Isaca Exam CISM Topic 5 Question 65 Discussion

Actual exam question for Isaca's CISM exam

Question #: 65
Topic #: 5

[All CISM Questions]

The PRIMARY objective of timely declaration of a disaster is to:

Aensure engagement of business management in the recovery process.

Bassess and correct disaster recovery process deficiencies.

Cprotect critical physical assets from further loss.

Densure the continuity of the organization's essential services.

Show Suggested Answer

Suggested Answer: B

The greatest concern with the situation of privileged employee access requests to production servers being approved but not logged is the lack of accountability, which means the inability to trace or verify the actions and decisions of the privileged users. Lack of accountability can lead to security risks such as unauthorized changes, data breaches, fraud, or misuse of privileges. Logging user actions is a key component of privileged access management (PAM), which helps to monitor, detect, and prevent unauthorized privileged access to critical resources. The other options, such as lack of availability, improper authorization, or inadequate authentication, are not directly related to the situation of not logging user actions. Reference:

https://www.microsoft.com/en-us/security/business/security-101/what-is-privileged-access-management-pam

https://www.ekransystem.com/en/blog/privileged-user-monitoring-best-practices

https://www.beyondtrust.com/resources/glossary/privileged-access-management-pam

by Carin at Nov 22, 2023, 03:57 PM

Limited Time Offer

25%

25 days ago

I think the primary objective is to ensure continuity of essential services.

upvoted 0 times

...