
Brilliant CISM Exam Dumps Get CISM Dumps PDF
CISM Dumps PDF - CISM Real Exam Questions Answers
The CISM exam cannot be taken by every IT professional because a potential candidate should have at least five years of experience in information security and three years of experience in at least three or more of the following sectors:
- Information security governance.
- Information security governance;
- Information security program development and management;
- Information security incident management;
Furthermore, the experience mentioned above should be gained not less than ten years before applying for the exam or within five years after passing it.
NEW QUESTION 670
An information security team has identified traffic from a device to a known malicious IP Which of the following should be the team's FIRST course of action to address this issue?
- A. Turn off the device
- B. Run anti-malware software on the device
- C. Disconnect the device from the network.
- D. Re-image the device
Answer: C
NEW QUESTION 671
The MOST important reason for conducting periodic risk assessments is because:
- A. it demonstrates to senior management that the security function can add value.
- B. security risks are subject to frequent change.
- C. risk assessments are not always precise.
- D. reviewers can optimize and reduce the cost of controls.
Answer: B
Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
Risks are constantly changing. A previously conducted risk assessment may not include measured risks that have been introduced since the last assessment. Although an assessment can never be perfect and invariably contains some errors, this is not the most important reason for periodic reassessment. The fact that controls can be made more efficient to reduce costs is not sufficient. Finally, risk assessments should not be performed merely to justify the existence of the security function.
NEW QUESTION 672
To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
- A. have the most experienced personnel participate in recovery tests.
- B. periodically rotate recovery-test participants.
- C. include end-user personnel in each recovery test.
- D. assign personnel-specific duties in the recovery plan.
Answer: B
NEW QUESTION 673
Which of the following is MOST important for an information security manager to ensure is included in a business case for a new security system?
- A. Risk reduction associated with the system
- B. Audit-logging capabilities
- C. Benchmarking results
- D. Effectiveness of controls
Answer: A
NEW QUESTION 674
When developing an incident response plan, which of the following is the MOST effective way to ensure incidents common to the organization are handled properly?
- A. Conducting awareness training
- B. Creating and distributing a personnel call tree
- C. Adopting industry standard response procedures
- D. Rehearsing response scenarios
Answer: C
Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
NEW QUESTION 675
An information security manager determines the organization's critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:
- A. survey peer organizations to see how they have addressed the issue.
- B. re-assess the firewall configuration.
- C. advise management of risk and remediation cost.
- D. analyze the probability of compromise.
Answer: D
NEW QUESTION 676
When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:
- A. access control matrix.
- B. authentication mechanism.
- C. data repository.
- D. encryption strength.
Answer: A
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
The access control matrix is the best indicator of the level of compliance with the service level agreement (SLA) data confidentiality clauses. Encryption strength, authentication mechanism and data repository might be defined in the SLA but are not confidentiality compliance indicators.
NEW QUESTION 677
An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:
- A. update information security policies,
- B. prepare for criminal prosecution.
- C. document lessons learned.
- D. evaluate the impact.
Answer: C
NEW QUESTION 678
Which of the following situations would be the MOST concern to a security manager?
- A. Audit logs are not enabled on a production server
- B. A Trojan was found to be installed on a system administrator's laptop
- C. The logon ID for a terminated systems analyst still exists on the system
- D. The help desk has received numerous results of users receiving phishing e-mails
Answer: B
Explanation:
Explanation/Reference:
Explanation:
The discovery of a Trojan installed on a system's administrator's laptop is highly significant since this may mean that privileged user accounts and passwords may have been compromised. The other choices, although important, do not pose as immediate or as critical a threat.
NEW QUESTION 679
During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?
- A. Feasibility
- B. Testing
- C. Design
- D. Development
Answer: A
Explanation:
Explanation
Risk should be addressed as early in the development of a new application system as possible. In some cases, identified risks could be mitigated through design changes. If needed changes are not identified until design has already commenced, such changes become more expensive. For this reason, beginning risk assessment during the design, development or testing phases is not the best solution.
NEW QUESTION 680
Which of the following is the FIRST task when determining an organization's information security profile?
- A. Establish security standards.
- B. List administrative privileges.
- C. Complete a threat assessment
- D. Build an asset inventory.
Answer: D
NEW QUESTION 681
Which of the following is the MOST effective method of determining security priorities?
- A. Gap analysis
- B. Vulnerability assessment
- C. Impact analysis
- D. Threat assessment
Answer: C
NEW QUESTION 682
Previously accepted risk should be:
- A. accepted permanently since management has already spent resources (time and labor) to conclude that the risk level is acceptable.
- B. removed from the risk log once it is accepted.
- C. avoided next time since risk avoidance provides the best protection to the company.
- D. re-assessed periodically since the risk can be escalated to an unacceptable level due to revised conditions.
Answer: D
Explanation:
Acceptance of risk should be regularly reviewed to ensure that the rationale for the initial risk acceptance is still valid within the current business context. The rationale for initial risk acceptance may no longer be valid due to change(s) and. hence, risk cannot be accepted permanently. Risk is an inherent part of business and it is impractical and costly to eliminate all risk. Even risks that have been accepted should be monitored for changing conditions that could alter the original decision.
NEW QUESTION 683
Which of the following is the BEST course of action for the information security manager when residual risk is above the acceptable level of risk?
- A. Perform a cost-benefit analysis
- B. Recommend additional controls
- C. Defer to business management
- D. Carry out a risk assessment
Answer: B
Explanation:
Section: INFORMATION RISK MANAGEMENT
NEW QUESTION 684
Several identified risks have been mitigated to an acceptable level with appropriate controls Which of the following activities would BEST help to maintain acceptable risk levels?
- A. Periodic cost-benefit analyses of the implemented controls
- B. Frequent assessments of risks action plans
- C. Periodic reviews of changes to the environment
- D. Frequent assessments of inherent risks
Answer: C
NEW QUESTION 685
Which of the following would be the BEST way for a company to reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?
- A. Require employees to install a reputable mobile anti-virus solution on their personal devices.
- B. Require employees to undergo training before permitting access to the corporate email service.
- C. Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.
- D. Use a mobile device management (MDM) solution to isolate the local corporate email storage.
Answer: D
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
NEW QUESTION 686
What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?
- A. Determine information types.
- B. Obtain information on departmental goals.
- C. Classify information assets.
- D. Identify data and system ownership.
Answer: B
NEW QUESTION 687
Logging is an example of which type of defense against systems compromise?
- A. Reaction
- B. Detection
- C. Recovery
- D. Containment
Answer: B
Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion.
Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.
NEW QUESTION 688
What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?
- A. Determine information types
- B. Identify data and system ownership
- C. Obtain information on departmental goals
- D. Classify information assets
Answer: C
Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
NEW QUESTION 689
......
ISACA Certified Information Security Manager CISM Exam
ISACA Certified Information Security Manager CISM Exam is related to Certified Information Security Manager CISM certification. This CISM Exam validates the ability to maintain and establish an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. Candidate must have the ability to manage information risk appropriately and program resources are managed responsibly. It also deals with the ability to ensure that organizational goals and objectives are supported by the information security program communicate managements directives and guide the development of standards, procedures, and guidelines and develop business cases to support investments in information security. Security Managers Industry Leaders and Industry Practitioners usually hold or pursue this certification and you can expect the same job roles after completion of this certification.
Besides that, this section will test your skills in the following:
- To ensure whether the information security program adds value and protects the business, one should know how to align the information security program with the operational objectives of other functions of the business;
- To evaluate the effectiveness and efficiency of information security management, one should know how to monitor and analyze program management and operational metrics;
- Maintaining and establishing the information security program in line with the information security strategy;
- Establishing a program for information security awareness and training for the effectiveness of security statistics.
Valid CISM Test Answers & ISACA CISM Exam PDF: https://www.vceengine.com/CISM-vce-test-engine.html
Realistic CISM Exam Dumps with Accurate & Updated Questions: https://drive.google.com/open?id=11bi6LoBMc8D-eYYCjntevyoLg9LkqiFO
