Dumpsfree: Dumpsfree Provide High-Quality Dumps Vce & Dumps Demo

DumpsFree
http://www.dumpsfree.com
DumpsFree provide high-quality Dumps VCE & dumps demo free download
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!
Exam : CISM
Title : Certified Information Security

Manager
Vendor : ISACA
Version : DEMO
Get Latest & Valid CISM Exam's Question and Answers1from Dumpsfree.com. 1
http://www.dumpsfree.com/cism-valid-exam.html
NO.1 Which of the following is the MOST effective way of ensuring that business units comply with
an information security governance framework?
A. Performing security assessments and gap analyses
B. Integrating security requirements with processes
C. Conducting information security awareness training
D. Conducting a business impact analysis (BIA)
Answer: C
NO.2 A financial institution's privacy department has requested the implementation of multi-factor
authentication to comply with regulations for providing services over the Internet. Which of the
following authentication schemes would BEST meet this compliance requirement?
A. Passphrase and token key
B. Four-digit PIN and secret question
C. Thumbprint and facial recognition
D. Username and password
Answer: A
NO.3 Which of the following provides the MOST comprehensive understanding of an organization's
information security posture?
A. External audit findings
B. Results of vulnerability assessments
C. The organization's security incident trends
D. Risk management metrics
Answer: C
NO.4 Following a recent acquisition, an information security manager has been requested to address
the outstanding risk reported early in the acquisition process. Which of the following is the manager s
BEST course of action?
A. Re-assess the outstanding risk of the acquired company.
B. Add the outstanding risk to the acquiring organization's risk registry
C. Perform a vulnerability assessment of the acquired company s infrastructure.
D. Re-evaluate the risk treatment plan for the outstanding risk.
Answer: A
NO.5 Which of the following is MOST helpful when justifying the funding required for a
compensating control?
A. Threat assessment
B. Business case
C. Risk analysis
D. Business impact analysis (B1A)
Answer: B
NO.6 The PRIMARY objective of periodically testing an incident response plan should be to:
A. harden the technical infrastructure.

B. improve internal processes and procedures,
C. highlight the importance of incident response and recovery.
D. improve employee awareness of the incident response process,
Answer: B
NO.7 Which of the following will identify a deviation in the information security management
process from generally accepted standards of good practices?
A. impact analysis (BIA)
B. Gap analysis
C. Risk assessment
D. Business
E. Penetration resting
Answer: B
NO.8 Which of the following is the GREATEST benefit of a centralized approach to coordinating
information security?
A. Reduction in the number of policies
B. Optimal use of security resources
C. Integration with business functions
D. Business user buy-in
Answer: B
NO.9 When aligning an organization's information security program with other risk and control
activities, it is MOST important to:
A. ensure adequate financial resources are available,.
B. integrate security within the system development life cycle.
C. develop an information security governance framework.
D. have information security management report to the chief risk officer.
Answer: C
NO.10 Which of the following is MOST critical for the successful implementation of an information
security strategy?
A. Established information security policies
B. Ongoing commitment from senior management
C. Sizeable funding for the information security program
D. Compliance with regulations
Answer: B
NO.11 Which of the following would be the BEST way for a company 10 reduce the risk of data loss
resulting from employee-owned devices accessing the corporate email system?
A. Require employees to undergo training before permitting access to the corporate email service
B. Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.
C. Use a mobile device management solution to isolate the local corporate email storage.
D. Require employees to install a reputable mobile anti-virus solution on their personal devices.
Answer: C
NO.12 A recent audit has identified that security controls required by the organization's policies
have not been implemented for a particular application. What should the information security
manager do NEXT to address this issue?
A. Deny access to the application until the issue is resolved.
B. Discuss the issue with data owners to determine the reason for the exception.
C. Report the issue to senior management and request funding to fix the issue
D. Discuss the issue with data custodians to determine the reason for the exception.
Answer: B
NO.13 Which of the following is MOST helpful in integrating information security governance with
corporate governance?
A. Including information security processes within operational and management processes
B. Assigning the implementation of information security governance to the steering committee
C. Aligning the information security governance to a globally accepted framework
D. Providing independent reports of information security efficiency and effectiveness to the board
Answer: A
NO.14 Establishing which of the following is the BEST way of ensuring that the emergence of new
risk is promptly identified?
A. Change control procedures
B. Regular risk repotting
C. Incident monitoring activities
D. Risk monitoring processes
Answer: D
NO.15 When preparing a business case for the implementation of a security information and event
management (SIEM) system, which of the following should be a PRIMARY driver in the feasibility
study?
A. Cost-benefit analysis
B. Industry benchmarks
C. Cost of software
D. Implementation timeframe
Answer: A
NO.16 An organization s HR department would like to outsource its employee management system
to a cloud-hosted solution due to features and cost savings offered. Management has identified this
solution as a business need and wants to move forward. What should be the PRIMARY role of
information security in this effort?
A. Ensure a security audit is performed of the service provider.
B. Explain security issues associated with the solution to management.

