ISACA-CISM

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

Which of the following is the PRIMARY benefit of implementing a vulnerability assessment process?

An organization is implementing an information security governance framework. To communicate the program's effectiveness to stakeholders, it is MOST important to establish:

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Which of the following is MOST likely to be included in an enterprise security policy?

Which of the following BEST validates that security controls are implemented in a new business process?

Which of the following BEST indicates that information assets are classified accurately?

Reevaluation of risk is MOST critical when there is:

Which of the following BEST supports investments in an information security program?

To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:

Which of the following BEST enables an organization to transform its culture to support information security?

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

A PRIMARY purpose of creating security policies is to:

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

Which of the following BEST describes a buffer overflow?

Which of the following is the MOST important detail to capture in an organization's risk register?

Which of the following is the MOST effective control to prevent proliferation of shadow IT?

Which of the following is the MOST important driver when developing an effective information security strategy?

Which of the following is MOST important for the improvement of a business continuity plan (BCP)?

Which of the following is MOST important to consider when choosing a shared alternate location for computing facilities?

A financial institution has identified a high risk of fraud within its credit department. Which of the following information security controls will BEST reduce the risk of fraud?

Which of the following is MOST important to consider when planning the eradication of a cyberattack?

The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:

Which of the following BEST enables an information security manager to identify changes in the threat landscape due to emerging technologies?

An enterprise has decided to procure security services from a third-party vendor to support its information security program. Which of the following is MOST important to include in the vendor selection criteria?

The resilience requirements of an application are BEST determined by: