السؤال #1

Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

A. Business impact analysis (BIA)

B. Penetration testing

C. Audit and review

D. Threat analysis Real 118 Isaca CISM Exam

عرض الإجابة

اجابة صحيحة: D

السؤال #2

Senior management commitment and support for information security can BEST be enhanced through:

A. a formal security policy sponsored by the chief executive officer (CEO)

B. regular security awareness training for employees

C. periodic review of alignment with business management goals

D. senior management signoff on the information security strategy

عرض الإجابة

اجابة صحيحة: D

السؤال #3

Phishing is BEST mitigated by which of the following?

A. Security monitoring software

B. Encryption

C. Two-factor authentication

D. User awareness

عرض الإجابة

اجابة صحيحة: D

السؤال #4

Who would be in the BEST position to determine the recovery point objective (RPO) for business applications?

A. Business continuity coordinator B

C. Information security manager

D. Internal audit

عرض الإجابة

اجابة صحيحة: C

السؤال #5

The PRIMARY reason for initiating a policy exception process is when:

A. operations are too busy to comply

B. the risk is justified by the benefit

C. policy compliance would be difficult to enforce

D. users may initially be inconvenienced

عرض الإجابة

اجابة صحيحة: B

السؤال #6

Which of the following is the PRIMARY reason for implementing a risk management program?

A. Allows the organization to eliminate risk

B. Is a necessary part of management's due diligence

C. Satisfies audit and regulatory requirements

D. Assists in incrementing the return on investment (ROD

عرض الإجابة

اجابة صحيحة: C

السؤال #7

Attackers who exploit cross-site scripting vulnerabilities take advantage of: A. a lack of proper input validation controls.

B. weak authentication controls in the web application layer

C. flawed cryptographic secure sockets layer (SSL) implementations and short key lengths

D. implicit web application trust relationships

عرض الإجابة

اجابة صحيحة: C

السؤال #8

What is the MOST important factor in the successful implementation of an enterprise wide information security program?

A. Realistic budget estimates

B. Security awareness

C. Support of senior management D

عرض الإجابة

اجابة صحيحة: A

السؤال #9

An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:

A. bring all locations into conformity with the aggregate requirements of all governmental jurisdictions

B. establish baseline standards for all locations and add supplemental standards as required

C. bring all locations into conformity with a generally accepted set of industry best practices

D. establish a baseline standard incorporating those requirements that all jurisdictions have in common

عرض الإجابة

اجابة صحيحة: B

السؤال #10

What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

A. Risk assessment report

B. Technical evaluation report

C. Business case

D. Budgetary requirements

عرض الإجابة

اجابة صحيحة: B

السؤال #11

When a significant security breach occurs, what should be reported FIRST to senior management?

A. A summary of the security logs that illustrates the sequence of events B

C. An analysis of the impact of similar attacks at other organizations

D. A business case for implementing stronger logical access controls

عرض الإجابة

اجابة صحيحة: C

السؤال #12

Information security projects should be prioritized on the basis of:

A. time required for implementation

B. impact on the organization

C. total cost for implementation

D. mix of resources required

عرض الإجابة

اجابة صحيحة: C

السؤال #13

The MOST important reason for conducting periodic risk assessments is because:

A. risk assessments are not always precise

B. security risks are subject to frequent change

C. reviewers can optimize and reduce the cost of controls

عرض الإجابة

اجابة صحيحة: A

السؤال #14

What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?

A. Functional requirements are not adequately considered

B. User training programs may be inadequate

C. Budgets allocated to business units are not appropriate

D. Information security plans are not aligned with business requirements

عرض الإجابة

اجابة صحيحة: C

السؤال #15

Which of the following is MOST essential for a risk management program to be effective?

A. Flexible security budget

B. Sound risk baseline

C. New risks detection D

عرض الإجابة

اجابة صحيحة: A

السؤال #16

What does a network vulnerability assessment intend to identify?

