Latest CIS-VRM Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : CIS-VRM
Exam Name : ServiceNow Vendor Risk Management
Vendor Name : "ServiceNow"







CISM Dumps CISM Braindumps

CISM Real Questions CISM Practice Test CISM dumps free


ISACA


CISM


Certified Information Security Manager (CISM)


https://killexams.com/pass4sure/exam-detail/CISM

Question #436 Topic 2


Inadvertent disclosure of internal business information on social media is BEST minimized by which of the following?


  1. Developing social media guidelines

  2. Educating users on social media risks

  3. Limiting access to social media sites

  4. Implementing data loss prevention (DLP) solutions




Answer: D


Question #437 Topic 2


Which of the following is the MOST important security consideration when using Infrastructure as a Service (IaaS)?


  1. Backup and recovery strategy

  2. Compliance with internal standards

  3. User access management

  4. Segmentation among tenants




Answer: C


Question #438 Topic 2


An external security audit has reported multiple instances of control noncompliance. Which of the following is MOST important for the information security manager to communicate to senior management?


  1. Control owner responses based on a root cause analysis

  2. The impact of noncompliance on the organization's risk profile

  3. An accountability report to initiate remediation activities

  4. A plan for mitigating the risk due to noncompliance




Answer: B


Question #439 Topic 2


An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?


  1. Report the noncompliance to the board of directors.

  2. Inform respective risk owners of the impact of exceptions

  3. Design mitigating controls for the exceptions.

  4. Prioritize the risk and implement treatment options.




Answer: D


Question #440 Topic 2


Which of the following models provides a client organization with the MOST administrative control over a cloud- hosted environment?


  1. Storage as a Service (SaaS)

  2. Platform as a Service (PaaS)

  3. Software as a Service (SaaS)

  4. Infrastructure as a Service (IaaS)




Answer: D

Question #441 Topic 2


An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites.

Which of the following is the BEST response to this situation?


  1. Communicate social media usage requirements and monitor compliance.

  2. Block workplace access to social media sites and monitor employee usage.

  3. Train employees how to set up privacy rules on social media sites.

  4. Scan social media sites for company-related information.




Answer: C


Question #442 Topic 2


Which of the following is the BEST

indication that an information security control is no longer relevant?


  1. Users regularly bypass or ignore the control.

  2. The control does not support a specific business function.

  3. IT management does not support the control.

  4. Following the control costs the business more than not following it.




Answer: B


Question #443 Topic 2


Which of the following metrics provides the BEST indication of the effectiveness of a security awareness campaign?


  1. The number of reported security events

  2. Quiz scores for users who took security awareness classes

  3. User approval rating of security awareness classes

  4. Percentage of users who have taken the courses




Answer: A


Question #444 Topic 2


An employee is found to be using an external cloud storage service to share corporate information with a third- party consultant, which is against company policy.

Which of the following should be the information security manager's FIRST course of action?


  1. Determine the classification level of the information.

  2. Seek business justification from the employee.

  3. Block access to the cloud storage service.

  4. Inform higher management a security breach.




Answer: A


Question #445 Topic 2


When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?


  1. Recommendations from senior management

  2. The business continuity plan (BCP)

  3. Business impact analysis (BIA) results

Question #446 Topic 2


An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?


  1. Shut down the server in an organized manner.

  2. Validate that there has been an incident.

  3. Inform senior management of the incident.

  4. Notify the business process owner.




Answer: B


Question #447 Topic 2


An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?


  1. Accessing information security event data

  2. Regular testing of incident response plan

  3. Obtaining physical hardware for forensic analysis

  4. Defining incidents and notification criteria




Answer: A


Question #448 Topic 2


The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?


  1. Ensure better identification of incidents in the incident response plan.

  2. Discuss the definition of roles in the incident response plan.

  3. Require management approval of the incident response plan.

  4. Disseminate the incident response plan throughout the organization.




Answer: B


Question #449 Topic 2


The PRIMARY reason for implementing scenario-based training for incident response is to:


  1. help incident response team members understand their assigned roles.

  2. verify threats and vulnerabilities faced by the incident response team.

  3. ensure staff knows where to report in the event evacuation is required.

  4. assess the timeliness of the incident team response and remediation.




Answer: D


Question #450 Topic 2


What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?


  1. Engage an audit of the provider's data center.

  2. Recommend canceling the outsourcing contract.

  3. Apply remediation actions to counteract the breach.


Question #451 Topic 2


An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented the need to make this ransom payment?


  1. Storing backups on a segregated network

  2. Training employees on ransomware

  3. Ensuring all changes are approved

  4. Verifying the firewall is configured properly




Answer: A