Complete CISM Isaca Materials

Certified Information Security Manager Questions and Answers

Question 169

Which of the following events is MOST likely to require an organization to revisit its information security framework?

Options:

New services offered by IT

Changes to the risk landscape

A recent cybersecurity attack

A new technology implemented

Answer:

Explanation:

Changes to the risk landscape are the most likely events to require an organization to revisit its information security framework, because they may affect the organization’s risk appetite, risk tolerance, risk profile, and risk treatment strategies. The information security framework should be aligned with the organization’s business objectives and risk management approach, and should be reviewed and updated regularly to reflect the changing internal and external environment.

References =

CISM Review Manual, 16th Edition, ISACA, 2020, p. 35: “The information security framework should be reviewed and updated regularly to ensure that it remains aligned with the enterprise’s business objectives and risk management approach and reflects the changing internal and external environment.”

CISM Review Manual, 16th Edition, ISACA, 2020, p. 36: “Changes in the risk landscape may require the enterprise to revisit its risk appetite, risk tolerance, risk profile, and risk treatment strategies.”

Question 170

The ULTIMATE responsibility for ensuring the objectives of an information security framework are being met belongs to:

Options:

)the information security officer.

the steering committee.

the board of directors.

the internal audit manager.

Answer:

Explanation:

The ultimate responsibility for ensuring the objectives of an information security framework are being met belongs to the board of directors, as they are accountable for the governance of the organization and the oversight of the information security strategy. The board of directors should ensure that the information security framework aligns with the business objectives, supports the business processes, and complies with the legal and regulatory requirements. The board of directors should also monitor the performance and effectiveness of the information security framework and provide guidance and direction for its improvement.

References = CISM Review Manual, 16th Edition eBook1, Chapter 1: Information Security Governance, Section: Enterprise Governance, Subsection: Board of Directors, Page 18.

Question 171

Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns?

Options:

Compartmentalization

Overlapping redundancy

Continuous monitoring

Multi-factor authentication

Answer:

Explanation:

Compartmentalization is the best defense-in-depth implementation for protecting high value assets or for handling environments that have trust concerns because it is a strategy that divides the network or system into smaller segments or compartments, each with its own security policies, controls, and access rules. Compartmentalization helps to isolate and protect the most sensitive or critical data and functions from unauthorized or malicious access, as well as to limit the damage or impact of a breach or compromise. Compartmentalization also helps to enforce the principle of least privilege, which grants users or processes only the minimum access rights they need to perform their tasks. Therefore, compartmentalization is the correct answer.

[References:, https://www.csoonline.com/article/3667476/defense-in-depth-explained-layering-tools-and-processes-for-better-security.html, https://www.fortinet.com/resources/cyberglossary/defense-in-depth, https://sciencepublishinggroup.com/journal/paperinfo?journalid=542&doi=10.11648/j.ajai.20190302.11, , , , , ]

Question 172

Which type of control is an incident response team?

Options:

Preventive

Detective

Corrective

Directive

Answer:

Isaca Certification CISM Release Date
All CISM Test Inside Isaca Questions
Last Attempt CISM Questions
Ace Your CISM Isaca Certification Exam
Free Access Isaca CISM New Release
CISM Premium Exam Questions
Helping Hand Questions for CISM
Passed Exam Today CISM
Selected CISM Isaca Certification Questions Answers
Legit CISM Exam Download
Exactprep CISM Questions
New Release CISM Isaca Certification Questions
Isaca CISM Actual Questions
Changed CISM Exam Questions
Isaca Certification CISM Book
Isaca CISM Based on Real Exam Environment
Isaca Certification CISM Full Course Free
CISM Reviews Questions
Full Access Isaca CISM Tutorials
Download Full Version CISM Isaca Exam
CISM Leak Questions
Isaca CISM Questions Answers
Free CISM Questions Attempt
CISM VCE Exam Download
CISM Isaca Exam Lab Questions
Sure Pass Exam CISM PDF
Isaca CISM Online Access
Online CISM Questions Video
Isaca Certification Changed CISM Questions
CISM Exam Questions Tutorials
Isaca Certification CISM Exam Dumps
Isaca Certification CISM Reddit Questions
PDF CISM Study Guide
CISM Questions Bank
Download Latest CISM Questions
Pearson CISM New Attempt
Pass Using CISM Exam Dumps
Isaca Certification CISM Dumps PDF
Isaca Certification CISM Syllabus Exam Questions Answers
Isaca Certification CISM Exam Questions and Answers PDF
CISM Exam Results
Complete CISM Isaca Materials
Isaca Certification CISM Updated Exam
Pass CISM Exam Guide
Newly Released Isaca CISM Exam PDF
Isaca Isaca Certification CISM New Questions
Isaca Certification CISM Isaca Study Notes
Free CISM Isaca Updates
Isaca Certification CISM Passing Score
Vce CISM Questions Latest
Get More Isaca Exams Free Access

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Certified Information Security Manager Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce