Isaca CISM Quiz 268 Topic 4 Questions 1336-1340

Question: 1

Which of the following is the MOST effective way to facilitate the implementation of IT security program objectives?

AEstablishing a steering committee with executive and business involvement

BDeveloping a suite of policy, standards, and procedure documents

CDesigning a compulsory IT security training program for all employees

DCreating a help desk and change management platform

Show Answer

Question: 2

A corporate web site has become compromised as a result of a malicious attack. Which of the following should the information security manager do FIRST?

AContain the incident.

BPerform a root cause analysis.

CRestore the system from backup.

DEscalate the incident to senior management.

Show Answer

Question: 3

Which of the following is MOST important in the development of metrics for the effectiveness of information security?

AUsing clearly defined objectives

BUsing quantitative measurement

CUsing qualitative risk assessment results

DUsing standard reporting tools

Show Answer

Question: 4

An information security manager has been made aware that implementing a control would have an adverse impact to the business. The business manager has suggested accepting the risk. The BEST course of action by the information security manager would be to:

Adocument the risk exception

Breview existing technical controls.

Crecommend compensating controls

Dcontinue implementing the control.

Show Answer

Question: 5

Which of the following is the BEST method for management to obtain assurance of compliance with its security policy?

AQuestion staff concerning their security duties.

BConduct regular independent reviews.

CTrain staff on their compliance responsibilities.

DReview security incident logs.

Show Answer

Isaca CISM Quiz:268 Topic:4 Questions:1336-1340