Free Access ISACA.CISM.v2025-02-21.q785 Practice Test (Page 9)

Question 36

Which of the following is the PRIMARY reason to avoid alerting certain users of an upcoming penetration test?

A.To evaluate detection and response capabilities

B.To prevent exploitation by malicious parties

C.To aid in the success of the penetration

D.To reduce the scope and duration of the test

Question 37

To determine the selection of controls required to meet business objectives, an information security manager should:

A.prioritize the use of role-based access controls.

B.focus on key controls.

C.restrict controls to only critical applications.

D.focus on automated controls.

Question 38

The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?

A.Perform a risk reassessment.

B.Review the risk monitoring plan.

C.Formally document the decision.

D.Implement the recommendations.

Question 39

Risk scenarios simplify the risk assessment process by:

A.covering the full range of possible risk.

B.ensuring business risk is mitigated.

C.reducing the need for subsequent risk evaluation.

D.focusing on important and relevant risk.

Question 40

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

A.Enforce passwords and data encryption on the devices.

B.Require remote wipe capabilities for devices.

C.Conduct security awareness training.

D.Review and update existing security policies.

Other Version: 619ISACA.CISM.v2024-12-21.q371; 12696ISACA.CISM.v2022-06-26.q752; 15450ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 208CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 182Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File