Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 67)

Question 326

Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?

A.Integrating security requirements with processes

B.Performing security assessments and gap analysis

C.Conducting a business impact analysis (BIA)

D.Conducting information security awareness training

Question 327

In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

A.Encryption of data traversing networks

B.Business or rote-based segmentation

C.Using security groups

D.Log analysis of system access

Question 328

Which of the following approaches is BEST for selecting controls to minimize information security risks?

A.Cost-benefit analysis

B.Risk assessment

C.Control-effectiveness

D.Industry best practices

Question 329

What should be an information security manager's FIRST step when developing a business case for a new intrusion detection system (IDS) solution?

A.Define the issues to be addressed.

B.Perform a cost-benefit analysis.

C.Calculate the total cost of ownership (TCO).

D.Conduct a feasibility study.

Correct Answer: A

Explanation
The first step when developing a business case for a new intrusion detection system (IDS) solution is to define the issues to be addressed. A business case is a document that provides the rationale and justification for initiating a project or investment. It typically includes information such as the problem statement, the objectives, the alternatives, the costs and benefits, the risks and assumptions, and the expected outcomes. The first step in developing a business case is to define the issues to be addressed, which means identifying and describing the current situation, the problems or challenges faced by the organization, and the needs or opportunities for improvement. By defining the issues to be addressed, the information security manager can establish the scope and purpose of the business case, and provide a clear and compelling problem statement that explains why a new IDS solution is needed. The other options are not the first step when developing a business case for a new IDS solution, although they may be part of the subsequent steps. Performing a cost-benefit analysis is a step that involves comparing the costs and benefits of different alternatives, including the new IDS solution and the status quo. A cost-benefit analysis can help evaluate and justify the feasibility and desirability of each alternative, and support the decision-making process. Calculating the total cost of ownership (TCO) is a step that involves estimating the direct and indirect costs associated with acquiring, operating, maintaining, and disposing of an asset or a system over its entire life cycle. A TCO calculation can help determine the long-term financial implications of investing in a new IDS solution, and compare it with other alternatives. Conducting a feasibility study is a step that involves assessing the technical, operational, legal, and economic aspects of implementing a project or an investment. A feasibility study can help identify and mitigate any potential issues or risks that may affect the success of the project or investment, and provide recommendations for improvement

Question 330

Which of the following is MOST likely to drive an update to the information security strategy?

A.A new chief technology officer has been hired

B.Management has decided to implement an emerging technology.

C.A major business application has been upgraded.

D.A recent penetration test has uncovered a control weakness.

Other Version: 1073ISACA.CISM.v2025-02-21.q785; 12774ISACA.CISM.v2022-06-26.q752; 15521ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 326

Question 327

Question 328

Question 329

Question 330

Download PDF File