ISACA (CISM) Certified Information
Security Manager Exam Prep -Solved
All actions dealing with incidents must be worked with cyclical consideration. What is
the primary post-incident review takeaway? - ANSWER-Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
Along with attention to detail, what is an additional quality required of an incident
handler? - ANSWER-D. Ability to handle stress
Along with cataloging and assigning value to their information, this individual holds the
proper role for review and confirmation of individuals on an access list? - ANSWER-A.
The Data Owner
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be: - ANSWER-d.
Evaluated and prioritized based on credible threat and impact if exploited and and
mitigation cost
As the increased use of regulation and compliance in the Information Security arena
expands, information security managers must work to put tasks into perspective. To do
this, ISMs should involve affected organizations and view "regulations" as a? -
ANSWER-Either
A. Risk
B. Legal interpretation
At the conclusion of the risk assessment process, which of the following would prove
most beneficial to understand in assisting the risk management decision making? -
ANSWER-Either
A. Control risk
C. Risk exposure
D. Residual risk
Security Manager Exam Prep -Solved
All actions dealing with incidents must be worked with cyclical consideration. What is
the primary post-incident review takeaway? - ANSWER-Either
A. Pursuit of legal action
B. Identify personnel failures
D. Derive ways to improve the response process
Along with attention to detail, what is an additional quality required of an incident
handler? - ANSWER-D. Ability to handle stress
Along with cataloging and assigning value to their information, this individual holds the
proper role for review and confirmation of individuals on an access list? - ANSWER-A.
The Data Owner
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be: - ANSWER-d.
Evaluated and prioritized based on credible threat and impact if exploited and and
mitigation cost
As the increased use of regulation and compliance in the Information Security arena
expands, information security managers must work to put tasks into perspective. To do
this, ISMs should involve affected organizations and view "regulations" as a? -
ANSWER-Either
A. Risk
B. Legal interpretation
At the conclusion of the risk assessment process, which of the following would prove
most beneficial to understand in assisting the risk management decision making? -
ANSWER-Either
A. Control risk
C. Risk exposure
D. Residual risk
