ISACA-CISM

Which of the following provides the MOST essential input for the development of an information security strategy?

A business unit handles sensitive personally identifiable information (PII), which presents a significant financial liability to the organization should a breach occur. Which of the following is the BEST way to mitigate the risk to the organization?

Which of the following would be impacted the MOST by a business decision to move from traditional computing to cloud computing?

Key risk indicators (KRIs) are MOST effective when they:

An organization's intrusion prevention system (IPS) detected and blocked an unusually large number of external intrusion attempts within a 24-hour period. Which of the following should be the information security manager's FIRST course of action?

Which of the following is the BEST indication that an organization has integrated information security governance with corporate governance?

The MOST effective way to present information security risk to senior management is to highlight:

Which of the following should be the PRIMARY objective for creating a culture of security within an organization?

Which of the following should be updated FIRST when aligning the incident response plan with the corporate strategy?

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Which of the following BEST illustrates residual risk within an organization?

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

An organization experienced a loss of revenue during a recent disaster. Which of the following would BEST prepare the organization to recover?

Which of the following is the MOST important success factor when developing an information security strategy?

Which of the following BEST demonstrates a security-conscious organizational culture?

Which of the following is the BEST method to ensure compliance with password standards?

The PRIMARY purpose for deploying information security metrics is to:

Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?

Which of the following should an information security manager do FIRST when informed that customer data has been breached within a third-party vendor's environment?

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

When an organization experiences a disruptive event, the business continuity plan (BCP) should be triggered PRIMARILY based on:

Which of the following controls would BEST help to detect a targeted attack exploiting a zero-day vulnerability?

Which of the following is the MOST relevant control to address the integrity of information?

What should be the PRIMARY objective of an information classification scheme?