Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CISM Exam Dumps - Certified Information Security Manager

Searching for workable clues to ace the Isaca CISM Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISM PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 241

An organization requires that business-critical applications be recovered within 30 minutes in the event of a disaster. Which of the following metrics should be in the business continuity plan (BCP) to manage this requirement?

A.

Maximum tolerable downtime (MTD)

B.

Service level agreement (SLA)

C.

Recovery point objective (RPO)

D.

Recovery time objective (RTO)

Full Access
Question # 242

A technical vulnerability assessment on a personnel information management server should be performed when:

A.

the data owner leaves the organization unexpectedly.

B.

changes are made to the system configuration.

C.

the number of unauthorized access attempts increases.

D.

an unexpected server outage has occurred.

Full Access
Question # 243

Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?

A.

Network with peers in the industry to share information.

B.

Browse the Internet to team of potential events

C.

Search for anomalies in the environment

D.

Search for threat signatures in the environment.

Full Access
Question # 244

Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?

A.

Revisit the business objective.

B.

Escalate to senior management.

C.

Perform a cost-benefit analysis.

D.

Recommend risk acceptance.

Full Access
Question # 245

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

A.

Frequent updates to the risk register

B.

Regularly scheduled security audits

C.

Frequent security architecture reviews

D.

Regularly scheduled risk assessments

Full Access
Question # 246

Which of the following is the BEST defense against a brute force attack?

A.

Time-of-day restrictions

B.

Mandatory access control

C.

Discretionary access control

D.

Multi-factor authentication (MFA)

Full Access
Question # 247

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

A.

Impact of service interruption

B.

Results of recovery testing

C.

Determination of recovery point objective (RPO)

D.

Direction from senior management

Full Access
Question # 248

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

A.

The application does not use a secure communications protocol

B.

The application is configured with restrictive access controls

C.

The business process has only one level of error checking

D.

Server-based malware protection is not enforced

Full Access
Go to page: