Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

CISM Exam Dumps - Certified Information Security Manager

Question # 4

Which of the following is the BEST way for an organization to determine the maturity level of its information security program?

A.

Validate the effectiveness of implemented security controls.

B.

Track the trending of information security incidents.

C.

Review the results of information security awareness testing.

D.

Benchmark the information security policy against industry standards.

Full Access
Question # 5

Executive leadership becomes involved in decisions about information security governance.

Executive leadership views information security governance primarily as a concern of the information security management team. What should be an information security manager's MOST important consideration when reviewing a proposed upgrade to a business unit's production database?

A.

Ensuring residual risk is within appetite

B.

Ensuring the application inventory is updated

C.

Ensuring a cost-benefit analysis is completed

D.

Ensuring senior management is aware of associated risk

Full Access
Question # 6

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

A.

Enforce passwords and data encryption on the devices.

B.

Review and update existing security policies.

C.

Require remote wipe capabilities for devices

D.

Conduct security awareness training.

Full Access
Question # 7

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

A.

To estimate the recovery time objective (RTO)

B.

To provide metrics ta senior management

C.

To assess service level agreements (SLAs)

D.

To evaluate how personnel react to the situation

Full Access
Question # 8

Management has expressed concerns to the information security manager that shadow IT may be a risk to the organization. What is the FIRST step the information security manager should take?

A.

Block the end user's ability to use shadow IT.

B.

Determine the extent of shadow IT usage.

C.

Determine the value of shadow IT projects.

D.

Update the security policy to address shadow IT.

Full Access
Question # 9

The MOST effective way to continuously monitor an organization's cybersecurity posture is to evaluate its:

A.

timeliness in responding to attacks.

B.

level of support from senior management.

C.

compliance with industry regulations.

D.

key performance indicators (KPIs).

Full Access
Question # 10

Which of the following should an information security manager do FIRST to address complaints that a newly implemented security control has slowed business operations?

A.

Discuss the issue with senior management for direction.

B.

Validate whether the control is operating as intended.

C.

Remove the control and identify alternatives.

D.

Conduct user awareness training.

Full Access
Question # 11

An information security manager wants to improve the ability to identify changes in risk levels affecting the organization's systems. Which of the following is the BEST method to achieve this objective?

A.

Performing business impact analyses (BIA)

B.

Updating the risk register

C.

Monitoring key risk indicators (KRIs)

D.

Monitoring key goal indicators (KGls)

Full Access
Question # 12

The MOST important objective of security awareness training for business staff is to:

A.

increase compliance.

B.

understand intrusion methods.

C.

modify behavior.

D.

reduce negative audit findings.

Full Access
Question # 13

Which of the following should be determined FIRST when preparing a risk communication plan?

A.

Reporting content

B.

Communication channel

C.

Reporting frequency

D.

Target audience

Full Access
Question # 14

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

A.

Disaster recovery drills

B.

Penetration tests

C.

Tabletop exercises

D.

Forensics certification

Full Access
Question # 15

Which of the following should be an information security manager's.

MOST important consideration when determining if an information asset has been classified appropriately?

A.

Security policy requirements

B.

Level of protection

C.

Value to the business

D.

Ownership of information

Full Access
Question # 16

Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?

A.

The ability to reduce risk in the supply chain

B.

The ability to define service level agreements (SLAs)

C.

The ability to meet industry compliance requirements

D.

The ability to improve vendor performance

Full Access
Question # 17

What is the PRIMARY objective of implementing standard security configurations?

A.

Maintain a flexible approach to mitigate potential risk to unsupported systems.

B.

Compare configurations between supported and unsupported systems.

C.

Minimize the operational burden of managing and monitoring unsupported systems.

D.

Control vulnerabilities and reduce threats from changed configurations.

Full Access
Question # 18

An organization's ClO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the C/O, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?

A.

The CIO is not taking charge of the committee.

B.

There is a conflict of interest between the business and IT.

C.

The committee lacks sufficient business representation.

D.

The committee consists of too many senior executives.

Full Access
Question # 19

Which of the following provides the MOST relevant information to determine the overall effectiveness of an information security program and underlying business processes?

A.

SWOT analysis

B.

Balanced scorecard

C.

Cost-benefit analysis

D.

Industry benchmarks

Full Access
Question # 20

For an organization that is experiencing outages due to malicious code, which of the following is the BEST index of the effectiveness of countermeasures?

A.

Amount of infection-related downtime

B.

Number of virus infections detected

C.

Average recovery time per incident

D.

Number of downtime-related help desk calls

Full Access
Question # 21

An employee clicked on a link in a phishing email, triggering a ransomware attack. Which of the following should be the information security manager's FIRST step?

A.

Wipe the affected system.

B.

isolate the impacted endpoints.

C.

Notify senior management

D.

Notify internal legal counsel.

Full Access
Question # 22

Which of the following is MOST relevant for an information security manager to communicate to the board of directors?

A.

Vulnerability assessments

B.

The level of exposure

C.

The level of inherent risk

D.

Threat assessments

Full Access
Question # 23

The PRIMARY goal of the eradication phase in an incident response process is to:

A.

provide effective triage and containment of the incident.

B.

remove the threat and restore affected systems.

C.

maintain a strict chain of custody.

D.

obtain forensic evidence from the affected system.

Full Access
Question # 24

When determining an acceptable risk level, which of the following is the MOST important consideration?

A.

System criticalities

B.

Threat profiles

C.

Vulnerability scores

D.

Risk matrices

Full Access
Question # 25

Which of the following is MOST important to ensure when an organization is moving portions of its sensitive database to the cloud?

A.

Input from data owners is included in the requirements definition.

B.

A right to audit clause is included in the contract.

C.

The conversion has been approved by the information security team.

D.

Data encryption is used in the cloud hosting solution.

Full Access
Question # 26

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

A.

normal network behavior and using it as a baseline for measuring abnormal activity.

B.

abnormal network behavior and issuing instructions to the firewall to drop rogue connections.

C.

abnormal network behavior and using it as a baseline for measuring normal activity.

D.

attack pattern signatures from historical data.

Full Access
Question # 27

Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?

A.

The incident response team

B.

Affected customers

C.

Senior management

D.

Cloud service provider

Full Access
Question # 28

Which of the following would be MOST effective in changing the security culture and behavior of staff?

A.

Auditing compliance with the information security policy

B.

Promoting the information security mission within the enterprise

C.

Enforcing strict technical information security controls

D.

Developing procedures to enforce the information security policy

Full Access
Question # 29

Which of the following would BEST help to ensure an organization's security program is aligned with business objectives?

A.

Business leaders receive annual information security awareness training.

B.

Security policies are reviewed and approved by the chief information officer (CIO).

C.

The security strategy is reviewed and approved by the organization’s steering committee,

D.

The organization's board of directors includes a dedicated information security advisor..

Full Access
Question # 30

Which of the following provides the MOST comprehensive information related to an organization's current risk profile?

A.

Gap analysis results

B.

Risk assessment results

C.

Risk register

D.

Heat map

Full Access
Question # 31

Which of the following is MOST likely to be included in an enterprise security policy?

A.

Retention schedules

B.

Organizational risk

C.

System access specifications

D.

Definitions of responsibilities

Full Access
Question # 32

Which of the following is the MOST effective way to prevent information security incidents?

A.

Implementing a security awareness training program for employees

B.

Deploying a consistent incident response approach

C.

Implementing a security information and event management (SIEM) tool

D.

Deploying intrusion detection tools in the network environment

Full Access
Question # 33

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

A.

A simulated denial of service (DoS) attack against the firewall

B.

A validation of the current firewall rule set

C.

A port scan of the firewall from an internal source

D.

A ping test from an external source

Full Access
Question # 34

An organization is concerned with the potential for exploitation of vulnerabilities in its server systems. Which of the following is the BEST control to mitigate the associated risk?

A.

Enforcing configurations for secure logging and audit trails on server systems

B.

Enforcing standard system configurations based on secure configuration benchmarks

C.

Implementing network and system-based anomaly monitoring software for server systems.

D.

Implementing host-based intrusion detection systems (IDS) on server systems

Full Access
Question # 35

Which of the following is an information security manager's BEST course of action to gain approval for investment in a technical control?

A.

Calculate the exposure factor.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis (BIA).

D.

Conduct a risk assessment

Full Access
Question # 36

After the occurrence of a major information security corrective actions?

A.

Calculating cost of the incident

B.

Performing an impact analysis

C.

Conducting a postmortem assessment

D.

Preserving the evidence

Full Access
Question # 37

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

A.

Activate the incident response program.

B.

Validate the risk to the organization.

C.

Perform a business impact analysis (BIA).

D.

Notify local law enforcement agencies of a breach.

Full Access
Question # 38

Which of the following should be the PRIMARY goal of an information security manager when designing information security policies?

A.

Improving the protection of information

B.

Achieving organizational objectives

C.

Minimizing the cost of security controls

D.

Reducing organizational security risk

Full Access
Question # 39

An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the system?

A.

Remove all signs of the intrusion from the OS and application.

B.

Restore the OS, patches, and application from a backup.

C.

Restore the application and data from a forensic copy.

D.

Install the OS, patches, and application from the original source.

Full Access
Question # 40

Internal audit has reported a number of information security issues that are not in compliance with regulatory requirements. What should the information security manager do FIRST?

A.

Perform a gap analysis to determine needed resources.

B.

Perform a vulnerability assessment.

C.

Assess the risk to business operations.

D.

Create a security exception.

Full Access
Question # 41

A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce risk. The organization would BEST respond by:

A.

increasing budget and staffing levels for the incident response team.

B.

testing the business continuity plan (BCP).

C.

implementing an intrusion detection system (IDS).

D.

revalidating and mitigating risks to an acceptable level.

Full Access
Question # 42

Which of the following is the MOST effective approach to ensure IT processes are performed in compliance with the information security policies?

A.

Providing information security policy training to the process owners

B.

Identifying risks in the processes and managing those risks

C.

Ensuring that key controls are embedded in the processes

D.

Allocating sufficient resources

Full Access
Question # 43

After an Information security incident has been detected and its priority established, which of the following should be the NEXT course of action?

A.

Gathering evidence

B.

Performing a risk assessment

C.

Eradicating the incident

D.

Containing the incident

Full Access
Question # 44

Which of the following should be the MOST important consideration of business continuity management?

A.

Ensuring human safety

B.

Identifying critical business processes

C.

Ensuring the reliability of backup data

D.

Securing critical information assets

Full Access
Question # 45

Company A, a cloud service provider, is in the process of acquiring Company B to gain new benefits by incorporating their technologies within its cloud services. Which of the following should be the PRIMARY focus of Company A's information security manager?

A.

The cost to align to Company A's security policies

B.

The organizational structure of Company B

C.

Company A's security architecture

D.

Company B's security policies

Full Access
Question # 46

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

A.

Communicate security policy with the third-party vendor.

B.

Ensure security is involved in the procurement process.

C.

Conduct an information security audit on the third-party vendor.

D.

Review the third-party contract with the organization's legal department.

Full Access
Question # 47

Which of the following would be the MOST effective countermeasure against malicious programming that rounds down transaction amounts and transfers them to the perpetrator’s account?

A.

Apply the latest patch programs to the production operating systems.

B.

Implement controls for continuous monitoring of middleware transactions.

C.

Set up an agent to run a virus-scanning program across platforms.

D.

Ensure that proper controls exist for code review and release management.

Full Access
Question # 48

An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data, Which of the following would have BEST provided timely

identification of this incident?

A.

Deploying a security information and event management system

(SIEM)

B.

Conducting regular system administrator awareness training

C.

Deploying an intrusion prevention system (IPS)

D.

Implementing a data loss prevention (DLP) suite

Full Access
Question # 49

An organization wants to integrate information security into its human resource management processes. Which of the following should be the FIRST step?

A.

Evaluate the cost of information security integration.

B.

Assess the business objectives of the processes.

C.

Identify information security risk associated with the processes.

D.

Benchmark the processes with best practice to identify gaps.

Full Access
Question # 50

A recent audit found that an organization's new user accounts are not set up uniformly. Which of the following is MOST important for the information security manager to review?

A.

Guidelines

B.

Automated controls

C.

Standards

D.

Security policies

Full Access
Question # 51

Which of the following is MOST important to include when reporting information security risk to executive leadership?

A.

Key performance objectives and budget trends

B.

Security awareness training participation and residual risk exposures

C.

Risk analysis results and key risk indicators (KRIs)

D.

Information security risk management plans and control compliance

Full Access
Question # 52

Which of the following is the PRIMARY responsibility of an information security steering committee composed of management representation from business units?

A.

Perform business impact analyses (BIAS).

B.

Monitor the treatment of information security risk.

C.

Oversee the execution of the information security strategy

D.

Manage the implementation of the information security plan.

Full Access
Question # 53

Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?

A.

Benchmarking against industry peers

B.

Prioritization of action plans

C.

Validation of current capabilities

D.

Identification of threats and vulnerabilities

Full Access
Question # 54

Threat and vulnerability assessments are important PRIMARILY because they are:

A.

the basis for setting control objectives

B.

used to establish security investments.

C.

needed to estimate risk.

D.

elements of the organization's security posture

Full Access
Question # 55

A measure of the effectiveness of the incident response capabilities of an organization is the:

A.

reduction of the annual loss expectancy (ALE).

B.

time to closure of incidents.

C.

number of employees receiving incident response training.

D.

number of incidents detected.

Full Access
Question # 56

What is the BEST reason to keep information security policies separate from procedures?

A.

To keep policy documents from becoming too large

B.

To keep policies from having to be changed too frequently

C.

To ensure that individual documents do not contain conflicting information

D.

To ensure policies receive the appropriate approvals

Full Access
Question # 57

An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?

A.

Increase the frequency of log monitoring and analysis.

B.

Increase the sensitivity of intrusion detection systems.

C.

Implement multi-factor authentication.

D.

Implement a security information and event management system

Full Access
Question # 58

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

A.

relates the investment to the organization's strategic plan

B.

articulates management's intent and information security directives in clear language.

C.

translates information security policies and standards into business requirements.

D.

realigns information security objectives to organizational strategy.

Full Access