Isaca CISM Quiz 112 Topic 3 Questions 556-560

Question: 1

Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

AInformation security staff perform compliance reviews before production begins

BInformation security staff take responsibility for the design of system security

CInternal audit signs off on security prior to implementation

DBusiness requirements must include security objectives.

Show Answer

Question: 2

What should be an organization'. MAIN concern when evaluating an Infrastructure as a Service (laaS) cloud computing model for an e-commerce application?

AInternal audit requirements

BAvailability of providers services

CWhere the application resides

DApplication ownership

Show Answer

Question: 3

Following a successful and well-publicized hacking incident, an organization alias plans to improve application security. Which of the following is a security project risk?

ACritical evidence may be lost.

BThe reputation of the organization may be damaged

CA trapdoor may have been installed m the application.

DResources may not be available to support the implementation.

Show Answer

Question: 4

When developing an incident response plan, which of the following is the MOST -effective way to ensure incidents common to the organization are handled properly?

AAdopting industry standard response procedures

BRehearsing response scenarios

CConducting awareness training

DCreating and distributing a personnel call tree

Show Answer

Question: 5

For a business operating in a competitive and evolving online market, it is MOST important for a security policy to focus on:

Adefining policies for new technologies.

Benabling adoption of new Technologies.

Crequiring accreditation for new technologies.

Dmanaging risks of new technologies

Show Answer

Isaca CISM Quiz:112 Topic:3 Questions:556-560