Free Access ISACA.CISM.v2025-02-21.q785 Practice Test (Page 98)

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

A.Integrate risk management into the vendor management process.

B.Perform an audit on vendors' security controls and practices.

C.Review third-party contracts as part of the vendor management process.

D.Conduct security reviews on the services and solutions delivered.

When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

A.Risk assessments must be conducted by certified staff.

B.The methodology must be approved by the chief executive officer.

C.Risk assessments must be reviewed annually.

D.The methodology used must be consistent across the organization.

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

A.status of the security posture

B.probability of future incidents

C.cost-benefit of security controls

D.risk acceptance criteria

Which of the following metrics provides the BEST indication of the effectiveness of a security awareness campaign?

A.The number of reported security events

B.Quiz scores for users who took security awareness classes

C.User approval rating of security awareness classes

D.Percentage of users who have taken the courses

In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?

A.Update the application security policy.

B.Implement compensating control.

C.Submit a waiver for the legacy application.

D.Perform an application security assessment.

Other Version: 659ISACA.CISM.v2024-12-21.q371; 12805ISACA.CISM.v2022-06-26.q752; 15557ISACA.CISM.v2022-03-24.q890; 79ISACA.Prepawayete.CISM.v2021-09-22.by.maxine.303q.pdf

Latest Upload: 108Oracle.1z0-1196-25.v2025-09-12.q18; 109NetworkAppliance.NS0-162.v2025-09-12.q86; 149OCEG.GRCP.v2025-09-11.q211; 109HP.HPE0-V27.v2025-09-11.q78; 125Oracle.1Z0-1057-23.v2025-09-10.q47; 161Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 139SAP.C-S4EWM-2023.v2025-09-08.q83; 183TheSecOpsGroup.CNSP.v2025-09-08.q20; 267CFAInstitute.ESG-Investing.v2025-09-08.q173; 257PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Download PDF File