CISM TEXT (2) (dragged) 2.pdf

Full Transcript

NO.55 Which of the following is BEST used to determine the maturity of an information security program?
A. Security budget allocation
B. Organizational risk appetite
C. Risk assessment results
D. Security metrics
Answer: D

NO.56 In a business proposal, a potential vendor promotes being certified for international security standards as a measure of
its security capability.
Before relying on this certification, it is MOST important that the information security manager confirms that the:
A. current international standard was used to assess security processes.
B. certification will remain current through the life of the contract.
C. certification scope is relevant to the service being offered.
D. certification can be extended to cover the client's business.
Answer: C

NO.57 Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?
A. Intrusion detection
B. Log monitoring
C. Patch management
D. Antivirus software
Answer: C

NO.58 Which of the following BEST supports information security management in the event of organizational changes in
security personnel?
A. Formalizing a security strategy and program
B. Developing an awareness program for staff
C. Ensuring current documentation of security processes
D. Establishing processes within the security operations team
Answer: C

NO.59 Which of the following is MOST important to include in a post-incident review following a data breach?
A. An evaluation of the effectiveness of the information security strategy
B. Evaluations of the adequacy of existing controls
C. Documentation of regulatory reporting requirements
D. A review of the forensics chain of custom
Answer: B

NO.60 When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time

objective (RTO)?
A. External consultant
B. Information owners
C. Information security manager
D. Business continuity coordinator
Answer: D

NO.61 An employee has just reported the loss of a personal mobile device containing corporate information. Which of the
following should the information security manager do FIRST?
A. Initiate incident response.
B. Disable remote
C. Initiate a device reset.
D. Conduct a risk assessment.
Answer: A

NO.62 Which of the following would BEST ensure that security is integrated during application development?
A. Employing global security standards during development processes
B. Providing training on secure development practices to programmers
C. Performing application security testing during acceptance testing
D. Introducing security requirements during the initiation phase
Answer: B

NO.63 An organization's disaster recovery plan (DRP) is documented and kept at a disaster recovery site. Which of the
following is the BEST way to ensure the plan can be carried out in an emergency?
A. Store disaster recovery documentation in a public cloud.
B. Maintain an outsourced contact center in another country.
C. Require disaster recovery documentation be stored with all key decision makers.
D. Provide annual disaster recovery training to appropriate staff.
Answer: C

NO.64 Which of the following is the MOST effective way to help staff members understand their responsibilities for information
security?
A. Communicate disciplinary processes for policy violations.
B. Require staff to participate in information security awareness training.
C. Require staff to sign confidentiality agreements.
D. Include information security responsibilities in job descriptions.
Answer: B

NO.65 An information security team is planning a security assessment of an existing vendor. Which of the following
approaches is MOST helpful for properly scoping the assessment?
A. Focus the review on the infrastructure with the highest risk
B. Review controls listed in the vendor contract
C. Determine whether the vendor follows the selected security framework rules
D. Review the vendor's security policy

Answer: B

NO.66 Which of the following will BEST facilitate the integration of information security governance into enterprise
governance?
A. Developing an information security policy based on risk assessments
B. Establishing an information security steering committee
C. Documenting the information security governance framework
D. Implementing an information security awareness program
Answer: B

NO.67 When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is
the MOST important security consideration?
A. Data is encrypted in transit and at rest at the vendor site.
B. Data is subject to regular access log review.
C. The vendor must be able to amend data.
D. The vendor must agree to the organization's information security policy,
Answer: D

NO.68 Which of the following should be the PRIMARY basis for determining the value of assets?
A. Cost of replacing the assets
B. Business cost when assets are not available
C. Original cost of the assets minus depreciation
D. Total cost of ownership (TCO)
Answer: B

NO.69 Which of the following is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?
A. Provide employee training on secure mobile device practices
B. Implement a mobile device management (MDM) solution.
C. Require employees to install an effective anti-malware app.
D. Implement a mobile device policy and standard.
Answer: B

