ISACA-CISM

Which of the following is the BEST reason for senior management to support a business case for developing a monitoring system for a critical application?

Which of the following is MOST important when developing an information security governance framework?

What should be an information security manager's GREATEST concern when an HR department outsources data processing to a cloud service provider?

Which of the following BEST enables the capability of an organization to sustain the delivery of products and services within acceptable time frames and at predefined capacity during a disruption?

Which of the following BEST determines an information asset's classification?

When an organization implements an information security governance framework, it is MOST important for executive leadership to have a direct role in:

Which of the following should have the MOST influence on an organization's response to a new industry regulation?

Biometrics are BEST used for:

Predetermined containment methods to be used in a cybersecurity incident response should be based PRIMARILY on the:

Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?

Which of the following is the BEST defense against distributed denial of service (DDoS) attacks?

Which of the following scenarios would MOST likely require a change to corporate security policies?

While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

Which of the following should an information security manager do FIRST when a vulnerability has been disclosed?

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

Who should be included in INITIAL discussions regarding a failed security control?

Which of the following is the MOST important outcome of a post-incident review?

Which of the following is the BEST indicator of the performance of a security program?

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

Which of the following BEST facilitates the development of a comprehensive information security policy?

Which of the following is the MOST effective way to demonstrate improvement in security performance?

Capacity planning would prevent:

Which of the following is the MOST effective way to ensure information security policies are understood?

Which of the following is the MOST effective method for testing an incident response plan?

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

Which of the following is the MOST important reason for an organization to develop an information security governance program?