CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 8)

Page 7 of 430
PDF with 1716 Questions

Which of the following are seldom changed in response to technological changes?

  1. Standards
  2. Procedures
  3. Policies
  4. Guidelines

Answer(s): C

Explanation:

Policies are high-level statements of objectives. Because of their high-level nature and statement of broad operating principles, they are less subject to periodic change. Security standards and procedures as well as guidelines must be revised and updated based on the impact of technology changes.



The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:

  1. storage capacity and shelf life.
  2. regulatory and legal requirements.
  3. business strategy and direction.
  4. application systems and media.

Answer(s): D

Explanation:

Long-term retention of business records may be severely impacted by changes in application systems and media. For example, data stored in nonstandard formats that can only be read and interpreted by previously decommissioned applications may be difficult, if not impossible, to recover. Business strategy and direction do not generally apply, nor do legal and regulatory requirements. Storage capacity and shelf life are important but secondary issues.



Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?

  1. More uniformity in quality of service
  2. Better adherence to policies
  3. Better alignment to business unit needs
  4. More savings in total operating costs

Answer(s): C

Explanation:

Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to administer due to the lack of economies of scale. Uniformity in quality of service tends to vary from unit to unit.



Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?

  1. Chief security officer (CSO)
  2. Chief operating officer (COO)
  3. Chief privacy officer (CPO)
  4. Chief legal counsel (CLC)

Answer(s): B

Explanation:

The chief operating officer (COO) is most knowledgeable of business operations and objectives. The chief privacy officer (CPO) and the chief legal counsel (CLC) may not have the knowledge of the day- to-day business operations to ensure proper guidance, although they have the same influence within the organization as the COO. Although the chief security officer (CSO) is knowledgeable of what is needed, the sponsor for this task should be someone with far-reaching influence across the organization.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts