ISACA-CISM

The ability to integrate information security governance into corporate governance is PRIMARILY driven by:

Which of the following presents the GREATEST challenge for protecting Internet of Things (IoT) devices?

Which of the following parameters is MOST helpful when designing a disaster recovery strategy?

An IT service desk was not adequately prepared for a recent ransomware attack on user workstations. Which of the following should be given HIGHEST priority by the information security team when creating an action plan to improve service desk readiness?

After a risk has been identified, analyzed, and evaluated, which of the following should be done NEXT?

Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?

Which of the following would BEST fulfill a board of directors' request for a concise overview of information security risk facing the business?

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

An organization wants to integrate information security into its HR management processes. Which of the following should be the FIRST step?

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

Which of the following is MOST important for effective cybersecurity incident management?

Which of the following is the BEST method to protect consumer private information for an online public website?

Which of the following metrics is the BEST measure of the effectiveness of an information security program?

An organization uses a security standard that has undergone a major revision by the certifying authority. The old version of the standard will no longer be used for organizations wishing to maintain their certifications. Which of the following should be the FIRST course of action?

Which of the following is the MOST appropriate metric to demonstrate the effectiveness of information security controls to senior management?

Which of the following is the BEST way to improve an organization's ability to detect and respond to incidents?

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Which of the following is the PRIMARY role of the information security manager in application development?

Which of the following actions by senior management would BEST enable a successful implementation of an information security governance framework?

Which of the following is the BEST strategy to implement an effective operational security posture?

Which of the following is the PRIMARY objective of information asset classification?

Which of the following trends would be of GREATEST concern when reviewing the performance of an organization's intrusion detection systems (IDSs)?

Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

The BEST way to avoid session hijacking is to use:

Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

Which of the following will have the GREATEST impact on the development of the information classification scheme consisting of various classification levels?

To prepare for a third-party forensics investigation following an incident involving malware, the incident response team should:

Of the following, who should own the risk associated with unauthorized access to application data?

The categorization of incidents is MOST important for evaluating which of the following?

An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?