ISACA-CISM

Which of the following would BEST ensure that security is integrated during application development?

Which of the following is MOST important in increasing the effectiveness of incident responders?

Which of the following should be the PRIMARY objective of the information security incident response process?

An incident response team has been assembled from a group of experienced individuals. Which type of exercise would be MOST beneficial for the team at the first drill?

In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST course of action?

An information security team must obtain approval from the information security steering committee to implement a key control. Which of the following is the MOST important input to assist the committee in making this decision?

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Which of the following will have the MOST negative impact to the effectiveness of incident response processes?

Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?

Which of the following is the MOST important consideration when developing incident classification methods?

Who should decide whether a specific control should be changed once risk is approved for mitigation?

When determining key risk indicators (KRIs) for use in an information security program it is MOST important to select:

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Senior management has requested a budget cut for the information security program in the coming fiscal year. Which of the following should be the information security manager's FIRST course of action?

What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?

What is the PRIMARY objective of information security involvement in the change management process?

The MOST important reason for an information security manager to be involved in the change management process is to ensure that:

Which of the following is MOST likely to trigger an update and revision of information security policies?

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator, and application administrator. What is the manager's BEST course of action?

Which of the following should an information security manager do FIRST when assessing conflicting requirements between the global organization's security standards and local regulations?

Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

Which of the following BEST helps to ensure the effective execution of an organization's disaster recovery plan (DRP)?

Which of the following would be MOST effective in reducing the impact of a distributed denial of service (DDoS) attack?

The PRIMARY reason for senior management to monitor information security metrics is to ensure:

Which of the following is the MOST important reason to perform a privacy impact assessment?

An information security team plans to increase password complexity requirements for a customer-facing site, but there are concerns it will negatively impact the user experience. Which of the following is the information security manager's BEST course of action?

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

Which of the following is the BEST indication of a mature information security program?

An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?

Which type of recovery site is MOST reliable and can support stringent recovery requirements?