Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 56)

Question 271

An organization that outsourced its payroll processing performed an independent assessment of the security controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to include in the contract?

A.Right to audit

B.Nondisclosure agreement

C.Proper firewall implementation

D.Dedicated security manager for monitoring compliance

Question 272

Which of the following should be done FIRST when implementing an information security strategy?

A.Benchmark the strategy with industry peers.

B.Identify owners of information assets

C.Map business goals to information security strategy objectives.

D.Determine the desired state of information security.

Question 273

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

A.Strategic business plan

B.Upcoming financial results

C.Customer personal information

D.Previous financial results

Question 274

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

A.Document risk acceptances.

B.Revise the organization s security policy

C.Conduct an information security audit

D.Assess the consequences of noncompliance,

Question 275

A critical component of a continuous improvement program for information security is:

A.measuring processes and providing feedback.

B.developing a service level agreement (SLA) for security.

C.tying corporate security standards to a recognized international standard.

D.ensuring regulatory compliance.

Other Version: 8705ISACA.CISM.v2025-02-21.q785; 14197ISACA.CISM.v2022-06-26.q752; 17256ISACA.CISM.v2022-03-24.q890; 83ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 257PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 366Nokia.4A0-113.v2026-05-01.q69; 402EC-COUNCIL.312-49v11.v2026-04-30.q214; 319Microsoft.MB-820.v2026-04-30.q101; 251Salesforce.MC-202.v2026-04-30.q57; 294BICSI.INSTC_V8.v2026-04-29.q53; 421NMLS.MLO.v2026-04-28.q82; 281NCARB.Project-Management.v2026-04-28.q27; 500EMC.D-AV-DY-23.v2026-04-27.q184; 1320ServiceNow.CSA.v2026-04-27.q483

Question 271

Question 272

Question 273

Question 274

Question 275

Download PDF File