Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 13)

Question 56

When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:

A.access control matrix.

B.encryption strength.

C.authentication mechanism.

D.data repository.

Question 57

Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?

A.An organization has a decentralized data center that uses cloud services.

B.Operating systems are no longer supported by the vendor.

C.The patch management system does not deploy patches in a timely manner.

D.IT system clocks are not synchronized with the centralized logging server.

Question 58

A benefit of using a full disclosure (white box) approach as compared to a blind (black box) approach to penetration testing is that:

A.it simulates the real-1ife situation of an external security attack.

B.human intervention is not required for this type of test.

C.less time is spent on reconnaissance and information gathering.

D.critical infrastructure information is not revealed to the tester.

Question 59

The decision as to whether a risk has been reduced to an acceptable level should be determined by:

A.organizational requirements.

B.information systems requirements.

C.information security requirements.

D.international standards.

Question 60

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would MOST effectively allow the hospital to avoid paying the ransom?

A.A continual server replication process

B.A property configured firewall

C.Employee training on ransomware

D.properly tested offline backup system

Other Version: 1074ISACA.CISM.v2025-02-21.q785; 12774ISACA.CISM.v2022-06-26.q752; 15521ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File