A. 0-day vulnerabilities

B. Malicious software and spyware

C. Security design flaws D

عرض الإجابة

اجابة صحيحة: C

السؤال #17

After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?

A. Senior management

B. Business manager C

D. Information security officer (ISO)

عرض الإجابة

اجابة صحيحة: D

السؤال #18

Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

A. assessing the frequency of incidents

B. quantifying the cost of control failures

C. calculating return on investment (ROD projections

D. comparing spending against similar organizations

عرض الإجابة

اجابة صحيحة: D

السؤال #19

The BEST way to justify the implementation of a single sign-on (SSO) product is to use:

A. return on investment (ROD

B. a vulnerability assessment

C. annual loss expectancy (ALE)

D. a business case

عرض الإجابة

اجابة صحيحة: C

السؤال #20

A risk assessment should be conducted: Real 76 Isaca CISM Exam

A. once a year for each business process and subprocess

B. every three to six months for critical business processes

C. by external parties to maintain objectivity

D. annually or whenever there is a significant change

عرض الإجابة

اجابة صحيحة: D

السؤال #21

Information security governance is PRIMARILY driven by:

A. technology constraints

B. regulatory requirements

C. litigation potential

D. business strategy

عرض الإجابة

اجابة صحيحة: D

السؤال #22

While implementing information security governance an organization should FIRST:

A. adopt security standards

B. determine security baselines

C. define the security strategy

D. establish security policies

عرض الإجابة

اجابة صحيحة: D

السؤال #23

Real 9 Isaca CISM Exam Which of the following roles would represent a conflict of interest for an information security manager?

A. Evaluation of third parties requesting connectivity B

C. Final approval of information security policies

D. Monitoring adherence to physical security controls

عرض الإجابة

اجابة صحيحة: A

السؤال #24

Which of the following is the MOST important element of an information security strategy?

A. Defined objectives

B. Time frames for delivery Real 50 Isaca CISM Exam

C. Adoption of a control framework

D. Complete policies

عرض الإجابة

اجابة صحيحة: D

السؤال #25

The MOST useful way to describe the objectives in the information security strategy is through:

A. attributes and characteristics of the 'desired state

B. overall control objectives of the security program

C. mapping the IT systems to key business processes

D. calculation of annual loss expectations

عرض الإجابة

اجابة صحيحة: C

السؤال #26

The FIRST step to create an internal culture that focuses on information security is to:

A. implement stronger controls

B. conduct periodic awareness training

C. actively monitor operations

D. gain the endorsement of executive management

عرض الإجابة

اجابة صحيحة: A

السؤال #27

In implementing information security governance, the information security manager is PRIMARILY Real 44 Isaca CISM Exam responsible for:

A. developing the security strategy

B. reviewing the security strategy

C. communicating the security strategy

D. approving the security strategy

عرض الإجابة

اجابة صحيحة: C

السؤال #28

The PRIMARY reason for assigning classes of sensitivity and criticality to information resources is to provide a basis for:

A. determining the scope for inclusion in an information security program

B. defining the level of access controls

C. justifying costs for information resources

D. determining the overall budget of an information security program

عرض الإجابة

اجابة صحيحة: B

السؤال #29

The PRIMARY goal of a corporate risk management program is to ensure that an organization's:

A. IT assets in key business functions are protected

C. stated objectives are achievable

D. IT facilities and systems are always available

عرض الإجابة

اجابة صحيحة: B

السؤال #30

An organization has to comply with recently published industry regulatory requirements--compliance that potentially has high implementation costs. What should the information security manager do FIRST?

A. Implement a security committee

B. Perform a gap analysis

C. Implement compensating controls

عرض الإجابة

اجابة صحيحة: B

السؤال #31

Real 108 Isaca CISM Exam The criticality and sensitivity of information assets is determined on the basis of:

A. threat assessment

B. vulnerability assessment

C. resource dependency assessment

D. impact assessment

عرض الإجابة

اجابة صحيحة: C

السؤال #32

Which of the following is the MOST usable deliverable of an information security risk analysis?

