Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 5)

Question 16

Which of the following is the MOST effective way to ensure security policies are relevant to organizational business practices?

A.Integrate industry best practices.

B.Obtain senior management sign-off.

C.Conduct an organization-wide security audit.

D.Leverage security steering committee contribution.

Question 17

Which of the following is the PRIMARY reason for implementing a risk management program?

A.Allows the organization to eliminate risk

B.Is a necessary part of management's due diligence

C.Satisfies audit and regulatory requirements

D.Assists in incrementing the return on investment (ROD

Question 18

Which of the following is the BEST indicator that an effective security control is built into an organization?

A.The monthly service level statistics indicate a minimal impact from security issues.

B.The cost of implementing a security control is less than the value of the assets.

C.The percentage of systems that is compliant with security standards.

D.The audit reports do not reflect any significant findings on security.

Question 19

When developing a disaster recovery plan, which of the following would be MOST helpful in prioritizing the order in which systems should be recovered?

A.Performing a business impact analysis (BIA)

B.Measuring the volume of data in each system

C.Reviewing the information security policy

D.Reviewing the business strategy

Question 20

Which of the following is the MOST important element in the evaluation of inherent security risks?

A.Residual risk

B.Impact to the organization

C.Cast of countermeasures

D.Control effectiveness

Other Version: 1064ISACA.CISM.v2025-02-21.q785; 12765ISACA.CISM.v2022-06-26.q752; 15512ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 121Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 238CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 156Salesforce.Data-Architect.v2025-09-05.q216; 150Adobe.AD0-E605.v2025-09-05.q50

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File