Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 59)

Question 286

The PRIMARY purpose of aligning information security with corporate governance objectives is to:

A.build capabilities to improve security processes.

B.consistently manage significant areas of risk.

C.identify an organization's tolerance for risk.

D.re-align roles and responsibilities.

Question 287

The frequency of conducting business impact analysis (BIA) should PRIMARILY be based on:

A.the number of security incidents.

B.changes in business processes.

C.changes in regulatory requirements.

D.business continuity plan (BCP) testing.

Question 288

When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:

A.this is a requirement of the security policy.

B.software licenses may expire in the future without warning.

C.the asset inventory must be maintained.

D.service level agreements may not otherwise be met.

Question 289

Which of the following is MOST important when providing updates during a security incident?

A.Validating the reliability of information prior to dissemination

B.Responding immediately to questions from the public

C.Ensuring timely incident information to internal stakeholders

D.Designating a communications representative

Question 290

During a security assessment, an information security manager finds a number of security patches were not installed on a server hosting a critical business application. The application owner did not approve the patch installation to avoid interrupting the application. Which of the following should be the information security manager's FIRST course of action?

A.Determine mitigation options with IT management

B.Escalate the risk to senior management.

C.Report the risk to the information security steering committee.

D.Communicate the potential impact to the application owner.

Other Version: 1093ISACA.CISM.v2025-02-21.q785; 12791ISACA.CISM.v2022-06-26.q752; 15538ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 104Oracle.1z0-1196-25.v2025-09-12.q18; 103NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 254CFAInstitute.ESG-Investing.v2025-09-08.q173; 240PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 286

Question 287

Question 288

Question 289

Question 290

Download PDF File