Question 1

Which is following should be an information security manager's PRIMARY focus during the development of a critical system storing highly confidential data?

Options :

A : Reducing the number of vulnerabilities detected

B : Ensuring the amount of residual risk is acceptable

C : Avoiding identified system threats

D : Complying with regulatory requirements

Answer: B

Question 2

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

Options :

A : information security best practices.

B : risk management techniques.

C : the threat environment.

D : the corporate culture.

Answer: D

Question 3

When mitigation is the chosen risk treatment, which of the following roles is responsible for effective implementation of the chosen treatment?

Options :

A : Risk owner

B : Control owner

C : Business system owner

D : Application owner

Answer: B

Question 4

Which of the following is the BEST way to ensure the capability to restore clean data after a ransomware attack?

Options :

A : Purchase cyber insurance

B : Encrypt sensitive production data

C : Perform Integrity checks on backups

D : Maintain multiple offline backups

Answer: D

Question 5

Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy. What should the information security manager do NEXT?

Options :

A : Develop a personal device policy

B : Implement a mobile device management (MDM) solution

C : Develop training specific to BYOD awareness

D : Define control requirements

Answer: D

Free CISM Mock Exam – Practice Online Confidently

Buying Options: