Isaca CISM Quiz 270 Topic 3 Questions 1346-1350

Question: 1

Which of the following should be the PRIMARY objective when developing an information security strategy?

ATo reduce potential business exposure

BTo establish security metrics and performance monitoring

CTo delegate regulatory compliance activities

DTo educate business owners regarding security responsibilities

Show Answer

Question: 2

What should an information security manager do FIRST when made aware of a new regulation which may require the redesign of existing information security processes?

A. Develop a future state roadmap. B. Perform a cost-benefit analysis.

CPerform a gap analysis.

DDevelop a business case.

Show Answer

Question: 3

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?

AConduct periodic vulnerability scans of the application.

BRequire annual signed agreements of adherence to security policies

CPerform periodic security assessments of the contractors' activities.

DInclude penalties for noncompliance in the contracting agreement.

Show Answer

Question: 4

An organization is planning to create a website that will collect site-visitor details from around the world and use them as marketing lists for operations in several countries. Which of the following should be of MOST concern to the information security manager?

ALegislation regarding marketing in foreign countries

BPrivacy laws in each of the countries using the details for marketing

CUsing cryptography for transborder data flow

DWording of the website's policy statement on how the details will be used

Show Answer

Question: 5

Senior management has endorsed a comprehensive information security policy. Which of the following should the organization do NEXT?

APromote awareness of the policy among employees.

BImplement an authentication and authorization system.

CIdentify relevant information security frameworks for adoption.

DSeek policy buy-in from business stakeholders.

Show Answer

Isaca CISM Quiz:270 Topic:3 Questions:1346-1350