Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 82)

Page 82 of 430
PDF with 1716 Questions

An information security manager has been asked to create a strategy to protect the organization’s information from a variety of threat vectors. Which of the following should be done FIRST?

  1. Perform a threat modeling exercise
  2. Develop a risk profile
  3. Design risk management processes
  4. Select a governance framework

Answer(s): B



Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

  1. Integrating the risk assessment into the internal audit program
  2. Applying global security standards to the IT projects
  3. Training project managers on risk assessment
  4. Having the information security manager participate on the project setting committees

Answer(s): B



An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?

  1. Conduct an evaluation of controls
  2. Determine if the risk is within the risk appetite
  3. Implement countermeasures to mitigate risk
  4. Classify all identified risks

Answer(s): B



Which of the following would be the BEST indicator that an organization is appropriately managing risk?

  1. The number of security incident events reported by staff has increased
  2. Risk assessment results are within tolerance
  3. A penetration test does not identify any high-risk system vulnerabilities
  4. The number of events reported from the intrusion detection system has declined

Answer(s): B






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts