Free Access ISACA.CISM.v2024-12-21.q371 Practice Test (Page 8)

Question 31

The MOST important reason for conducting periodic risk assessments is because:

A.risk assessments are not always precise.

B.security risks are subject to frequent change.

C.reviewers can optimize and reduce the cost of controls.

D.it demonstrates to senior management that the security function can add value.

Question 32

Which of the following are the essential ingredients of a business impact analysis (B1A)?

A.Downtime tolerance, resources and criticality

B.Cost of business outages in a year as a factor of the security budget

C.Business continuity testing methodology being deployed

D.Structure of the crisis management team

Question 33

A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

A.Notify senior management and the board.

B.Re-evaluate the organization's risk appetite

C.Update risk tolerance levels.

D.Monitor the environment for changes

Question 34

Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?

A.Data retention requirements are not defined.

B.The classifications do not fallow industry best practices.

C.The program allows exceptions to be granted.

D.Labeling is not consistent throughout the organization.

Question 35

Employees in a large multinational organization frequently travel among various geographic locations. Which type of authorization policy BEST addresses this practice?

A.Multilevel

B.Identity

C.Role-based

D.Discretionary

Other Version: 1064ISACA.CISM.v2025-02-21.q785; 12765ISACA.CISM.v2022-06-26.q752; 15512ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 121Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 238CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 156Salesforce.Data-Architect.v2025-09-05.q216; 150Adobe.AD0-E605.v2025-09-05.q50

Question 31

Question 32

Question 33

Question 34

Question 35

Download PDF File