Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 75)

Question 366

The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

A.identifying vulnerabilities in the system.

B.sustaining the organization's security posture.

C.the existing systems that will be affected.

D.complying with segregation of duties.

Question 367

What should be an information security manager's FIRST course of action when an organization is subject to a new regulatory requirement?

A.Update the risk register

B.Perform a gap analysis

C.Complete a control assessment

D.Submit a business case to support compliance

Question 368

Which of the following metrics would BEST determine the effectiveness of an application security testing program?

A.Number of security defects discovered in development versus production

B.Average time to fix each discovered security defect

C.Number of detected security defects per thousand lines of code

D.Average time to release code into production

Question 369

Which of the following is the responsibility of a data owner?

A.Maintaining the integrity of the database

B.Testing to determine whether the data can be recovered successfully

C.Investigating and resolving suspicious database activity

D.Classifying the data in accordance with security policy

Question 370

An organization permits the storage and use of its critical and sensitive information on employee- owned smartphones. Which of the following is the BEST security control?

A.Requiring the backup of the organization s data by the user

B.Developing security awareness training

C.Monitoring now often the smartphone is used

D.Establishing the authority to remote wipe

Other Version: 1074ISACA.CISM.v2025-02-21.q785; 12774ISACA.CISM.v2022-06-26.q752; 15521ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 366

Question 367

Question 368

Question 369

Question 370

Download PDF File