Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISMFree trial

By isaca

Verified

25Q per page

Question 76

Which of the following is the PRIMARY objective of a cyber resilience strategy?

A: Business continuity
B: Employee awareness
C: Executive support
D: Regulatory compliance

—

Question 77

Which of the following is the MOST important reason for an organization to communicate to affected parties that a security incident has occurred?

A: To improve awareness of information security
B: To disclose the root cause of the incident
C: To comply with regulations regarding notification
D: To increase goodwill toward the organization

—

Question 78

Which of the following is the BEST indication that an information security control is no longer relevant?

A: The control is not cost efficient.
B: The control does not support a specific business function.
C: IT management does not support the control.
D: The technology related to the control is obsolete.

—

Question 79

Which of the following is the PRIMARY advantage of an organization using Disaster Recovery as a Service (DRaaS) to help manage its disaster recovery program?

A: It offers the organization flexible deployment options using cloud infrastructure.
B: It allows the organization to prioritize its core operations.
C: It is more secure than traditional data backup architecture.
D: It allows the use of a professional response team at a lower cost.

—

Question 80

An organization wants to enable digital forensics for a business-critical application. Which of the following will BEST help to support this objective?

A: Install biometric access control.
B: Develop an incident response plan.
C: Define data retention criteria.
D: Enable activity logging.

—

Question 81

Which of the following is the MOST important outcome of a post-incident review?

A: The system affected by the incident is restored to its prior state.
B: The root cause of the incident is determined.
C: The person responsible for the incident is identified.
D: The impact of the incident is reported to senior management.

—

Question 82

Which of the following is the BEST indicator of the performance of a security program?

A: Changes in return on investments (ROIs)
B: Changes in the maturity level
C: Changes in budget allocation
D: Changes in security training attendance

—

Question 83

An organization has remediated a security flaw in a system. Which of the following should be done NEXT?

A: Allocate budget for penetration testing.
B: Update the system's documentation.
C: Assess the residual risk.
D: Share lessons learned with the organization.

—

Question 84

Which of the following BEST facilitates the development of a comprehensive information security policy?

A: Alignment with an established information security framework
B: Security key performance indicators (KPIs)
C: A review of recent information security incidents
D: An established internal audit program

—

Question 85

Which of the following is the MOST effective way to demonstrate improvement in security performance?

A: Report the results of a security control self-assessment (CSA).
B: Present trends in a validated metrics dashboard.
C: Provide a summary of security project return on investments (ROIs).
D: Present vulnerability testing results.

—

Question 86

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

A: Corporate risk framework
B: Corporate culture
C: Clarity of security roles and responsibilities
D: Maturity of the security policy

—

Question 87

Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?

A: Manage business process changes.
B: Update business impact analyses (BIAs) on a regular basis.
C: Review and update emergency contact lists.
D: Conduct periodic testing.

—

Question 88

Which of the following would be MOST useful when determining the business continuity strategy for a large organization's data center?

A: Business impact analysis (BIA)
B: Incident root cause analysis
C: Stakeholder feedback analysis
D: Business continuity risk analysis

—

Question 89

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

A: Seek an independent opinion to confirm the findings.
B: Determine alignment with existing regulations.
C: Report findings to key stakeholders.
D: Recommend additional network segmentation.

—

Question 90

Who should be included in INITIAL discussions regarding a failed security control?

A: Penetration testers
B: The service provider
C: Senior management
D: The process owner

—

Question 91

An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?

A: Notify internal legal counsel.
B: Isolate the impacted endpoints.
C: Wipe the affected system.
D: Notify senior management.

—

Question 92

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

A: The data custodian
B: The data owner
C: Internal IT audit
D: The information security manager

—

Question 93

Which of the following should an information security manager do FIRST upon learning of a new ransomware targeting a particular line of business?

A: Ensure backups are stored offsite.
B: Conduct a disaster recovery test and address any gaps.
C: Assess the potential impact to the organization.
D: Conduct a vulnerability scan and remediate the findings.

—

Question 94

Which of the following should be the PRIMARY objective when establishing a new information security program?

A: Facilitating operational security
B: Optimizing resources
C: Minimizing organizational risk
D: Executing the security strategy

—

Question 95

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

A: The number and severity of ransomware incidents
B: The total cost of the investment
C: Benchmarks of industry peers impacted by ransomware
D: The cost and associated risk reduction

—

Question 96

Which of the following is the BEST defense against distributed denial of service (DDoS) attacks?

A: Regular patching
B: Multiple and redundant paths
C: Intruder-detection lockout
D: Well-configured routers and firewalls

—

Question 97

Which of the following scenarios would MOST likely require a change to corporate security policies?

A: New security standards have been implemented.
B: Employees do not understand or adhere to the policies.
C: The organization has undergone a merger.
D: The organization incurs an increased number of security incidents.

—

Question 98

While conducting a test of a business continuity plan (BCP), which of the following is the MOST important consideration?

A: The test involves IT members in the test process.
B: The test simulates actual prime-time processing conditions.
C: The test is scheduled to reduce operational impact.
D: The test addresses the critical components.

—

Question 99

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

A: An alternative network link is immediately available.
B: Data backups are recoverable from an offsite location.
C: Network access requires two-factor authentication.
D: Digital currency is immediately available.

—

Question 100

Which of the following is the GREATEST benefit of incorporating information security governance into the corporate governance framework?

A: Management accountability for information security
B: Improved process resiliency in the event of attacks
C: Promotion of security-by-design principles to the business
D: Heightened awareness of information security strategies

—

Page 4 of 50 • Questions 76-100 of 1249

←

2 3 4 5 6

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!