Online Access Free ISACA.CISM.v2023-07-28.q152 Practice Test (Page 24)

CISM Exam Question 111

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

A.Projected Increase in maturity level

B.Estimated reduction in risk

C.Projected costs over time

D.Estimated increase in efficiency

CISM Exam Question 112

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

A.Recommend canceling the outsourcing contract.

B.Determine the extent of the impact to the organization.

C.Notify affected customers of the data breach.

D.Request an independent review of the provider's data center.

CISM Exam Question 113

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

A.Continue using the existing incident response procedures.

B.Adopt the cloud provider's incident response procedures.

C.Transfer responsibility for incident response to the cloud provider.

D.Revise incident response procedures to encompass the cloud environment.

CISM Exam Question 114

Labeling information according to its security classification:

A.enhances the likelihood of people handling information securely.

B.reduces the number and type of countermeasures required.

C.reduces the need to identify baseline controls for each classification.

D.affects the consequences if information is handled insecurely.

Correct Answer: A

Labeling information according to its security classification enhances the likelihood of people handling information securely. Security classification is a process of categoriz-ing information based on its level of sensitivity and importance, and applying appropri-ate security controls based on the level of risk associated with that infor-mation1. Labeling is a process of marking the information with the appropriate classifi-cation level, such as public, internal, confidential, secret, or top secret2. The purpose of labeling is to inform the users of the information about its value and protection re-quirements, and to guide them on how to handle it securely. Labeling can help users to:
* Identify the information they are dealing with and its classification level
* Understand their roles and responsibilities regarding the information
* Follow the security policies and procedures for the information
* Avoid unauthorized access, disclosure, modification, or destruction of the information
* Report any security incidents or breaches involving the information
Labeling can also help organizations to:
* Track and monitor the information and its usage
* Enforce access controls and encryption for the information
* Audit and review the compliance with security standards and regulations for the infor-mation
* Educate and train employees and stakeholders on information security awareness and best practices Therefore, labeling information according to its security classification enhances the likelihood of people handling information securely, as it increases their awareness and accountability, and supports the implementation of security measures. The other op-tions are not the primary benefits of labeling information according to its security clas-sification. Reducing the number and type of countermeasures required is not a benefit, but rather a consequence of applying security controls based on the classification lev-el. Reducing the need to identify baseline controls for each classification is not a bene-fit, but rather a prerequisite for labeling information according to its security classifica-tion. Affecting the consequences if information is handled insecurely is not a benefit, but rather a risk that needs to be managed by implementing appropriate security con-trols and incident response procedures. Reference: 1: Information Classification - Ad-visera 2: Information Classification in Information Security - GeeksforGeeks : Infor-mation Security Policy - NIST : Information Security Classification Framework - Queensland Government

CISM Exam Question 115

Which of the following should be the PRIMARY basis for determining the value of assets?

A.Cost of replacing the assets

B.Original cost of the assets minus depreciation

C.Business cost when assets are not available

D.Total cost of ownership (TCO)

Other Version: 1872ISACA.CISM.v2024-10-14.q528; 601ISACA.CISM.v2024-07-14.q167; 706ISACA.CISM.v2024-04-24.q336; 1247ISACA.CISM.v2023-09-14.q160; 1232ISACA.CISM.v2023-09-09.q151; 1219ISACA.CISM.v2023-08-22.q180; 1045ISACA.CISM.v2023-05-16.q111; 1081ISACA.CISM.v2023-05-10.q114; 1025ISACA.CISM.v2023-03-07.q88; 4379ISACA.CISM.v2022-09-16.q374; 8259ISACA.CISM.v2022-08-01.q522; 56ISACA.Ipassleader.CISM.v2022-06-09.by.josephine.1215q.pdf; 11771ISACA.CISM.v2022-04-15.q999; 14824ISACA.CISM.v2021-10-30.q999

Latest Upload: 257ISACA.CGEIT.v2025-09-19.q537; 153Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 154Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 243Nutanix.NCP-US-6.5.v2025-09-16.q73; 264Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 324CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CISM Exam Question 111

CISM Exam Question 112

CISM Exam Question 113

CISM Exam Question 114

CISM Exam Question 115

Download PDF File