Isaca CISM Quiz 143 Topic 5 Questions 711-715

Question: 1

What should an information security manager do NEXT when management does not accept control recommendations resulting from a risk assessment?

ARemove the recommendations.

BDocument the decision.

CPerform a reassessment.

DImplement the recommendations.

Show Answer

Question: 2

Which of the following incident response team (IRT) models is ideal for an organization that is regionally managed'

ACoordinating IRT

BDistributed IRT

CGeographical IRT

DCentral IRT

Show Answer

Question: 3

An investigation of a recent security incident determined that the root cause was negligent handling of incident alerts by system administrators. What is the BEST way for the information security manager to address this issue?

AProvide incident response training to data custodians.

BRevise the incident response plan to align with business processes.

CConduct a risk assessment and share the results with senior management.

DProvide incident response training to data owners.

Show Answer

Question: 4

Which of the following is an example of a deterrent control?

ASegregation of responsibilities

BPeriodic data restoration

CAn intrusion detection system (IDS)

Da warning banner

Show Answer

Question: 5

An organization is the victim of a targeted attack, and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

ASecurity information event management (SIEM)

BWeb-application firewall (WAF)

CData leakage prevention (OLP)

DNetwork access control (NAC)

Show Answer

Isaca CISM Quiz:143 Topic:5 Questions:711-715