السؤال #1

An information security manager must understand the relationship between information security and business operations in order to:

A. support organizational objectives

B. determine likely areas of noncompliance

C. assess the possible impacts of compromise

D. understand the threats to the business

عرض الإجابة

اجابة صحيحة: D

السؤال #2

The MOST basic requirement for an information security governance program is to:

A. be aligned with the corporate business strategy

B. be based on a sound risk management approach

C. provide adequate regulatory compliance

D. provide best practices for security- initiatives

عرض الإجابة

اجابة صحيحة: B

السؤال #3

Which of the following is the MOST effective type of access control?

A. Centralized

B. Role-based

C. Decentralized

D. Discretionary

عرض الإجابة

اجابة صحيحة: C

السؤال #4

A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BES T approach of the information security manager?

A. Acceptance of the business manager's decision on the risk to the corporation

B. Acceptance of the information security manager's decision on the risk to the corporation

C. Review of the assessment with executive management for final input

D. A new risk assessment and BIA are needed to resolve the disagreement

عرض الإجابة

اجابة صحيحة: A

السؤال #5

When an organization is implementing an information security governance program, its board of directors should be responsible for: A. drafting information security policies.

B. reviewing training and awareness programs

C. setting the strategic direction of the program

D. auditing for compliance

عرض الإجابة

اجابة صحيحة: D

السؤال #6

Identification and prioritization of business risk enables project managers to:

A. establish implementation milestones

B. reduce the overall amount of slack time

C. address areas with most significance

D. accelerate completion of critical paths

عرض الإجابة

اجابة صحيحة: B

السؤال #7

Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?

A. Periodic focus group meetings

B. Periodic compliance reviews

C. Computer-based certification training (CBT)

D. Employee's signed acknowledgement

عرض الإجابة

اجابة صحيحة: B

السؤال #8

When contracting with an outsourcer to provide security administration, the MOST important Real 135 Isaca CISM Exam contractual element is the:

A. right-to-terminate clause

B. limitations of liability

C. service level agreement (SLA)

D. financial penalties clause

عرض الإجابة

اجابة صحيحة: C

السؤال #9

Information security should be:

A. focused on eliminating all risks

B. a balance between technical and business requirements

C. driven by regulatory requirements

D. defined by the board of directors

عرض الإجابة

اجابة صحيحة: D

السؤال #10

Information security policy enforcement is the responsibility of the:

A. security steering committee

B. chief information officer (CIO)

C. chief information security officer (CISO)

D. chief compliance officer (CCO)

عرض الإجابة

اجابة صحيحة: C

السؤال #11

Which of the following should be included in an annual information security budget that is submitted for management approval?

A. A cost-benefit analysis of budgeted resources

B. All of the resources that are recommended by the business

C. Total cost of ownership (TC'O)

D. Baseline comparisons

عرض الإجابة

اجابة صحيحة: B

السؤال #12

Which of the following is the MOST appropriate use of gap analysis?

A. Evaluating a business impact analysis (BIA)

B. Developing a balanced business scorecard

C. Demonstrating the relationship between controls

D. Measuring current state vs

عرض الإجابة

اجابة صحيحة: C

السؤال #13

Which of the following is the MOST important to keep in mind when assessing the value of information?

A. The potential financial loss

B. The cost of recreating the information

C. The cost of insurance coverage

D. Regulatory requirement

عرض الإجابة

اجابة صحيحة: A

السؤال #14

Which of the following is the BEST metric for evaluating the effectiveness of security awareness twining? The number of:

A. password resets

B. reported incidents

C. incidents resolved

D. access rule violations

عرض الإجابة

اجابة صحيحة: A

السؤال #15

Previously accepted risk should be:

A. re-assessed periodically since the risk can be escalated to an unacceptable level due to revised conditions

B. accepted permanently since management has already spent resources (time and labor) to conclude that the risk level is acceptable

C. avoided next time since risk avoidance provides the best protection to the company

D. removed from the risk log once it is accepted

عرض الإجابة

اجابة صحيحة: D

السؤال #16

The BEST reason for an organization to have two discrete firewalls connected directly to the Internet and to the same DMZ would be to:

A. provide in-depth defense

B. separate test and production

C. permit traffic load balancing

D. prevent a denial-of-service attack

عرض الإجابة

اجابة صحيحة: C

السؤال #17

A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?

A. Examples of genuine incidents at similar organizations

B. Statement of generally accepted best practices

C. Associating realistic threats to corporate objectives

D. Analysis of current technological exposures

عرض الإجابة

اجابة صحيحة: C

السؤال #18

Which of the following steps should be performed FIRST in the risk assessment process?

A. Staff interviews

B. Threat identification C

D. Determination of the likelihood of identified risks

عرض الإجابة

اجابة صحيحة: A

السؤال #19

Which of the following is the MOST important information to include in a strategic plan for information security?

A. Information security staffing requirements

B. Current state and desired future state

C. IT capital investment requirements

D. information security mission statement

عرض الإجابة

اجابة صحيحة: D

السؤال #20

Because of its importance to the business, an organization wants to quickly implement a technical solution which deviates from the company's policies. An information security manager should:

A. conduct a risk assessment and allow or disallow based on the outcome

B. recommend a risk assessment and implementation only if the residual risks are accepted

C. recommend against implementation because it violates the company's policies

D. recommend revision of current policy

عرض الإجابة

اجابة صحيحة: B

السؤال #21

A risk management program should reduce risk to:

A. zero

B. an acceptable level

C. an acceptable percent of revenue

D. an acceptable probability of occurrence

عرض الإجابة

اجابة صحيحة: D

السؤال #22

Obtaining senior management support for establishing a warm site can BEST be accomplished by:

A. establishing a periodic risk assessment

B. promoting regulatory requirements

C. developing a business case

D. developing effective metrics

عرض الإجابة

اجابة صحيحة: A

السؤال #23

Real 87 Isaca CISM Exam In assessing risk, it is MOST essential to:

A. provide equal coverage for all asset types

C. consider both monetary value and likelihood of loss

D. focus primarily on threats and recent business losses

عرض الإجابة

اجابة صحيحة: D

السؤال #24

Which of the following risks would BEST be assessed using quantitative risk assessment techniques? Real 84 Isaca CISM Exam

A. Customer data stolen

B. An electrical power outage

C. A web site defaced by hackers

D. Loss of the software development team

عرض الإجابة

اجابة صحيحة: B

السؤال #25

An outcome of effective security governance is: Real 39 Isaca CISM Exam

A. business dependency assessment

B. strategic alignment

C. risk assessment

D. planning

عرض الإجابة

اجابة صحيحة: B

السؤال #26

Who in an organization has the responsibility for classifying information?

A. Data custodian B

C. Information security officer

D. Data owner

عرض الإجابة

اجابة صحيحة: D

السؤال #27

A successful information security management program should use which of the following to determine the amount of resources devoted to mitigating exposures?

A. Risk analysis results

B. Audit report findings

C. Penetration test results D

عرض الإجابة

اجابة صحيحة: A

السؤال #28

Effective IT governance is BEST ensured by:

A. utilizing a bottom-up approach

B. management by the IT department

D. utilizing a top-down approach

عرض الإجابة

اجابة صحيحة: A

السؤال #29

An organization is already certified to an international security standard. Which mechanism would BEST help to further align the organization with other data security regulatory requirements as per new business needs? A. Key performance indicators (KPIs)

B. Business impact analysis (BIA)

C. Gap analysis

D. Technical vulnerability assessment

عرض الإجابة

اجابة صحيحة: C

السؤال #30

Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?

A. Include security responsibilities in the job description B

C. Train the system administrator on penetration testing and vulnerability assessment

D. Train the system administrator on risk assessment

عرض الإجابة

اجابة صحيحة: D

السؤال #31

Who can BEST approve plans to implement an information security governance framework?

A. Internal auditor

B. Information security management

C. Steering committee

D. Infrastructure management

عرض الإجابة

اجابة صحيحة: A

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان