Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 4)

Question 11

Which of the following is MOST important to have in place to effectively manage security incidents that could potentially escalate to disasters?

A.Alignment of incident management activities with business continuity and disaster recovery plans

B.An incident response team with a clear understanding of their roles and responsibilities

C.Senior management commitment to funding the disaster recovery program

D.Well-defined disaster recovery time and recovery point objectives (RTOs and RPOs)

Question 12

Which of the following BEST indicates effective information security governance?

A.Regular testing of the security incident response plan

B.Organization-wide attendance at annual security training

C.Regular steering committee meetings

D.Availability of information security policies

Question 13

An information security manager is reviewing the business case for a security project that is entering the development phase. It is determined that the estimated cost of the controls is now greater than the risk being mitigated.
The information security manager's BEST recommendation would be to:

A.eliminate some of the controls from the project scope.

B.discontinue the project to release funds for other efforts.

C.pursue the project until the benefits cover the costs.

D.slow the pace of the project to spread costs over a longer period.

Question 14

An organization plans to utilize Software as a Service (SaaS) and is in the process of selecting a vendor. What should the information security manager do FIRST to support this initiative?

A.Review independent security assessment reports for each vendor.

B.Benchmark each vendor's services with industry best practices.

C.Define information security requirements and processes.

D.Analyze the risks and propose mitigating controls.

Question 15

Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

A.Report the activity to senior management.

B.Conduct a risk assessment and develop an impact analysis.

C.Update the risk register and review the information security strategy.

D.Allow temporary use of the site and monitor for data leakage.

Other Version: 1064ISACA.CISM.v2025-02-21.q785; 12765ISACA.CISM.v2022-06-26.q752; 15512ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 121Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 238CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 156Salesforce.Data-Architect.v2025-09-05.q216; 150Adobe.AD0-E605.v2025-09-05.q50

Question 11

Question 12

Question 13

Question 14

Question 15

Download PDF File