.Applying emergency changes to application data

B.Administering security over database records

C.Migrating application code changes to production

D.Determining the level of application security required

Question 42

A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?

A.Prevent the system from being accessed remotely

B.Create a strong random password

C.Ask for a vendor patch

D.Track usage of the account by audit trails

Question 43

Which of the following should be the PRIMARY focus of a post-incident review following a successful response to a cybersecurity incident?

A.Which control failures contributed to the incident

B.How incident response processes were executed

C.What attack vectors were utilized

D.When business operations were restored

Question 44

Which of the following metrics would provide management with the MOST useful information about the progress of a security awareness program?

A.Increased number of downloads of the organization's security policy

B.Increased reported of security incidents

C.Completion rate of user awareness training within each business unit

D.Decreased number of security incidents

Question 45

Which of the following approaches is BEST for selecting controls to minimize information security risks?

A.Control-effectiveness evaluation

B.Cost-benefit analysis

C.Risk assessment

D.Industry best practices

Other Version: 1064ISACA.CISM.v2025-02-21.q785; 12765ISACA.CISM.v2022-06-26.q752; 15512ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 121Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 238CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 156Salesforce.Data-Architect.v2025-09-05.q216; 150Adobe.AD0-E605.v2025-09-05.q50

Question 41

Question 42

Question 43

Question 44

Question 45

Download PDF File