ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 1107 discussion

Actual exam question from Isaca's CISM
Question #: 1107
Topic #: 1
[All CISM Questions]

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

  • A. Review third-party contracts as part of the vendor management process.
  • B. Perform an audit on vendors' security controls and practices.
  • C. Integrate risk management into the vendor management process.
  • D. Conduct security reviews on the services and solutions delivered.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ssdny at March 26, 2024, 3:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SHERLOCKAWS
1 week, 4 days ago
Selected Answer: C
Answer is C: Integrate risk management into the vendor management process. Because it provides a comprehensive, strategic approach to managing third-party security risks, fully aligned with CISM’s risk-based governance model.
upvoted 1 times
...
Josef4CISM
2 months, 2 weeks ago
Selected Answer: C
leaning towards C. by integrating risk management into the vendor management process, you proactively define and shape security requirements for vendors upfront. That's a more effective way than doing security reviews and following up with deviations from time to time.
upvoted 2 times
...
afoo1314
7 months, 2 weeks ago
Selected Answer: C
c seems make sense
upvoted 2 times
...
Booict
8 months, 3 weeks ago
B - Auditing vendors helps evaluate their security posture, identify vulnerabilities, and ensure compliance with organizational standards. The term “audit” is more commonly associated with thorough assessments.
upvoted 1 times
...
oluchecpoint
11 months, 2 weeks ago
Selected Answer: D
Conduct security reviews on the services and solutions delivered. Not going for option C because you can integrate risk measures and not review.
upvoted 2 times
helg420
10 months, 3 weeks ago
risk management includes monitoring and managing risk
upvoted 3 times
...
...
ssdny
1 year ago
Selected Answer: D
Is it not D?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago