Isaca CISM Quiz 1 Topic 7 Questions 1-5

Question: 1

An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?

ABenchmarks of industry peers impacted by ransomware

BThe cost and associated risk reduction

CThe total cost of the investment

DThe number and severity of ransomware incidents

Show Answer

Question: 2

To help ensure that an information security training program is MOST effective, its contents should be:

Abased on employees' roles.

Bfocused on information security policy.

Caligned to business processes.

Dbased on recent incidents.

Show Answer

Question: 3

An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:

Athe business strategy includes exceptions to the encryption standard.

Bthe implementation supports the business strategy.

Cdata can be recovered if the encryption keys are misplaced.

Da classification policy has been developed to incorporate the need for encryption.

Show Answer

Question: 4

During the response to a serious security breach, who is the BEST organizational staff member to communicate with external entities?

AThe incident response team leader

BThe resource specified in the incident response plan

CA dedicated public relations spokesperson

DThe resource designated by senior management

Show Answer

Question: 5

Which of the following should be the PRIMARY outcome of an information security program?

AThreat reduction

BStrategic alignment

CCost reduction

DRisk elimination

Show Answer

Isaca CISM Quiz:1 Topic:7 Questions:1-5