ISACA Certified Information Security Manager (CISM) Prep Questions and Answers (100% Correct)

ISACA Certified Information Security Manager (CISM) Prep Questions and Answers (100% Correct) Which of the following is the primary step in control implementation for a new business application? - Answer️️ -D. Risk assessment When implementing an information security program, in which phase of the implementation should metrics be established to assess the effectiveness of the program over time?" - Answer️️ -Either B. Initiation C. Design Data owners are concerned and responsible for who has access to their resources and therefore need to be concerned with the strategy of how to mitigate risk of data resource usage. Which of the following actions facilitates that responsibility? - Answer️️ -B. Entitlement changes Which of the following is the best method to determine the effectiveness of the incident response process? - Answer️️ -C. Post-incident review ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 When properly implemented, a risk management program should be designed to reduce an organization's risk to: - Answer️️ -C. A level at which the organization is willing to accept What controls the process of introducing changes to systems to ensure that unintended changes are not introduced? - Answer️️ -C. Change management All actions dealing with incidents must be worked with cyclical consideration. What is the primary post-incident review takeaway? - Answer️️ -Either A. Pursuit of legal action B. Identify personnel failures D. Derive ways to improve the response process If a forensics copy of a hard drive is required for legal matters, which of the following options provide the best solid defense for preservation of evidence? - Answer️️ -C. A bit-by-bit copy of all data ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 What is the preferred step an ISM should take to ensure the disaster recovery plan is adequate and remains current? - Answer️️ -A. Quarterly reviews of recovery plan information Which of the following would prove to be the best protection and recovery procedures if an intruder has gained root access to a system? - Answer️️ -Either A. Use system recovery to restore the last known good image C. Rebuild the system and its OS and applications using the original vendor media D. Have all users change passwords As the increased use of regulation and compliance in the Information Security arena expands, information security managers must work to put tasks into perspective. To do this, ISMs should involve affected organizations and view "regulations" as a? - Answer️️ -Either A. Risk B. Legal interpretation ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 Which of the following is the most significant challenge when developing an incident management plan? - Answer️️ -D. Lack of management and leadership buy-in Resource allocation is crucial during incident triage as it assists in prioritization and categorization. Why would this be critical for most organizations when conducting triage? - Answer️️ -A. Most organizations have limited incident handling resources As part of the Risk Management process, assessments