Download Certified Information Security Manager.CISM.CertKiller.2020-04-10.674q.tqb

ProfExam Suite - Black Friday
Vendor: ISACA
Exam Code: CISM
Exam Name: Certified Information Security Manager
Date: Apr 10, 2020
File Size: 2 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Which of the following should be the FIRST step in developing an information security plan?
  1. Perform a technical vulnerabilities assessment
  2. Analyze the current business strategy
  3. Perform a business impact analysis
  4. Assess the current levels of security awareness
Correct answer: B
Explanation:
Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.
Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.
Question 2
Which of the following would BEST ensure the success of information security governance within an organization?
  1. Steering committees approve security projects
  2. Security policy training provided to all managers
  3. Security training available to all employees on the intranet
  4. Steering committees enforce compliance with laws and regulations
Correct answer: A
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
Question 3
Information security governance is PRIMARILY driven by:
  1. technology constraints.
  2. regulatory requirements.
  3. litigation potential.
  4. business strategy.
Correct answer: D
Explanation:
Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.
Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!