Isaca CISM Quiz 31 Topic 7 Questions 151-155

Question: 1

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

AIncrease the frequency of log monitoring and analysis.

BIncrease the sensitivity of intrusion detection systems.

CImplement multi-factor authentication.

DImplement a security information and event management system

Show Answer

Question: 2

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

AImproved feedback on the anti-phishing campaign

BDecreased number of incidents that have occurred

CImproved staff attendance in awareness sessions

DDecreased number of phishing emails received

Show Answer

Question: 3

Which of the following is the MOST important element in the evaluation of inherent security risks?

AImpact to the organization

BCast of countermeasures

CControl effectiveness

DResidual risk

Show Answer

Question: 4

Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?

ABenchmarking against industry peers

BPrioritization of action plans

CValidation of current capabilities

DIdentification of threats and vulnerabilities

Show Answer

Question: 5

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

Arecommend that management avoid the business activity

Btransfer risk to a third party to avoid cost of impact.

Cimplement controls to mitigate the risk to an acceptable level.

Dassess the gap between current and acceptable level of risk.

Show Answer

Isaca CISM Quiz:31 Topic:7 Questions:151-155