Question 1

Which type of control is an incident response team?

Options :

A : Detective

B : Directive

C : Corrective

D : Preventive

Answer: C

Question 2

To inform a risk treatment decision, which of the following should the information security manager compare with the organization's risk appetite?

Options :

A : Gap analysis results

B : Level of risk treatment

C : Configuration parameters

D : Level of residual risk

Answer: D

Question 3

An organization that uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:

Options :

A : the availability of continuous technical support.

B : appropriate service level agreements (SLAs) are in place.

C : a right-to-audit clause is included in contracts.

D : internal security standards are in place.

Answer: C

Question 4

When deciding to move to a cloud-based model, the FIRST consideration should be:

Options :

A : data classification

B : physical location of the data

C : storage in a shared environment

D : availability of the data

Answer: A

Question 5

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Options :

A : Business impact analysis (BIA)

B : Security operations program

C : Information security policy

D : Security risk assessment

Answer: C

Higher Test Marks with Free Online CISM Exam Practice

Buying Options: