CISM—Certified Information Security Manager - Part 241

1. Recovery time objectives (RTOs) are an output of which of the following?

A) Business continuity plan
B) Disaster recovery plan
C) Service level agreement (SLA)
D) Business impact assessment (BIA)



2. A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events.Which of the following IRT models BEST supports these objectives?

A) Holistic IRT
B) Central IRT
C) Coordinating IRT
D) Distributed IRT



3. Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?

A) Review the confidentiality requirements.
B) Identity the data owner.
C) Select the data source.
D) Identity the intended audience.



4. The decision to escalate an incident should be based PRIMARILY on:

A) organizational hierarchy.
B) prioritization by the information security manager.
C) predefined policies and procedures.
D) response team experience.



5. An organization's information security strategy for the coming year emphasizes reducing the risk of ransomware.Which of the following would be MOSThelpful to support this strategy?

A) Provide relevant training to all staff.
B) Create a penetration testing plan.
C) Perform a controls gap analysis.
D) Strengthen security controls for the IT environment.