CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 22)

Page 21 of 430
PDF with 1716 Questions

Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:

  1. it implies compliance risks.
  2. short-term impact cannot be determined.
  3. it violates industry security practices.
  4. changes in the roles matrix cannot be detected.

Answer(s): A

Explanation:

Monitoring processes are also required to guarantee fulfillment of laws and regulations of the organization and, therefore, the information security manager will be obligated to comply with the law. Choices B and C are evaluated as part of the operational risk. Choice D is unlikely to be as critical a breach of regulatory legislation. The acceptance of operational risks overrides choices B, C and D.



An outcome of effective security governance is:

  1. business dependency assessment
  2. strategic alignment.
  3. risk assessment.
  4. planning.

Answer(s): B

Explanation:

Business dependency assessment is a process of determining the dependency of a business on certain information resources. It is not an outcome or a product of effective security management. Strategic alignment is an outcome of effective security governance. Where there is good governance, there is likely to be strategic alignment. Risk assessment is not an outcome of effective security governance; it is a process. Planning comes at the beginning of effective security governance, and is not an outcome but a process.



How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?

  1. Give organization standards preference over local regulations
  2. Follow local regulations only
  3. Make the organization aware of those standards where local regulations causes conflicts
  4. Negotiate a local version of the organization standards

Answer(s): D

Explanation:

Adherence to local regulations must always be the priority. Not following local regulations can prove detrimental to the group organization. Following local regulations only is incorrect since there needs to be some recognition of organization requirements. Making an organization aware of standards is a sensible step, but is not a total solution. Negotiating a local version of the organization standards is the most effective compromise in this situation.



Who should drive the risk analysis for an organization?

  1. Senior management
  2. Security manager
  3. Quality manager
  4. Legal department

Answer(s): B

Explanation:

Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department. Quality management and the legal department will contribute to the project.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts