CISM TEXT (2) (dragged) 3.pdf

Full Transcript

NO.118 Which of the following would be MOST effective in gaining senior management approval of security investments in
network infrastructure?
A. Performing penetration tests against the network to demonstrate business vulnerability
B. Highlighting competitor performance regarding network best security practices
C. Demonstrating that targeted security controls tie to business objectives
D. Presenting comparable security implementation estimates from several vendors
Answer: C

NO.119 Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging
technologies?
A. Compatibility with legacy systems
B. Application of corporate hardening standards
C. Integration with existing access controls
D. Unknown vulnerabilities
Answer: D

NO.120 Which of the following risk scenarios is MOST likely to emerge from a supply chain attack? A. Compromise of critical
assets via third-party resources
B. Unavailability of services provided by a supplier
C. Loss of customers due to unavailability of products
D. Unreliable delivery of hardware and software resources by a supplier
Answer: C
NO.121 Which of the following activities MUST be performed by an information security manager for change requests?
A. Perform penetration testing on affected systems.
B. Scan IT systems for operating system vulnerabilities.
C. Review change in business requirements for information security.
D. Assess impact on information security risk.
Answer: D

NO.122 Which of the following is the BEST approach to make strategic information security decisions?
A. Establish regular information security status reporting.
B. Establish an information security steering committee.
C. Establish business unit security working groups.
D. Establish periodic senior management meetings.
Answer: B

NO.123 Which of the following BEST facilitates effective strategic alignment of security initiatives? A. The business strategy is
periodically updated
B. Procedures and standards are approved by department heads.
C. Periodic security audits are conducted by a third-party.
D. Organizational units contribute to and agree on priorities
Answer: D

NO.124 Which of the following is MOST important when conducting a forensic investigation?
A. Analyzing system memory
B. Documenting analysis steps
C. Capturing full system images
D. Maintaining a chain of custody
Answer: D

NO.125 Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability
of a critical business application?
A. A patch management process
B. Version control
C. Change management controls
D. Logical access controls
Answer: A

NO.126 Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?
A. Collect additional metrics.
B. Perform a cost-benefit analysis.
C. Submit funding request to senior management.
D. Begin due diligence on the outsourcing company.
Answer: B

NO.127 Which of the following should be the PRIMARY objective of the information security incident response process?
A. Conducting incident triage
B. Communicating with internal and external parties
C. Minimizing negative impact to critical operations
D. Classifying incidents
Answer: C

NO.128 Which of the following BEST enables an information security manager to determine the comprehensiveness of an
organization's information security strategy?
A. Internal security audit
B. External security audit
C. Organizational risk appetite
D. Business impact analysis (BIA)
Answer: A

NO.129 An information security manager learns of a new standard related to an emerging technology the organization wants
to implement. Which of the following should the information security manager recommend be done FIRST?
A. Determine whether the organization can benefit from adopting the new standard.
B. Obtain legal counsel's opinion on the standard's applicability to regulations,
C. Perform a risk assessment on the new technology.
D. Review industry specialists' analyses of the new standard.
Answer: C

NO.130 An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones.

Which of the following is the BEST security control?
A. Establishing the authority to remote wipe
B. Developing security awareness training
C. Requiring the backup of the organization's data by the user
D. Monitoring how often the smartphone is used
Answer: A

NO.131 Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly
disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system
to address this concern?
A. Increasing false negatives
B. Decreasing false negatives C. Decreasing false positives
D. Increasing false positives
Answer: C

NO.132 The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
A. enhance the organization's antivirus controls.
B. eliminate the risk of data loss.
C. complement the organization's detective controls.
D. reduce the need for a security awareness program.
Answer: B

NO.133 Which of the following BEST enables an organization to maintain legally admissible evidence7
A. Documented processes around forensic records retention
B. Robust legal framework with notes of legal actions
C. Chain of custody forms with points of contact
D. Forensic personnel training that includes technical actions
Answer: C

NO.134 Which of the following should an information security manager do FIRST after learning through mass media of a data
breach at the organization's hosted payroll service provider?
A. Suspend the data exchange with the provider
B. Notify appropriate regulatory authorities of the breach.
C. Initiate the business continuity plan (BCP)
D. Validate the breach with the provider
Answer: D

NO.135 An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would
be MOST important to include in the outsourcing agreement?
A. Definition of when a disaster should be declared
B. Requirements for regularly testing backups
C. Recovery time objectives (RTOs)
D. The disaster recovery communication plan Answer: D
NO.136 To support effective risk decision making, which of the following is MOST important to have in place?
A. Established risk domains
B. Risk reporting procedures

C. An audit committee consisting of mid-level management
D. Well-defined and approved controls
Answer: A

NO.137 Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?
A. Statistical reports will be incorrect.
B. The service desk will be staffed incorrectly.
C. Escalation procedures will be ineffective.
D. Timely detection of attacks will be impossible.
Answer: C

NO.138 An organization recently outsourced the development of a mission-critical business application. Which of the following
would be the BEST way to test for the existence of backdoors?
A. Scan the entire application using a vulnerability scanning tool.
B. Run the application from a high-privileged account on a test system.
C. Perform security code reviews on the entire application.
D. Monitor Internet traffic for sensitive information leakage.
Answer: C

NO.139 Which of the following metrics provides the BEST evidence of alignment of information security governance with
corporate governance?
A. Average return on investment (ROI) associated with security initiatives
B. Average number of security incidents across business units
C. Mean time to resolution (MTTR) for enterprise-wide security incidents
D. Number of vulnerabilities identified for high-risk information assets
Answer: A

NO.140 A newly appointed information security manager of a retailer with multiple stores discovers an HVAC (heating,
ventilation, and air conditioning) vendor has remote access to the stores to enable real-time monitoring and equipment
diagnostics. Which of the following should be the information security manager's FIRST course of action?
A. Conduct a penetration test of the vendor.
B. Review the vendor's technical security controls
C. Review the vendor contract
D. Disconnect the real-time access
Answer: C

NO.141 When developing a business case to justify an information security investment, which of the following would BEST
enable an informed decision by senior management?
A. The information security strategy
B. Losses due to security incidents
C. The results of a risk assessment
D. Security investment trends in the industry
Answer: C

NO.142 What is the PRIMARY benefit to an organization that maintains an information security governance framework?

A. Resources are prioritized to maximize return on investment (ROI)
B. Information security guidelines are communicated across the enterprise_
C. The organization remains compliant with regulatory requirements.
D. Business risks are managed to an acceptable level.
Answer: D

NO.143 Which of the following Is MOST useful to an information security manager when conducting a post-incident review of
an attack?
A. Cost of the attack to the organization
B. Location of the attacker
C. Method of operation used by the attacker
D. Details from intrusion detection system (IDS) logs
Answer: C

NO.144 Penetration testing is MOST appropriate when a:
A. new system is about to go live.
B. new system is being designed.
C. security policy is being developed.
D. security incident has occurred
Answer: A

NO.145 Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
A. To compare emerging trends with the existing organizational security posture
B. To communicate worst-case scenarios to senior management
C. To train information security professionals to mitigate new threats
D. To determine opportunities for expanding organizational information security
Answer: A

NO.146 Which of the following desired outcomes BEST supports a decision to invest in a new security initiative?
A. Enhanced security monitoring and reporting
B. Reduced control complexity
C. Enhanced threat detection capability
D. Reduction of organizational risk
Answer: D

NO.147 Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?
A. Documentation of control procedures
B. Standardization of compliance requirements
C. Automation of controls
D. Integration of assurance efforts
Answer: B

NO.148 Which of the following is the BEST way to obtain support for a new organization-wide information security program?
A. Benchmark against similar industry organizations
B. Deliver an information security awareness campaign.

C. Publish an information security RACI chart.
D. Establish an information security strategy committee.
Answer: B

NO.149 Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
A. Impact on information security program
B. Cost of controls
C. Impact to business function
D. Cost to replace
Answer: C

NO.150 Which of the following is the BEST indication of information security strategy alignment with the "&
A. Percentage of information security incidents resolved within defined service level agreements (SLAs)
B. Percentage of corporate budget allocated to information security initiatives
C. Number of business executives who have attended information security awareness sessions
D. Number of business objectives directly supported by information security initiatives
Answer: D

NO.151 Which of the following analyses will BEST identify the external influences to an organization's information security?
A. Business impact analysis (BIA)
B. Gap analysis
C. Threat analysis
D. Vulnerability analysis
Answer: C

NO.152 Which of the following is the MOST important detail to capture in an organization's risk register?
A. Risk severity level
B. Risk acceptance criteria
C. Risk appetite
D. Risk ownership
Answer: D

NO.153 Which of the following is MOST important in order to obtain senior leadership support when presenting an information
security strategy?
A. The strategy aligns with management's acceptable level of risk.
B. The strategy addresses ineffective information security controls.
C. The strategy aligns with industry benchmarks and standards.
D. The strategy addresses organizational maturity and the threat environment.
Answer: A

NO.154 An organization plans to leverage popular social network platforms to promote its products and services. Which of the
following is the BEST course of action for the information security manager to support this initiative?

A. Establish processes to publish content on social networks.
B. Assess the security risk associated with the use of social networks.
C. Conduct vulnerability assessments on social network platforms.
D. Develop security controls for the use of social networks.
Answer: B

NO.155 Which of the following should be the PRIMARY basis for an information security strategy?
A. The organization's vision and mission
B. Results of a comprehensive gap analysis
C. Information security policies
D. Audit and regulatory requirements
Answer: A

NO.156 Senior management has just accepted the risk of noncompliance with a new regulation What should the information
security manager do NEXT?
A. Report the decision to the compliance officer
B. Update details within the risk register.
C. Reassess the organization's risk tolerance.
D. Assess the impact of the regulation.
Answer: B

NO.157 Which of the following is MOST important to consider when aligning a security awareness program with the
organization's business strategy?
A. Regulations and standards
B. People and culture
C. Executive and board directives
D. Processes and technology
Answer: B

NO.158 An organization is leveraging tablets to replace desktop computers shared by shift-based staff These tablets contain
critical business data and are inherently at increased risk of theft Which of the following will BEST help to mitigate this risk''
A. Deploy mobile device management (MDM)
B. Implement remote wipe capability.
C. Create an acceptable use policy.
D. Conduct a mobile device risk assessment
Answer: D

NO.159 Which of the following is the MOST important reason to ensure information security is aligned with the organization's
strategy?
A. To identify the organization's risk tolerance
B. To improve security processes
C. To align security roles and responsibilities
D. To optimize security risk management

Answer: D

NO.160 Which of the following is the MOST effective way to demonstrate alignment of information security strategy with
business objectives?
A. Balanced scorecard
B. Risk matrix
C. Benchmarking
D. Heat map
Answer: A

NO.161 An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the
following is the STRONGEST justification for granting an exception to the policy?
A. The benefit is greater than the potential risk.
B. USB storage devices are enabled based on user roles.
C. Users accept the risk of noncompliance.
D. Access is restricted to read-only.
Answer: A

NO.162 During which of the following phases should an incident response team document actions required to remove the
threat that caused the incident?
A. Post-incident review
B. Eradication
C. Containment
D. Identification
Answer: B

NO.163 The PRIMARY goal of the eradication phase in an incident response process is to:
A. maintain a strict chain of custody.
B. provide effective triage and containment of the incident.
C. remove the threat and restore affected systems
D. obtain forensic evidence from the affected system.
Answer: C

NO.164 An information security manager is assisting in the development of the request for proposal (RFP) for a new
outsourced service. This will require the third party to have access to critical business information. The security manager
should focus PRIMARILY on defining:
A. service level agreements (SLAs)
B. security requirements for the process being outsourced.
C. risk-reporting methodologies.
D. security metrics
Answer: B

NO.165 Which of the following factors has the GREATEST influence on the successful implementation of information security
strategy goals?
A. Regulatory requirements
B. Compliance acceptance
C. Management support
D. Budgetary approval
Answer: C

NO.166 Which of the following should be considered FIRST when recovering a compromised system that needs a complete
rebuild?
A. Patch management files
B. Network system logs
C. Configuration management files
D. Intrusion detection system (IDS) logs
Answer: C

NO.167 Who is BEST suited to determine how the information in a database should be classified?
A. Database analyst
B. Database administrator (DBA)
C. Information security analyst
D. Data owner
Answer: D

NO.168 Which of the following roles is BEST able to influence the security culture within an organization?
A. Chief information security officer (CISO)
B. Chief information officer (CIO)
C. Chief executive officer (CEO)
D. Chief operating officer (COO)
Answer: A

NO.169 Which of the following should include contact information for representatives of equipment and software vendors?
A. Information security program charter
B. Business impact analysis (BIA)
C. Service level agreements (SLAs)
D. Business continuity plan (BCP)
Answer: D

NO.170 Which of the following methods is the BEST way to demonstrate that an information security program provides
appropriate coverage?
A. Security risk analysis
B. Gap assessment
C. Maturity assessment
D. Vulnerability scan report
Answer: C