NO.70 An organization has purchased an Internet sales company to extend the sales department. The information security
manager's FIRST step to ensure the security policy framework encompasses the new business model is to:
A. perform a gap analysis.
B. implement both companies' policies separately
C. merge both companies' policies
D. perform a vulnerability assessment
Answer: A

NO.71 Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity

plan (BCP)?
A. Legal and regulatory requirements
B. Likelihood of a disaster
C. Organizational tolerance to service interruption
D. Geographical location of the backup site
Answer: C

NO.72 Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based
solution?
A. Adopt the cloud provider's incident response procedures.
B. Transfer responsibility for incident response to the cloud provider.
C. Continue using the existing incident response procedures.
D. Revise incident response procedures to encompass the cloud environment.
Answer: D

NO.73 Which of the following should be the PRIMARY basis for a severity hierarchy for information security incident
classification?
A. Availability of resources
B. Root cause analysis results
C. Adverse effects on the business
D. Legal and regulatory requirements
Answer: C

NO.74 Spoofing should be prevented because it may be used to:
A. gain illegal entry to a secure system by faking the sender's address,
B. predict which way a program will branch when an option is presented
C. assemble information, track traffic, and identify network vulnerabilities.
D. capture information such as passwords traveling through the network
Answer: A

NO.75 Which of the following provides an information security manager with the MOST accurate indication of the
organization's ability to respond to a cyber attack?
A. Walk-through of the incident response plan
B. Black box penetration test
C. Simulated phishing exercise
D. Red team exercise
Answer: D

NO.76 Which of the following BEST facilitates the effective execution of an incident response plan?
A. The plan is based on risk assessment results.
B. The response team is trained on the plan
C. The plan is based on industry best practice.
D. The incident response plan aligns with the IT disaster recovery plan (DRP).
Answer: B

NO.77 A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to
determine during the review?
A. The time and location that the breach occurred
B. Evidence of previous incidents caused by the user
C. The underlying reason for the user error
D. Appropriate disciplinary procedures for user error
Answer: C

NO.78 Which of the following is the PRIMARY objective of a business impact analysis (BIA)? 27
A. Determine recovery priorities.
B. Define the recovery point objective (RPO).
C. Confirm control effectiveness.
D. Analyze vulnerabilities.
Answer: A

NO.79 Which of the following is MOST important to include in an information security status report management?
A. List of recent security events
B. Key risk indication (KRIs)
C. Review of information security policies
D. information security budget requests
Answer: B

NO.80 Which of the following is MOST important to have in place for an organization's information security program to be
effective?
A. Documented information security processes
B. A comprehensive IT strategy
C. Senior management support
D. Defined and allocated budget
Answer: C

NO.81 Which of the following metrics is MOST appropriate for evaluating the incident notification process?
A. Average total cost of downtime per reported incident
B. Elapsed time between response and resolution
C. Average number of incidents per reporting period
D. Elapsed time between detection, reporting, and response
Answer: D

NO.82 Which of the following is the GREATEST value provided by a security information and event management (SIEM)
system?
A. Maintaining a repository base of security policies
B. Measuring impact of exploits on business processes
C. Facilitating the monitoring of risk occurrences
D. Redirecting event logs to an alternate location for business continuity plan
Answer: C

NO.83 Which of the following is the BEST technical defense against unauthorized access to a corporate network through
social engineering?
A. Requiring challenge/response information
B. Requiring multi factor authentication
C. Enforcing frequent password changes
D. Enforcing complex password formats
Answer: B

NO.84 The PRIMARY objective of performing a post-incident review is to:
A. re-evaluate the impact of incidents
B. identify vulnerabilities
C. identify control improvements.
D. identify the root cause.
Answer: D

NO.85 An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an
established deadline. Senior management has asked the information security manager to prepare an action plan to achieve
compliance.
Which of the following would provide the MOST useful information for planning purposes?
A. Results from a business impact analysis (BIA)
B. Deadlines and penalties for noncompliance
C. Results from a gap analysis
D. An inventory of security controls currently in place
Answer: C

NO.86 Which of the following is the BEST evidence of alignment between corporate and information security governance?
A. Security key performance indicators (KPIs)
B. Project resource optimization
C. Regular security policy reviews
D. Senior management sponsorship
Answer: D

NO.87 A multinational organization is required to follow governmental regulations with different security requirements at each
of its operating locations. The chief information security officer (CISO) should be MOST concerned with:
A. developing a security program that meets global and regional requirements.
B. ensuring effective communication with local regulatory bodies.
C. using industry best practice to meet local legal regulatory requirements.
D. monitoring compliance with defined security policies and standards.
Answer: A

NO.88 In a call center, the BEST reason to conduct a social engineering is to:
A. Identify candidates for additional security training.
B. minimize the likelihood of successful attacks.
C. gain funding for information security initiatives.

D. improve password policy.
Answer: A

NO.89 An information security team has discovered that users are sharing a login account to an application with sensitive
information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies.
What is the information security manager's BEST course of action?
A. Enforce the policy.
B. Modify the policy.
C. Present the risk to senior management.
D. Create an exception for the deviation.
Answer: C

NO.90 Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness
of controls currently in place?
A. Security policy
B. Risk management framework
C. Risk appetite
D. Security standards
Answer: A

NO.91 A penetration test against an organization's external web application shows several vulnerabilities. Which of the
following presents the GREATEST concern?
A. A rules of engagement form was not signed prior to the penetration test
B. Vulnerabilities were not found by internal tests
C. Vulnerabilities were caused by insufficient user acceptance testing (UAT)
D. Exploit code for one of the vulnerabilities is publicly available
Answer: D

NO.92 Which of the following BEST ensures timely and reliable access to services?
A. Nonrepudiation
B. Authenticity
C. Availability
D. Recovery time objective (RTO)
Answer: C

NO.93 Which of the following is the BEST way to assess the risk associated with using a Software as a Service (SaaS)
vendor?
A. Verify that information security requirements are included in the contract.
B. Request customer references from the vendor.
C. Require vendors to complete information security questionnaires.
D. Review the results of the vendor's independent control reports.
Answer: A

NO.94 Which of the following is the BEST defense-in-depth implementation for protecting high value assets or for handling
environments that have trust concerns?
A. Compartmentalization
B. Overlapping redundancy
C. Continuous monitoring
D. Multi-factor authentication
Answer: A

NO.95 Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the
risk treatment process?
A. Establish key risk indicators (KRIs).
B. Use quantitative risk assessment methods.
C. Provide regular reporting on risk treatment to senior management
D. Require steering committee approval of risk treatment plans.
Answer: D

NO.96 Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered
across the organization?
A. Decrease in the number of security incidents
B. Increase in the frequency of security incident escalations
C. Reduction in the impact of security incidents
D. Increase in the number of reported security incidents
Answer: A

NO.97 Which of the following should be the PRIMARY consideration when developing an incident response plan?
A. The definition of an incident
B. Compliance with regulations
C. Management support
D. Previously reported incidents
Answer: B

NO.98 Which of the following MUST happen immediately following the identification of a malware incident?
A. Preparation
B. Recovery
C. Containment
D. Eradication
Answer: B

NO.99 The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
A. reduces unauthorized access to systems.
B. promotes efficiency in control of the environment.
C. prevents inconsistencies in information in the distributed environment.
D. allows administrative staff to make management decisions.
Answer: D

NO.100 Which of the following would MOST effectively ensure that a new server is appropriately secured?
A. Performing secure code reviews
B. Enforcing technical security standards
C. Conducting penetration testing
D. Initiating security scanning
Answer: B

NO.101 The PRIMARY reason to create and externally store the disk hash value when performing forensic data acquisition
from a hard disk is to:
A. validate the confidentiality during analysis.
B. reinstate original data when accidental changes occur.
C. validate the integrity during analysis.
D. provide backup in case of media failure.
Answer: C

NO.102 After a recovery from a successful malware attack, instances of the malware continue to be discovered. Which phase
of incident response was not successful?
A. Eradication
B Recovery
C. Lessons learned review
D. Incident declaration
Answer: A

NO.103 A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of
the following would be the information security manager's BEST course of action?
A. Instruct the vendor to conduct penetration testing.
B. Suspend the connection to the application in the firewall
C. Report the situation to the business owner of the application.
D. Initiate the organization's incident response process.
Answer: C

NO.104 Which of the following is the BEST indication of an effective information security awareness training program?
A. An increase in the frequency of phishing tests
B. An increase in positive user feedback
C. An increase in the speed of incident resolution
D. An increase in the identification rate during phishing simulations
Answer: D

NO.105 Of the following, whose input is of GREATEST importance in the development of an information security strategy?
A. Process owners
B. End users
C. Security architects.
D. Corporate auditors
Answer: A

NO.106 Which of the following is the BEST way lo monitor for advanced persistent threats (APT) in an organization?
A. Network with peers in the industry to share information.
B. Browse the Internet to team of potential events
C. Search for anomalies in the environment
D. Search for threat signatures in the environment.
Answer: C

NO.107 Which of the following is MOST important to consider when determining asset valuation?
A. Asset recovery cost
B. Asset classification level
C. Cost of insurance premiums
D. Potential business loss
Answer: D

NO.108 Which of the following should be the FIRST step in developing an information security strategy?
A. Perform a gap analysis based on the current state
B. Create a roadmap to identify security baselines and controls.
C. Identify key stakeholders to champion information security.
D. Determine acceptable levels of information security risk.
Answer: A

NO.109 What should be an information security manager's MOST important consideration when developing a multi-year plan?
A. Ensuring contingency plans are in place for potential information security risks
B. Ensuring alignment with the plans of other business units
C. Allowing the information security program to expand its capabilities
D. Demonstrating projected budget increases year after year
Answer: B

NO.110 In the context of developing an information security strategy, which of the following provides the MOST useful input to
determine the or
A. Security budget
B. Risk register
C. Risk score
D. Laws and regulations
Answer: D

NO.111 An information security manager believes that information has been classified inappropriately, = the risk of a breach.
Which of the following is the information security manager's BEST action?
A. Refer the issue to internal audit for a recommendation.
B. Re-classify the data and increase the security level to meet business risk.
C. Instruct the relevant system owners to reclassify the data.
D. Complete a risk assessment and refer the results to the data owners.
Answer: D

NO.112 Which of the following should an information security manager do FIRST after a new cybersecunty regulation has
been introduced?
A. Conduct a cost-benefit analysis.
B. Consult corporate legal counsel
C. Update the information security policy.
D. Perform a gap analysis.
Answer: D

NO.113 Which of the following is the BEST justification for making a revision to a password policy?
A. Vendor recommendation
B. Audit recommendation
C. A risk assessment
D. Industry best practice
Answer: C

NO.114 What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
A. Determine operational losses.
B. Improve the change control process.
C. Update the threat landscape.
D. Review the effectiveness of controls
Answer: D

NO.115 Which of the following is the PRIMARY objective of incident triage?
A. Coordination of communications
B. Mitigation of vulnerabilities
C. Categorization of events
D. Containment of threats Answer: C

NO.116 Which of the following would be the BEST way for an information security manager to improve the effectiveness of an
organization's information security program?
A. Focus on addressing conflicts between security and performance.
B. Collaborate with business and IT functions in determining controls.
C. Include information security requirements in the change control process.
D. Obtain assistance from IT to implement automated security cantrals.
Answer: B

NO.117 Which of the following is the GREATEST challenge with assessing emerging risk in an organization?
A. Lack of a risk framework
B. Ineffective security controls
C. Presence of known vulnerabilities
D. Incomplete identification of threats
Answer: D