C. Ensure the service provider has the appropriate certifications.
D. Determine how to securely implement the solution.
Answer: B
NO.17 A third-party service provider has proposed a data loss prevention (DLP) solution. Which of
the following MUST be in place for this solution to be relevant to the organization?
A. A data classification schema
B. Senior management support
C. An adequate data testing environment
D. A business case
Answer: D
NO.18 Which of the following BEST contributes to the successful management of security incidents?
A. Established policies
B. Current technologies
C. Established procedures
D. Tested controls
Answer: C
NO.19 An organization will be outsourcing mission-critical processes. Which of the following is MOST
important to verify before signing the service level agreement (SLA)?
A. The provider is widely known within the organization's industry.
B. The provider has been audited by a recognized audit firm.
C. The providers technical staff are evaluated annually.
D. The provider has implemented the latest technologies.
Answer: B
NO.20 Which of the following would be an information security manager's BEST course of action
upon learning a third-party cloud provider is not meeting information security with regard to data
encryption?
A. Discontinue engagement with the cloud provider.
B. Report the risk to relevant stakeholders.
C. Provide a date of remediation to the cloud provider.
D. Recommend compensating controls to mitigate the risk.
Answer: B
NO.21 Which of the following is an information security manager's BEST course of action to address
a significant materialized risk that was not prevented by organizational controls?
A. Update the risk register.
B. Update the business impact analysis (BIA)
C. Perform root cause analysis.
D. Invoke the incident response plan.
Answer: D
NO.22 Which of the following measures BEST indicates an improvement in the information security
program to stakeholders?
A. A decrease in click rates during phishing simulations
B. A reduction in reported viruses
C. A downward trend in reported security incidents
D. An increase in awareness training quiz pass rates
Answer: A
NO.23 Within a security governance framework, which of the following is the MOST important
characteristic of the information security committee? The committee:
A. includes a mix of members from all levels of management.
B. has a clearly defined charier and meeting protocols.
C. has established relationships with external professionals.
D. conducts frequent reviews of the security policy.
Answer: A
NO.24 Which of the following BEST indicates senior management support for an information
security program?
A. Risk assessments are conducted frequently by the information security team.
B. The information security manager meets regularly with the lines of business.
C. Detailed information security policies are established and regularly reviewed.
D. Key performance indicators (KPIs) are defined for the information security program.
Answer: C
NO.25 Which of the following is a MAIN security challenge when conducting a post-incident review
related to bring your own device (BYOD) in a mature, diverse organization?
A. Ability to obtain possession of devices
B. Ability to access devices remotely
C. Diversity of operating systems
D. Lack of mobile forensics expertise
Answer: A
NO.26 Which of the following is the BEST way to prevent employees from making unauthorized
comments to the media about security incidents in progress?
A. Establish standard media responses for employees to control the message
B. Include communication policies In regular information security training
C. Communicate potential disciplinary actions for noncompliance.
D. training Implement controls to prevent discussion with media during an Incident.
Answer: B
NO.27 An online payment provider's computer security incident response team has confirmed that a
customer credit card database was breached. Which of the following would be MOST important to
include in a report to senior management?
A. A summary of the security togs illustrating the sequence of events
B. A business case for implementing stronger logical access controls
C. An explanation of the potential business impact
D. An analysis of similar attacks and recommended remediation
Answer: C
NO.28 Which of the following provides the BEST indication that the information security program is
in alignment with enterprise requirements?
A. An IT governance committee is m place.
B. The security strategy is benchmarked with similar organizations
C. The information security manager reports to the chief executive officer.
D. Security strategy objectives are defined in business terms.
Answer: D
NO.29 To integrate security into system development life cycle (SDLC) processes, an organization
MUST ensure that security:
A. performance metrics have been met
B. is a prerequisite for completion of major phases.
C. is represented on the configuration control board.
D. roles and responsibilities have been defined.
Answer: B
NO.30 When preventative controls to appropriately mitigate risk are not feasible, which of the
following is the MOST important action for the information security manager to perform?
A. Manage the impact.
B. Evaluate potential threats.
C. Assess vulnerabilities.
D. Identify unacceptable risk levels.
Answer: A

Dumpsfree: Dumpsfree Provide High-Quality Dumps Vce & Dumps Demo

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Dumpsfree: Dumpsfree Provide High-Quality Dumps Vce & Dumps Demo

Uploaded by

Copyright:

Available Formats

DumpsFree

Title : Certified Information Security

A. harden the technical infrastructure.

B. Explain security issues associated with the solution to management.

You might also like