Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 66)

Question 321

An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

A.broken authentication.

B.unvalidated input.

C.cross-site scripting.

D.structured query language (SQL) injection.

Question 322

A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

A.Conduct regular security audits during system implementation stages.

B.Require penetration tests before production implementation.

C.Train and test system developers m secure coding practices.

D.Implement security assessments throughout the systems development life cycle.

Question 323

Which of the following events generally has the highest information security impact?

A.Opening a new office

B.Merging with another organization

C.Relocating the data center

D.Rewiring the network

Question 324

Relationships between critical systems are BEST understood by:

A.developing a system classification scheme.

B.evaluating key performance indicators (KPIs).

C.evaluating the recovery time objectives (RTOs).

D.performing a business impact analysis (BIA).

Question 325

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its

A.compliance with industry regulations.

B.key performance indicators (KPIs).

C.timeliness m responding to attacks.

D.level of support from senior management.

Other Version: 1083ISACA.CISM.v2025-02-21.q785; 12783ISACA.CISM.v2022-06-26.q752; 15530ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 240CFAInstitute.ESG-Investing.v2025-09-08.q173; 236PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 159Salesforce.Data-Architect.v2025-09-05.q216; 153Adobe.AD0-E605.v2025-09-05.q50

Question 321

Question 322

Question 323

Question 324

Question 325

Download PDF File