This action might not be possible to undo. Are you sure you want to continue?
CISM Certified Information Security Manager Exam number/code: CISM Exam name: Certified Information Security Manager Questions & Answers: 300 Q&A Related Certifications: CISM
Hundreds of people each day pass their IT certification exams with Testking guaranteed certification resources and training kits. Use the Isaca CISM questions and answers to practice for your next Isaca certification exam. If you don't pass – you don't pay! Testking has the first and only 100% product satisfaction and exam passing guarantee. Advanced practice questions and answers help drive the information into your routine thinking and surpass CISM brain dumps in retention and skill building. Isaca CISM exam answers and practice questions can be used at home or office, installable on up to two PCs, or print the questions and answers to take with you and train on-the-go! Isaca CISM preparation tools are the perfect fit for any Isaca certification candidate with CISM training materials for every level of entry. Exam Engine Features Control your IT training process by customizing your practice certification questions and answers. The fastest and best way to train. * * * * * * Truly interactive practice tests Create and take notes on any question Retake tests until you're satisfied YOU select the areas of the exam to cover Filter questions for a new practice test experience each time Re-visit difficult questions
authentication mechanism. . their lack of enforcement is not a primary concern. Demonstrate that IT mitigating controls are in place D. Poor capacity management may not necessarily represent a security risk. the BEST indicator of compliance would be the: A. but small. Ensure that all IT risks are identified B. Evaluate the impact of information security risks C. Since procedures are generally nonauthoritative . access control matrix. Systems capacity management is not performed Answer: B Explanation: The lack of change management is a severe omission and will greatly increase information security risk. Systems that are developed by third-party vendors are becoming commonplace and do not represent an increase in security risk as much as poor change management. C. Encryption strength. data repository. encryption strength. Systems operation procedures are not enforced B. domestic processing locations? A. Change management procedures are poor C. Systems development is outsourced D. authentication mechanism and data repository might be defined in the SLA but are not confidentiality compliance indicators. Answer: A Explanation: The access control matrix is the best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses. Suggest new IT controls to mitigate operational risk Answer: B Question 3: Based on the information provided.TestKing Isaca CISM Exam Questions & Answers Exam: CISM Certification Questions & Answers Question 1: When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider. D. B. Question 2: Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk? A. which of the following situations presents the GREATEST information security risk for an organization with multiple.
Broken hyperlinks to resources stored elsewhere D. The vulnerability identified is: A. unvalidated input. Answer: D Question 6: When an organization is using an automated tool to manage and house its business continuity plans. Versioning control and tracking changes in personnel and plan assets is actually easier with an automated system. Organizational risks D. Organizational goals Answer: D Explanation: Alignment of security with business objectives requires an understanding of what an organization is trying to accomplish. D. C. this presents a serious weakness if the electronic version is dependent on restoration of the intranet or other systems that are no longer available. invite an external consultant to create the security strategy. cross-site scripting. allocate budget based on best practices. Broken hyperlinks are a concern. B. International security standards C. Regulatory environment B. Answer: A Question 5: An organization without any formal information security program that has decided to implement information security best practices should FIRST: A. which of the following is the PRIMARY concern? A. broken authentication. Question 7: Which of the following is MOST important to understand when developing a meaningful information security strategy? A. C. The other choices are all elements that must be . Structured query language (SQL) injection. define high-level business security requirements. but less serious than plan accessibility. Tracking changes in personnel and plan assets Answer: A Explanation: If all of the plans exist only in electronic form. D. Versioning control as plans are modified C.TestKing Isaca CISM Exam Questions & Answers Question 4: An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. Ensuring accessibility should a disaster occur B. B. benchmark similar organizations.
. mandatory access controls. C. it is not cost efficient. there is a nominal additional cost. these resources may move away from the company and leave the team with a bigger resource gap. Information security steering group Answer: C Explanation: The board of directors and senior management are ultimately responsible for all that happens in the organization. role-based access controls. lattice-based access controls. Question 8: Of the following. Chief legal counsel (CLC) C. Outsource with a security services provider while retaining the control internally C. research and development (R&D). Provide cross training to minimize the existing resources gap Answer: C Explanation: While hiring an indirect resource that will not be part of headcount will help to add an extra resource. The others are not individually liable for failures of security in the organization. Answer: D Question 9: Which of the following is responsible for legal and regulatory liability? A. Question 11: . D. Chief security officer (CSO) B. discretionary access controls. Hire a contractor that would not be included in the permanent headcount B. It is also a strategic option since the staff may join the team as full members in the future (internal transfer). the BEST method for ensuring that temporary employees do not receive excessive access rights is: A. IT. B. thus. Development of staff is often a budget drain and. it usually costs more than a direct employee. Competent security staff can be recruited from other departments. Board and senior management D. By leveraging existing resources. but their importance is secondary and will vary depending on organizational goals.TestKing Isaca CISM Exam Questions & Answers considered. Establish a virtual security team from competent employees across the company D. Outsourcing may be a more expensive option and can add complexities to the service delivery.g.e. if not managed carefully. Question 10: What is the BEST way to alleviate security team understaffing while retaining the capability in-house? A. product development.
the system's sensitivity level should be set: A. Question 13: Which of the following would BEST protect an organization's confidential data stored on a laptop computer from unauthorized access? A. Strong authentication by password B. One rule may override another rule in the chain and create a loophole B. This is sometimes referred to as equal error rate (EER). the two values intersect and are equal. Performance degradation of the whole network C. the system is tuned to be more sensitive. to a higher false reject rate (FRR). In systems where the possibility of false rejects is a problem. B. Answer: A Explanation: Biometric access control systems are not infallible. This condition creates the crossover error rate. D. The firewall may not support the increasing number of rules due to limitations D. To do this. Question 14: The MOST complete business case for security solutions is one that: . which is a measure of the system accuracy. it may be desirable to minimize the number of false accepts-the number of unauthorized persons allowed access.TestKing Isaca CISM Exam Questions & Answers What is the GREATEST risk when there is an excessive number of firewall rules? A. The firewall may show abnormal behavior and may crash or automatically shut down Answer: A Question 12: When configuring a biometric access control system that protects a high-security data center. to a higher false acceptance rate (FAR). these values change inversely. When tuning the solution. exactly to the crossover error rate. At one point. which causes the false rejects-the number of authorized persons disallowed access-to increase. As the sensitivity of the biometric system is adjusted. Network-based data backup Answer: B Explanation: Encryption of the hard disks will prevent unauthorized access to the laptop even when the laptop is lost or stolen. Strong authentication by password can be bypassed by a determined hacker. to a lower crossover error rate. C. one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing access to an invalid user. Network-based data backups do not prevent access but rather recovery from data loss. In a very sensitive system. Encrypted hard drives C. it may be necessary to reduce sensitivity and thereby increase the number of false accepts. Multifactor authentication can be bypassed by removal of the hard drive and insertion into another laptop. Multifactor authentication procedures D.
includes appropriate justification. explains the current risk profile. a business case should address appropriate security solutions in line with the organizational strategy. identifies incidents and losses. Metrics reports are normally contained within the methodology of the risk assessment to give it credibility and provide an ongoing tool. Return on security investment cannot be determined until a plan is developed based on the BIA. details regulatory requirements. C. Security metrics reports B. B. The business impact analysis (BIA) covers continuity risks only. Business impact analysis (BIA) D. Return on security investment report Answer: B Explanation: Performing a risk assessment will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management. Which of the following should an information security manager use to BEST convey a sense of urgency to management? A. Related CISM Exams: Popular Certification Exams: E20-097 1z0-640 920-430 HP2-896 000-207 000-915 HP0-794 SSCP 650-177 TB0-106 HP0-M23 HP2-Z05 000-268 000-340 000-755 Hot Certifications: PCVE SCSSSE APS Project Management Professional Solutions Expert Popular Certification Providers: . Risk assessment reports C. Question 15: An internal audit has identified major weaknesses over IT processing. D. To address the needs of an organization. Answer: A Explanation: Management is primarily interested in security solutions that can address risks in the most cost-effective way.TestKing Isaca CISM Exam Questions & Answers A.
TestKing Isaca CISM Exam Questions & Answers Oracle Isaca ISC McData Cisco .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.