Isaca CISM Quiz 22 Topic 2 Questions 106-110

Question: 1

Which of the following is the MOST relevant factor when determining the appropriate escalation process in the incident response plan?

AReplacement cost of the affected systems

BResilience capability of the affected systems

CSignificance of the affected systems

DNumber of resources allocated to respond

Show Answer

Question: 2

An organization has experienced multiple instances of privileged users misusing their access. Which of the following processes would be MOST helpful in identifying such violations?

ALog review

BPolicy exception review

CReview of access controls

DSecurity assessment

Show Answer

Question: 3

A small organization has a contract with a multinational cloud computing vendor. Which of the following would present the GREATEST concern to an information security manager if omitted from the contract?

ARight of the subscriber to conduct onsite audits of the vendor

BEscrow of software code with conditions for code release

CCommingling of subscribers' data on the same physical server

DAuthority of the subscriber to approve access to its data

Show Answer

Question: 4

Information security awareness programs are MOST effective when they are:

Asponsored by senior management.

Breinforced by computer-based training.

Cconducted at employee orientation.

Dcustomized for each target audience.

Show Answer

Question: 5

When establishing metrics for an information security program, the BEST approach is to identify indicators that:

Ademonstrate the effectiveness of the security program.

Breduce information security program spending.

Creflect the corporate risk culture.

Dsupport major information security initiatives.

Show Answer

Isaca CISM Quiz:22 Topic:2 Questions:106-110