A. Business impact analysis (BIA) report

B. List of action items to mitigate risk

C. Assignment of risks to process owners

D. Quantification of organizational risk Real 85 Isaca CISM Exam

عرض الإجابة

اجابة صحيحة: A

السؤال #33

Which of the following would be MOST effective in successfully implementing restrictive password policies? Real 28 Isaca CISM Exam

A. Regular password audits

B. Single sign-on system

C. Security awareness program

D. Penalties for noncompliance

عرض الإجابة

اجابة صحيحة: C

السؤال #34

During which phase of development is it MOST appropriate to begin assessing the risk of a new application system? A. Feasibility

B. Design

C. Development

D. Testing

عرض الإجابة

اجابة صحيحة: A

السؤال #35

The PRIMARY concern of an information security manager documenting a formal data retention policy would be:

A. generally accepted industry best practices

B. business requirements

C. legislative and regulatory requirements

D. storage availability

عرض الإجابة

اجابة صحيحة: B

السؤال #36

Which of the following is the BEST justification to convince management to invest in an information security program?

A. Cost reduction B

C. Protection of business assets

D. Increased business value Real 51 Isaca CISM Exam

عرض الإجابة

اجابة صحيحة: A

السؤال #37

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:

A. head of internal audit

B. chief operations officer (COO)

C. chief technology officer (CTO)

D. legal counsel

عرض الإجابة

اجابة صحيحة: B

السؤال #38

Who is ultimately responsible for the organization's information?

A. Data custodian

B. Chief information security officer (CISO)

C. Board of directors

D. Chief information officer (CIO)

عرض الإجابة

اجابة صحيحة: A

السؤال #39

When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

A. aligned with the IT strategic plan

C. three-to-five years for both hardware and software

D. aligned with the business strategy

عرض الإجابة

اجابة صحيحة: B

السؤال #40

In a business impact analysis, the value of an information system should be based on the overall cost:

A. of recovery

B. to recreate

C. if unavailable

D. of emergency operations

عرض الإجابة

اجابة صحيحة: B

السؤال #41

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies? Real 17 Isaca CISM Exam

A. Create separate policies to address each regulation

B. Develop policies that meet all mandated requirements

C. Incorporate policy statements provided by regulators

D. Develop a compliance risk assessment

عرض الإجابة

اجابة صحيحة: C

السؤال #42

To achieve effective strategic alignment of security initiatives, it is important that:

A. Steering committee leadership be selected by rotation

B. Inputs be obtained and consensus achieved between the major organizational units

D. Procedures and standards be approved by all departmental heads

عرض الإجابة

اجابة صحيحة: B

السؤال #43

Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?

A. Knowledge of information technology platforms, networks and development methodologies

B. Ability to understand and map organizational needs to security technologies

C. Knowledge of the regulatory environment and project management techniques

D. Ability to manage a diverse group of individuals and resources across an organization

عرض الإجابة

اجابة صحيحة: C

السؤال #44

The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by: A. periodically testing the incident response plans.

B. regularly testing the intrusion detection system (IDS)

C. establishing mandatory training of all personnel

D. periodically reviewing incident response procedures

عرض الإجابة

اجابة صحيحة: C

السؤال #45

An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:

A. conflicting security controls with organizational needs

B. strong protection of information resources

D. proving information security's protective abilities

عرض الإجابة

اجابة صحيحة: A

السؤال #46

Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?

A. Ensure that all IT risks are identified

B. Evaluate the impact of information security risks

C. Demonstrate that IT mitigating controls are in place

D. Suggest new IT controls to mitigate operational risk

عرض الإجابة

اجابة صحيحة: D

السؤال #47

Who should drive the risk analysis for an organization?

A. Senior management Real 40 Isaca CISM Exam

B. Security manager

C. Quality manager D

عرض الإجابة

اجابة صحيحة: C

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان