Isaca CISM Quiz 42 Topic 1 Questions 206-210

Question: 1

What is the BEST reason to keep information security policies separate from procedures?

ATo keep policy documents from becoming too large

BTo keep policies from having to be changed too frequently

CTo ensure that individual documents do not contain conflicting information

DTo ensure policies receive the appropriate approvals

Show Answer

Question: 2

Which of the following BEST validates that security controls are implemented in a new business process?

ABenchmark the process against industry practices

BVerify the use of a recognized control framework.

CAssess the process according to information security policy.

DReview the process for conformance with information security best practices.

Show Answer

Question: 3

A corporate information security program is BEST positioned for success when:

Athe program aligns with industry best practice.

Bsenior management supports the program.

Csecurity is thoroughly assessed in the program.

DStaff is receptive to the program.

Show Answer

Question: 4

Risk scenarios simplify the risk assessment process by:

Afocusing on important and relevant risk.

Bcovering the full range of possible risk.

Creducing the need for subsequent risk evaluation.

Densuring business risk is mitigated.

Show Answer

Question: 5

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

AEvaluate the cost of information security integration.

BAssess the business objectives of the processes.

CIdentify information security risk associated with the processes.

DBenchmark the processes with best practice to identify gaps.

Show Answer

Isaca CISM Quiz:42 Topic:1 Questions:206-210