Isaca CISM Quiz 235 Topic 6 Questions 1171-1175

Question: 1

When is the BEST time to identify the potential regulatory risk a new service provider presents to the organization?

ADuring contract negotiations

BDuring business case analysis

CDuring due diligence

DDuring integration planning

Show Answer

Question: 2

Information security policies should be designed PRIMARILY on the basis of:

Ainternational standards.

Binherent risks.

Cbusiness risks.

Dbusiness demands.

Show Answer

Question: 3

Which of the following is MOST helpful to developing a comprehensive Information security strategy?

APerforming a business impact analysts (BIA).

BConducting a risk assessment

CAdopting an industry framework

DGathering business objectives

Show Answer

Question: 4

Senior management has allocated funding to each of the organization s divisions to address information security vulnerabilities The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

ARedundant controls may be implemented across divisions.

BInformation security governance could be decentralized by division.

CAreas of highest risk may not be adequately prioritized for treatment.

DReturn on investment may be inconsistently reported to senior management

Show Answer

Question: 5

Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

AEvaluate funding for security initiatives.

BReview the balanced scorecard.

CSurvey end users about corporate governance.

DReview information security policies.

Show Answer

Isaca CISM Quiz:235 Topic:6 Questions:1171-1175