Question 1

A common drawback of email software packages that provide native encryption of messages is that the encryption:

Options :

A : cannot encrypt attachments

B : cannot interoperate across product domains.

C : has an insufficient key length.

D : has no key-recovery mechanism.

Answer: B

Question 2

Of the following, who is BEST positioned to be accountable for risk acceptance decisions based on risk appetite?

Options :

A : Information security manager

B : Chief risk officer (CRO)

C : Information security steering committee

D : Risk owner

Answer: D

Question 3

Recommendations for enterprise investment in security technology should be PRIMARILY based on:

Options :

A : adherence to international standards

B : availability of financial resources

C : the organization s risk tolerance

D : alignment with business need

Answer: C

Question 4

An organization wants to migrate a proprietary application to be hosted by a third-party cloud hosting provider using a Platform as a Service (PaaS) model. Prior to selecting the cloud provider, what is MOST important for the organization to ensure?

Options :

A : The cloud provider can meet recovery point objectives (RPOs).

B : The cloud provider adheres to applicable regulations.

C : The cloud provider’s service level agreement (SLA) includes availability requirements.

D : The hosting contract has a termination clause.

Answer: B

Question 5

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

Options :

A : Automated controls

B : Security policies

C : Guidelines

D : Standards

Answer: D

Free CISM Mock Exam – Practice Online Confidently

Buying Options: