Download Certified Information Security Manager.CISM.VCEplus.2024-08-31.225q.vcex

Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Aug 31, 2024
File Size: 234 KB
Downloads: 3
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?
  1. Integrate information security risk assessments into the procurement process.
  2. Provide regular information security training to the procurement team.
  3. Invite IT members into regular procurement team meetings to influence best practice.
  4. Enforce the right to audit in procurement contracts with SaaS vendors.
Correct answer: A
Question 2
Which of the following will result in the MOST accurate controls assessment?
  1. Mature change management processes
  2. Senior management support
  3. Well-defined security policies
  4. Unannounced testing
Correct answer: B
Question 3
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
  1. Determine whether the organization can benefit from adopting the new standard.
  2. Obtain legal counsel's opinion on the standard's applicability to regulations,
  3. Perform a risk assessment on the new technology.
  4. Review industry specialists' analyses of the new standard.
Correct answer: C
Question 4
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
  1. Data is encrypted in transit and at rest at the vendor site.
  2. Data is subject to regular access log review.
  3. The vendor must be able to amend data.
  4. The vendor must agree to the organization's information security policy,
Correct answer: D
Question 5
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
  1. Conduct an impact assessment.
  2. Isolate the affected systems.
  3. Rebuild the affected systems.
  4. Initiate incident response.
Correct answer: B
Question 6
In which cloud model does the cloud service buyer assume the MOST security responsibility?
  1. Disaster Recovery as a Service (DRaaS)
  2. Infrastructure as a Service (laaS)
  3. Platform as a Service (PaaS)
  4. Software as a Service (SaaS)
Correct answer: B
Question 7
In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:
  1. current international standard was used to assess security processes.
  2. certification will remain current through the life of the contract.
  3. certification scope is relevant to the service being offered.
  4. certification can be extended to cover the client's business.
Correct answer: C
Question 8
Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?
  1. Management's business goals and objectives
  2. Strategies of other non-regulated companies
  3. Risk assessment results
  4. Industry best practices and control recommendations
Correct answer: A
Question 9
When investigating an information security incident, details of the incident should be shared:
  1. widely to demonstrate positive intent.
  2. only with management.
  3. only as needed,
  4. only with internal audit.
Correct answer: C
Question 10
Which of the following should be the PRIMARY consideration when developing an incident response plan?
  1. The definition of an incident
  2. Compliance with regulations
  3. Management support
  4. Previously reported incidents
Correct answer: B
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!