السؤال #1

The effectiveness of virus detection software is MOST dependent on which of the following?

A. Packet filtering

B. Intrusion detection

C. Software upgrades

D. D

عرض الإجابة

اجابة صحيحة: C

السؤال #2

A mission-critical system has been identified as having an administrative system account with attributes that prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful brute forcing of the account?

A. Prevent the system from being accessed remotely

B. Create a strong random password

C. Ask for a vendor patch

D. Track usage of the account by audit trails

عرض الإجابة

اجابة صحيحة: D

السؤال #3

Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:

A. map the major threats to business objectives

B. review available sources of risk information

C. identify the value of the critical assets

D. determine the financial impact if threats materialize

عرض الإجابة

اجابة صحيحة: A

السؤال #4

Which of the following steps should be performed FIRST in the risk assessment process?

A. Staff interviews B

C. Asset identification and valuation

D. Determination of the likelihood of identified risks

عرض الإجابة

اجابة صحيحة: D

السؤال #5

Which of the following is responsible for legal and regulatory liability?

A. Chief security officer (CSO)

B. Chief legal counsel (CLC)

C. Board and senior management

D. Information security steering group

عرض الإجابة

اجابة صحيحة: C

السؤال #6

Which of the following attacks is BEST mitigated by utilizing strong passwords?

A. Man-in-the-middle attack Real 94 Isaca CISM Exam

B. Brute force attack

C. Remote buffer overflow

D. Root kit

عرض الإجابة

اجابة صحيحة: B

السؤال #7

An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

A. perform a comprehensive assessment of the organization's exposure to the hacker's techniques

B. initiate awareness training to counter social engineering

C. immediately advise senior management of the elevated risk

D. increase monitoring activities to provide early detection of intrusion

عرض الإجابة

اجابة صحيحة: C

السؤال #8

What is the BEST defense against a Structured Query Language (SQL) injection attack?

A. Regularly updated signature files

B. A properly configured firewall

C. An intrusion detection system

D. Strict controls on input fields

عرض الإجابة

اجابة صحيحة: B

السؤال #9

Which of the following would BEST address the risk of data leakage?

A. File backup procedures

B. Database integrity checks

C. Acceptable use policies

D. Incident response procedures

عرض الإجابة

اجابة صحيحة: A

السؤال #10

A successful risk management program should lead to:

A. optimization of risk reduction efforts against cost

B. containment of losses to an annual budgeted amount

C. identification and removal of all man-made threats

D. elimination or transference of all organizational risks

عرض الإجابة

اجابة صحيحة: A

السؤال #11

Effective IT governance is BEST ensured by:

A. utilizing a bottom-up approach

B. management by the IT department

C. referring the matter to the organization's legal department

D. utilizing a top-down approach

عرض الإجابة

اجابة صحيحة: D

السؤال #12

Which of the following is the BEST justification to convince management to invest in an information security program?

A. Cost reduction

B. Compliance with company policies

C. Protection of business assets

D. Increased business value Real 51 Isaca CISM Exam

عرض الإجابة

اجابة صحيحة: D

السؤال #13

The purpose of a corrective control is to:

A. reduce adverse events

B. indicate compromise

C. mitigate impact

D. ensure compliance

عرض الإجابة

اجابة صحيحة: A

السؤال #14

An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?

A. Rewrite the application to conform to the upgraded operating system

B. Compensate for not installing the patch with mitigating controls

C. Alter the patch to allow the application to run in a privileged state

D. Run the application on a test platform; tune production to allow patch and application

عرض الإجابة

اجابة صحيحة: A

السؤال #15

Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?

A. Screened subnets

B. Information classification policies and procedures

C. Role-based access controls

D. Intrusion detection system (IDS)

عرض الإجابة

اجابة صحيحة: B

السؤال #16

In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:

A. prepare a security budget

B. conduct a risk assessment

C. develop an information security policy

D. obtain benchmarking information

عرض الإجابة

اجابة صحيحة: B

السؤال #17

Real 125 Isaca CISM Exam When implementing security controls, an information security manager must PRIMARILY focus on:

A. minimizing operational impacts

B. eliminating all vulnerabilities

C. usage by similar organizations

D. certification from a third party

عرض الإجابة

اجابة صحيحة: C

السؤال #18

When a significant security breach occurs, what should be reported FIRST to senior management? A. A summary of the security logs that illustrates the sequence of events

B. An explanation of the incident and corrective action taken

C. An analysis of the impact of similar attacks at other organizations

D. A business case for implementing stronger logical access controls

عرض الإجابة

اجابة صحيحة: D

السؤال #19

Which of the following devices should be placed within a demilitarized zone (DMZ )?

A. Network switch

B. Web server

C. Database server

D. File/print server

عرض الإجابة

اجابة صحيحة: C

السؤال #20

Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:

A. corporate internal auditor

B. System developers/analysts

C. key business process owners

D. corporate legal counsel

عرض الإجابة

اجابة صحيحة: D

السؤال #21

An information security program should be sponsored by:

A. infrastructure management

B. the corporate audit department

C. key business process owners

D. information security management

عرض الإجابة

اجابة صحيحة: A

السؤال #22

Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?

A. Historical cost of the asset

B. Acceptable level of potential business impacts

C. Cost versus benefit of additional mitigating controls

D. Annualized loss expectancy (ALE)

عرض الإجابة

اجابة صحيحة: B

السؤال #23

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

A. Strategic business plan

B. Upcoming financial results

C. Customer personal information

D. Previous financial results

عرض الإجابة

اجابة صحيحة: B

السؤال #24

Which of the following authentication methods prevents authentication replay?

A. Password hash implementation

B. Challenge/response mechanism

C. Wired Equivalent Privacy (WEP) encryption usage

D. HTTP Basic Authentication

عرض الإجابة

اجابة صحيحة: A

السؤال #25

Which of the following is MOST essential for a risk management program to be effective?

A. Flexible security budget

B. Sound risk baseline C

D. Accurate risk reporting

عرض الإجابة

اجابة صحيحة: C

السؤال #26

Which of the following will BEST protect an organization from internal security attacks? Real 70 Isaca CISM Exam

A. Static IP addressing

B. Internal address translation

C. Prospective employee background checks

D. Employee awareness certification program

عرض الإجابة

اجابة صحيحة: C

السؤال #27

A border router should be placed on which of the following?

A. Web server

B. IDS server

C. Screened subnet

D. Domain boundary

عرض الإجابة

اجابة صحيحة: A

السؤال #28

Who can BEST advocate the development of and ensure the success of an information security program? Real 130 Isaca CISM Exam

A. Internal auditor

B. Chief operating officer (COO)

C. Steering committee

D. IT management

عرض الإجابة

اجابة صحيحة: C

السؤال #29

A risk management approach to information protection is: Real 123 Isaca CISM Exam

A. managing risks to an acceptable level, commensurate with goals and objectives

B. accepting the security posture provided by commercial security products

C. implementing a training program to educate individuals on information protection and risks

D. managing risk tools to ensure that they assess all information protection vulnerabilities

عرض الإجابة

اجابة صحيحة: C

السؤال #30

An outcome of effective security governance is: Real 39 Isaca CISM Exam

A. business dependency assessment B

C. risk assessment

D. planning

عرض الإجابة

اجابة صحيحة: B

السؤال #31

When developing an information security program, what is the MOST useful source of information for determining available resources?

A. Proficiency test

B. Job descriptions Real 47 Isaca CISM Exam

C. Organization chart

D. Skills inventory

عرض الإجابة

اجابة صحيحة: D

السؤال #32

After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?

A. Senior management B

C. IT audit manager

D. Information security officer (ISO)

عرض الإجابة

اجابة صحيحة: B

السؤال #33

When performing a risk assessment, the MOST important consideration is that:

A. management supports risk mitigation efforts

B. annual loss expectations (ALEs) have been calculated for critical assets

C. assets have been identified and appropriately valued

D. attack motives, means and opportunities be understood

عرض الإجابة

اجابة صحيحة: B

السؤال #34

To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business Real 124 Isaca CISM Exam continuity planning?

A. Conducting a qualitative and quantitative risk analysis

B. Assigning value to the assets

C. Weighing the cost of implementing the plan vs

D. Conducting a business impact analysis (BIA)

عرض الإجابة

اجابة صحيحة: A

السؤال #35

The BEST strategy for risk management is to:

A. achieve a balance between risk and organizational goals

B. reduce risk to an acceptable level

C. ensure that policy development properly considers organizational risks

D. ensure that all unmitigated risks are accepted by management

عرض الإجابة

اجابة صحيحة: C

السؤال #36

Real 87 Isaca CISM Exam In assessing risk, it is MOST essential to: A. provide equal coverage for all asset types.

B. use benchmarking data from similar organizations

C. consider both monetary value and likelihood of loss

D. focus primarily on threats and recent business losses

عرض الإجابة

اجابة صحيحة: C

السؤال #37

Which of the following is MOST important to the success of an information security program? A. Security' awareness training

B. Achievable goals and objectives

C. Senior management sponsorship

D. Adequate start-up budget and staffing

عرض الإجابة

اجابة صحيحة: A

السؤال #38

From an information security perspective, information that no longer supports the main purpose of the business should be:

A. analyzed under the retention policy

B. protected under the information classification policy

D. protected under the business impact analysis (BIA)

عرض الإجابة

اجابة صحيحة: A

السؤال #39

Which of the following is MOST effective in preventing security weaknesses in operating systems?

A. Patch management

B. Change management

C. Security baselines

D. Configuration management Real 137 Isaca CISM Exam

عرض الإجابة

اجابة صحيحة: C

السؤال #40

Which of the following is the BEST method to provide a new user with their initial password for e- mail system access? Real 143 Isaca CISM Exam

A. Interoffice a system-generated complex password with 30 days expiration

B. Give a dummy password over the telephone set for immediate expiration

C. Require no password but force the user to set their own in 10 days

D. Set initial password equal to the user ID with expiration in 30 days

عرض الإجابة

اجابة صحيحة: D

السؤال #41

Who can BEST approve plans to implement an information security governance framework?

A. Internal auditor

B. Information security management

C. Steering committee D

عرض الإجابة

اجابة صحيحة: B

السؤال #42

Which of the following tools is MOST appropriate for determining how long a security project will take to implement?

A. Gantt chart

B. Waterfall chart

C. Critical path D

عرض الإجابة

اجابة صحيحة: C

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان