Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISMFree trial

By isaca

Verified

25Q per page

Question 226

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

A: The vendor’s proposal aligns with the objectives of the organization
B: The vendor’s proposal allows for contract modification during technology refresh cycles
C: The vendor’s proposal requires the provider to have a business continuity plan (BCP)
D: The vendor’s proposal allows for escrow in the event the third party goes out of business

—

Question 227

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application’s security compliance?

A: During user acceptance testing (UAT)
B: During regulatory review
C: During the design phase
D: During static code analysis

—

Question 228

When considering a new security initiative, which of the following should be done prior to the development of a business case?

A: Conduct a risk assessment
B: Conduct a benchmarking exercise
C: Perform a cost-benefit analysis
D: Identify resource requirements

—

Question 229

Which of the following BEST demonstrates the potential for successful business continuity in the event of a disaster?

A: Tabletop exercises
B: Awareness training assessments
C: Disaster recovery tests
D: Checklist reviews

—

Question 230

Which of the following is an essential practice for workstations used to conduct a forensic investigation?

A: A documented chain of custody log is kept for the workstations
B: The workstations are only accessed by members of the forensics team
C: Only forensics-related software is installed on the workstations
D: The workstations are backed up and hardened on a regular basis

—

Question 231

Which of the following components of the risk assessment process should be reviewed FIRST to gain an understanding of the scope of an emerging risk within an organization?

A: Risk categorization
B: Asset identification
C: Control evaluation
D: Risk treatment

—

Question 232

An information security manager has been tasked with implementing a security solution that provides insight into potential security incidents Which of the following BEST supports this activity?

A: Intrusion detection system (IDS)
B: Security information and event management (SIEM)
C: Data loss prevention system (DLP)
D: User behavior analytics

—

Question 233

Which of the following is MOST important for the information security manager to confirm when reviewing an incident response plan?

A: The plan includes a requirement for post-incident review
B: The plan is based on a business impact analysis (BIA)
C: The plan is stored at backup recovery locations
D: The plan is readily available to provide to auditors.

—

Question 234

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

A: Improve the security awareness training program
B: Communicate consequences for future instances
C: Implement compensating controls
D: Enhance the data loss prevention (DLP) solution

—

Question 235

An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?

A: Policy exception review
B: Review of access controls
C: Security assessment
D: Log review

—

Question 236

Exceptions to a security policy should be approved based PRIMARILY on:

A: results of a cost-benefit analysis.
B: risk appetite.
C: security incident classification.
D: industry best practices.

—

Question 237

When developing a business case for a new security initiative, an information security manager should FIRST:

A: conduct a feasibility study.
B: calculate the total cost of ownership (TCO).
C: perform a cost-benefit analysis.
D: define the issues to be addressed.

—

Question 238

A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:

A: historical data of reported incidents.
B: analysis of current threat landscape.
C: industry benchmarking gap analysis.
D: projected return on investment (ROI).

—

Question 239

Which of the following is MOST important for an information security steering committee to ensure?

A: Funding is available for information security projects.
B: Information security is managed as a business critical issue.
C: Periodic information security audits are conducted.
D: Resources used for information security projects are minimized.

—

Question 240

An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?

A: Refer to the privacy policy.
B: Refer to the incident response plan.
C: Send out a breach notification to all parties involved.
D: Contact the board of directors.

—

Question 241

Which of the following is the BEST defense against a brute force attack?

A: Discretionary access control
B: Multi-factor authentication (MFA)
C: Mandatory access control
D: Time-of-day restrictions

—

Question 242

Which of the following is MOST important to verify during a test of an organization's incident response process?

A: Whether incident response team members know their responsibilities
B: Whether senior management endorses the incident response process
C: Whether users know which numbers to call in the call tree
D: Whether incident response team members are cross-trained

—

Question 243

An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month, though no systems have actually been compromised. Which of the following should the information security manager do FIRST?

A: Tune the IPS to address false positives.
B: Report the increase in hacking attempts to senior management.
C: Validate the events identified by the IPS.
D: Update security awareness training.

—

Question 244

The likelihood of a successful intrusion is a function of:

A: threat and vulnerability levels.
B: design and redundancy of network perimeter controls.
C: configuration and maintenance of log monitoring system.
D: opportunity and asset value.

—

Question 245

Which of the following is the BEST evidence that senior management supports the information security program?

A: The information security manager reports to the chief risk officer (CRO)
B: A reduction in information security costs
C: Consistent enforcement of information security policies
D: A high level of information security risk acceptance

—

Question 246

An information security manager discovers that the organization's new information security policy is not being followed across all departments. Which of the following should be of GREATEST concern to the information security manager?

A: Business unit management has not emphasized the importance of the new policy.
B: Different communication methods may be required for each business unit.
C: The wording of the policy is not tailored to the audience.
D: The corresponding controls are viewed as prohibitive to business operations.

—

Question 247

During incident recovery, which of the following is the BEST approach to ensure the eradication of traces hidden by an attacker?

A: Reinstall the system from the original source.
B: Perform continuous monitoring until validation is achieved.
C: Prohibit use of the account suspected to be compromised.
D: Conduct a forensic investigation to acquire evidence.

—

Question 248

Which of the following BEST enables the effectiveness of an information security training program for new employees?

A: New employees are required to acknowledge the information security policy.
B: New employees must complete a security assessment after training.
C: Information security training precedes all other onboarding training.
D: The training is specific to new employees' job functions.

—

Question 249

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

A: Temporarily suspend wire transfers for the organization.
B: Provide awareness training to staff responsible for wire transfers.
C: Disable emails for staff responsible for wire transfers.
D: Provide awareness training to the CEO for this type of phishing attack.

—

Question 250

Which of the following is the BEST indication of effective information security governance?

A: Comprehensive security policies reflect organizational objectives.
B: Information security is integrated into organizational processes.
C: The information security program follows industry best practices.
D: An information security risk register is maintained.

—

Page 10 of 50 • Questions 226-250 of 1249

←

8 9 10 11 12

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!