Question 1

An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?

Options :

A : Requirements for regularly testing backups

B : The disaster recovery communication plan

C : Recovery time objectives (RTOs)

D : Definition of when a disaster should be declared

Answer: C

Question 2

Which of the following provides the BEST evidence that a newly implemented security awareness program has been effective?

Options :

A : There have been no reported successful phishing attempts since the training started.

B : Employees from each department have completed the required training.

C : There has been an increase in the number of phishing attempts reported.

D : Senior management supports funding for ongoing awareness training.

Answer: C

Question 3

The PRIMARY purpose of implementing information security governance metrics is to:

Options :

A : measure alignment with best practices.

B : refine control operations.

C : assess operational and program metrics.

D : guide security towards the desired state.

Answer: D

Question 4

When creating an incident response plan, which of the following is MOST important to include during the preparation phase of the plan’s life cycle?

Options :

A : Communication plan

B : Response procedures

C : Risk management plan

D : Forensic analysis procedures

Answer: C

Question 5

When investigating an information security incident details of the incident should be shared:

Options :

A : widely to demonstrate positive intent

B : only as needed

C : only with management

D : only with internal audit

Answer: B

Higher Test Marks with Free Online CISM Exam Practice

Buying Options: