Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 79)

Page 79 of 430
PDF with 1716 Questions

When implementing security controls, an information security manager must PRIMARILY focus on:

  1. minimizing operational impacts.
  2. eliminating all vulnerabilities.
  3. usage by similar organizations.
  4. certification from a third party.

Answer(s): A

Explanation:

Security controls must be compatible with business needs. It is not feasible to eliminate all vulnerabilities. Usage by similar organizations does not guarantee that controls are adequate. Certification by a third party is important, but not a primary concern.



All risk management activities are PRIMARILY designed to reduce impacts to:

  1. a level defined by the security manager.
  2. an acceptable level based on organizational risk tolerance.
  3. a minimum level consistent with regulatory requirements.
  4. the minimum level possible.

Answer(s): B

Explanation:

The aim of risk management is to reduce impacts to an acceptable level. "Acceptable" or "reasonable" are relative terms that can vary based on environment and circumstances. A minimum level that is consistent with regulatory requirements may not be consistent with business objectives, and regulators typically do not assign risk levels. The minimum level possible may not be aligned with business requirements.



After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

  1. Information security officer
  2. Chief information officer (CIO)
  3. Business owner
  4. Chief executive officer (CFO)

Answer(s): C

Explanation:

The business owner of the application needs to understand and accept the residual application risks.



The purpose of a corrective control is to:

  1. reduce adverse events.
  2. indicate compromise.
  3. mitigate impact.
  4. ensure compliance.

Answer(s): C

Explanation:

Corrective controls serve to reduce or mitigate impacts, such as providing recovery capabilities. Preventive controls reduce adverse events, such as firewalls. Compromise can be detected by detective controls, such as intrusion detection systems (IDSs). Compliance could be ensured by preventive controls, such as access controls.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts