Isaca CISM - Certified Information Security Manager Exam
Page: 2 / 250
Total 1250 questions
Question #6 (Topic: Single Topic)
What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify
requirements for safeguarding the organization's critical data?
requirements for safeguarding the organization's critical data?
A. Cancel the outsourcing contract.
B. Transfer the risk to the provider.
C. Create an addendum to the existing contract.
D. Initiate an external audit of the provider's data center.
Answer: C
Question #7 (Topic: Single Topic)
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before
implementation?
implementation?
A. Controls to be monitored
B. Reporting capabilities
C. The contract with the SIEM vendor
D. Available technical support
Answer: A
Question #8 (Topic: Single Topic)
Which of the following is MOST likely to be included in an enterprise security policy?
A. Definitions of responsibilities
B. Retention schedules
C. System access specifications
D. Organizational risk
Answer: A
Question #9 (Topic: Single Topic)
Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the
business unit does not have the budget for remediation?
business unit does not have the budget for remediation?
A. Develop a business case for funding remediation efforts.
B. Advise senior management to accept the risk of noncompliance.
C. Notify legal and internal audit of the noncompliant legacy application.
D. Assess the consequences of noncompliance against the cost of remediation.
Answer: D
Question #10 (Topic: Single Topic)
Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?
A. Review the third-party contract with the organizationג€™s legal department.
B. Communicate security policy with the third-party vendor.
C. Ensure security is involved in the procurement process.
D. Conduct an information security audit on the third-party vendor.
Answer: C
