Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 64)

Question 311

Which of the following is the information security manager's PRIMARY role in the information assets classification process?

A.Assigning asset ownership

B.Developing an asset classification model

C.Assigning the asset classification level

D.Securing assets in accordance with their classification

Question 312

Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident classification?

A.Availability of resources

B.Root cause analysis results

C.Adverse effects on the business

D.Legal and regulatory requirements

Question 313

What is the BEST way to ensure users comply with organizational security requirements for password complexity?

A.Include password construction requirements in the security standards

B.Require each user to acknowledge the password requirements

C.Implement strict penalties for user noncompliance

D.Enable system-enforced password configuration

Question 314

The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization. Which of the following should be done FIRST?

A.Inform senior management.

B.Implement compensating controls.

C.Ask the business owner for the new remediation plan.

D.Re-evaluate the risk.

Question 315

An organization is automating data protection by implementing a data loss prevention (DLP) solution. Which of the following should the Information security manager do FIRST?

A.Define the threshold for reporting data loss

B.Perform a cost-benefit analysis.

C.Define a data classification schema

D.Evaluate potential DLP solutions.

Other Version: 1083ISACA.CISM.v2025-02-21.q785; 12783ISACA.CISM.v2022-06-26.q752; 15530ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 240CFAInstitute.ESG-Investing.v2025-09-08.q173; 236PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 159Salesforce.Data-Architect.v2025-09-05.q216; 153Adobe.AD0-E605.v2025-09-05.q50

Question 311

Question 312

Question 313

Question 314

Question 315

Download PDF File