Online Access Free ISACA.CISM.v2024-10-14.q528 Practice Test (Page 89)

CISM Exam Question 436

Management would like to understand the risk associated with engaging an Infrastructure-as-a- Service (IaaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?

A.Mapping risk scenarios according to sensitivity of data

B.Reviewing mitigating and compensating controls for each risk scenario

C.Mapping the risk scenarios by likelihood and impact on a chart

D.Performing a risk assessment on the IaaS provider

CISM Exam Question 437

An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?

A.Detective

B.Preventive

C.Corrective

D.Deterrent

CISM Exam Question 438

An employee clicked on a malicious link in an email that resulted in compromising company data.
What is the BEST way to mitigate this risk in the future?

A.Conduct phishing awareness training.

B.Establish an acceptable use policy.

C.Assess and update spam filtering rules.

D.Implement disciplinary procedures.

CISM Exam Question 439

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

A.risk-reporting methodologies

B.security requirements for the process being outsourced

C.security metrics

D.service level agreements (SLAs)

CISM Exam Question 440

To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

A.the steering committee provides guidance and dispute resolution.

B.noncompliance issues are reported to senior management.

C.the security policy is changed to accommodate IT performance pressure.

D.IT policies and procedures are better aligned to security policies.

Other Version: 606ISACA.CISM.v2024-07-14.q167; 724ISACA.CISM.v2024-04-24.q336; 1265ISACA.CISM.v2023-09-14.q160; 1233ISACA.CISM.v2023-09-09.q151; 1232ISACA.CISM.v2023-08-22.q180; 1009ISACA.CISM.v2023-07-28.q152; 1045ISACA.CISM.v2023-05-16.q111; 1081ISACA.CISM.v2023-05-10.q114; 1025ISACA.CISM.v2023-03-07.q88; 4396ISACA.CISM.v2022-09-16.q374; 8278ISACA.CISM.v2022-08-01.q522; 56ISACA.Ipassleader.CISM.v2022-06-09.by.josephine.1215q.pdf; 11789ISACA.CISM.v2022-04-15.q999; 14842ISACA.CISM.v2021-10-30.q999

Latest Upload: 290ISACA.CGEIT.v2025-09-19.q537; 154Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 154Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 245Nutanix.NCP-US-6.5.v2025-09-16.q73; 265Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CISM Exam Question 436

CISM Exam Question 437

CISM Exam Question 438

CISM Exam Question 439

CISM Exam Question 440

Download PDF File