CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 36)

Page 36 of 430
PDF with 1716 Questions

Which of the following should be determined while defining risk management strategies?

  1. Risk assessment criteria
  2. Organizational objectives and risk appetite
  3. IT architecture complexity
  4. Enterprise disaster recovery plans

Answer(s): B

Explanation:

While defining risk management strategies, one needs to analyze the organization's objectives and risk appetite and define a risk management framework based on this analysis. Some organizations may accept known risks, while others may invest in and apply mitigation controls to reduce risks. Risk assessment criteria would become part of this framework, but only after proper analysis. IT architecture complexity and enterprise disaster recovery plans are more directly related to assessing risks than defining strategies.



When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?

  1. Preserving the confidentiality of sensitive data
  2. Establishing international security standards for data sharing
  3. Adhering to corporate privacy standards
  4. Establishing system manager responsibility for information security

Answer(s): A

Explanation:

The goal of information security is to protect the organization's information assets. International security standards are situational, depending upon the company and its business. Adhering to corporate privacy standards is important, but those standards must be appropriate and adequate and are not the most important factor to consider. All employees are responsible for information security, but it is not the most important factor to consider.



Which of the following is the BEST reason to perform a business impact analysis (BIA)?

  1. To help determine the current state of risk
  2. To budget appropriately for needed controls
  3. To satisfy regulatory requirements
  4. To analyze the effect on the business

Answer(s): A

Explanation:

The BIA is included as part of the process to determine the current state of risk and helps determine the acceptable levels of response from impacts and the current level of response, leading to a gap analysis. Budgeting appropriately may come as a result, but is not the reason to perform the analysis. Performing an analysis may satisfy regulatory requirements, bill is not the reason to perform one. Analyzing the effect on the business is part of the process, but one must also determine the needs or acceptable effect or response.



Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?

  1. Maturity of security processes
  2. Remediation of audit findings
  3. Decentralization of security governance
  4. Establishment of security governance

Answer(s): D






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts