CISM TEXT (2) (dragged) 5.pdf

Full Transcript

NO.261 When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system
restoration?
A. Business impact analysis (BIA) results
B. Key performance indicators (KPIs)
C. Recovery procedures
D. Systems inventory
Answer: A

NO.262 Which of the following BEST describes a buffer overflow?
A. A function is carried out with more data than the function can handle
B. A program contains a hidden and unintended function that presents a security risk
C. Malicious code designed to interfere with normal operations
D. A type of covert channel that captures data
Answer: A
NO.263 An organization is in the process of acquiring a new company Which of the following would be the BEST approach to
determine how to protect newly acquired data assets prior to integration?
A. Include security requirements in the contract
B. Assess security controls.
C. Perform a risk assessment
D. Review data architecture.
Answer: C

NO.264 When developing an asset classification program, which of the following steps should be completed FIRST?
A. Categorize each asset.
B. Create an inventory.
C. Create a business case for a digital rights management tool.
D. Implement a data loss prevention (OLP) system.
Answer: B

NO.265 An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The
lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization,
who is PRIMARILY accountable for the associated task?
A. The information security manager
B. The data owner
C. The application owner
D. The security engineer
Answer: B

NO.266 Which of the following is the MOST important requirement for a successful security program?
A. Mapping security processes to baseline security standards
B. Penetration testing on key systems
C. Management decision on asset value
D. Nondisclosure agreements (NDA) with employees

Answer: C

NO.267 Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of
personal information?
A. Execute a risk treatment plan.
B. Review contracts and statements of work (SOWs) with vendors.
C. Implement data regionalization controls.
D. Determine current and desired state of controls.
Answer: D

NO.268 Which of the following is PRIMARILY determined by asset classification?
A. Insurance coverage required for assets
B. Level of protection required for assets
C. Priority for asset replacement
D. Replacement cost of assets
Answer: B

NO.269 Which of the following is MOST important for the effective implementation of an information security governance
program?
A. Employees receive customized information security training
B. The program budget is approved and monitored by senior management
C. The program goals are communicated and understood by the organization. 91
D. Information security roles and responsibilities are documented.
Answer: C

NO.270 Which of the following has the MOST influence on the inherent risk of an information asset?
A. Risk tolerance
B. Net present value (NPV)
C. Return on investment (ROI)
D. Business criticality
Answer: D

NO.271 A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively
without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
A. Employee training on ransomware
B. A properly tested offline backup system
C. A continual server replication process
D. A properly configured firewall
Answer: B

NO.272 Which of the following is MOST important to ensure when developing escalation procedures for an incident response
plan?
A. Each process is assigned to a responsible party.

B. The contact list is regularly updated.
C. Minimum regulatory requirements are maintained.
D. Senior management approval has been documented.
Answer: B

NO.273 Which of the following is MOST important for an information security manager to verify when selecting a third-party
forensics provider?
A. Existence of a right-to-audit clause
B. Results of the provider's business continuity tests
C. Technical capabilities of the provider
D. Existence of the provider's incident response plan
Answer: C

NO.274 An employee clicked on a link in a phishing email, triggering a ransomware attack Which of the following should be the
information security?
A. Wipe the affected system.
B. Notify internal legal counsel.
C. Notify senior management.
D. Isolate the impacted endpoints.
Answer: D

NO.275 An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring
the integrity of the recovered system?
A. Install the OS, patches, and application from the original source.
B. Restore the OS, patches, and application from a backup.
C. Restore the application and data from a forensic copy.
D. Remove all signs of the intrusion from the OS and application.
Answer: B

NO.276 Which of the following is an example of risk mitigation?
A. Purchasing insurance
B. Discontinuing the activity associated with the risk
C. Improving security controls
D. Performing a cost-benefit analysis
Answer: C

NO.277 An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker
compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
A. Risk levels may be elevated beyond acceptable limits.
B. Security audits may report more high-risk findings.
C. The compensating controls may not be cost efficient.
D. Noncompliance with industry best practices may result.
Answer: A

NO.278 Which of the following is MOST helpful for determining which information security policies should be implemented by

an organization?
A. Risk assessment
B. Business impact analysis (BIA)
C. Vulnerability assessment
D. Industry best practices
Answer: A

NO.279 For the information security manager, integrating the various assurance functions of an organization is important
PRIMARILY to enable:
A. consistent security.
B. comprehensive audits
C. a security-aware culture
D. compliance with policy
Answer: A

NO.280 Which of the following is the BEST indication that an organization has a mature information security culture?
A. Information security training is mandatory for all staff.
B. The organization's information security policy is documented and communicated.
C. The chief information security officer (CISO) regularly interacts with the board.
D. Staff consistently consider risk in making decisions.
Answer: D

NO.281 Which is following should be an information security manager's PRIMARY focus during the development of a critical
system storing highly confidential data?
A. Reducing the number of vulnerabilities detected
B. Ensuring the amount of residual risk is acceptable
C. Avoiding identified system threats
D. Complying with regulatory requirements
Answer: B

NO.282 After a server has been attacked, which of the following is the BEST course of action?
A. Initiate incident response.
B. Review vulnerability assessment.
C. Conduct a security audit.
D. Isolate the system.
Answer: A

NO.283 An organization plans to offer clients a new service that is subject to regulations. What should the organization do
FIRST when developing a security strategy in support of this new service?
A. Determine security controls for the new service.
B. Establish a compliance program,
C. Perform a gap analysis against the current state
D. Hire new resources to support the service.
Answer: C

NO.284 An organization is aligning its incident response capability with a public cloud service provider. What should be the

information security manager's FIRST course of action?
A. Identify the skill set of the provider's incident response team.
B. Evaluate the provider's audit logging and monitoring controls.
C. Review the provider's incident definitions and notification criteria.
D. Update the incident escalation process.
Answer: D

NO.285 Prior to conducting a forensic examination, an information security manager should:
A. boot the original hard disk on a clean system.
B. create an image of the original data on new media.
C. duplicate data from the backup media.
D. shut down and relocate the server.
Answer: B

NO.286 Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
A. Disaster recovery plan (DRP)
B. Incident response plan
C. Business continuity plan (BCP)
D. Business contingency plan
Answer: C

NO.287 An organization's quality process can BEST support security management by providing:
A. security configuration controls.
B. assurance that security requirements are met.
C. guidance for security strategy.
D. a repository for security systems documentation.
Answer: B

NO.288 A PRIMARY purpose of creating security policies is to:
A. define allowable security boundaries.
B. communicate management's security expectations.
C. establish the way security tasks should be executed.
D. implement management's security governance strategy.
Answer: B

NO.289 An employee of an organization has reported losing a smartphone that contains sensitive information The BEST step
to address this situation is to:
A. disable the user's access to corporate resources.
B. terminate the device connectivity.
C. remotely wipe the device
D. escalate to the user's management
Answer: C

NO.290 Which of the following is the BEST method to protect against emerging advanced persistent threat (APT) actors?

A. Providing ongoing training to the incident response team
B. Implementing proactive systems monitoring
C. Implementing a honeypot environment
D. Updating information security awareness materials
Answer: B

NO.291 The PRIMARY advantage of performing black-box control tests as opposed to white-box control tests is that they:
A. cause fewer potential production issues.
B. require less IT staff preparation.
C. simulate real-world attacks.
D. identify more threats.
Answer: C

NO.292 Which of the following will result in the MOST accurate controls assessment? A. Mature change management
processes
B. Senior management support
C. Well-defined security policies
D. Unannounced testing
Answer: B

NO.293 Which of the following backup methods requires the MOST time to restore data for an application?
A. Full backup
B. Incremental
C. Differential
D. Disk mirroring
Answer: A

NO.294 An information security manager learns through a threat intelligence service that the organization may be targeted for
a major emerging threat. Which of the following is the information security manager's FIRST course of action?
A. Conduct an information security audit.
B. Validate the relevance of the information.
C. Perform a gap analysis.
D. Inform senior management
Answer: B

NO.295 Which of the following should be triggered FIRST when unknown malware has infected an organization's critical
system?
A. Incident response plan
B. Disaster recovery plan (DRP)
C. Business continuity plan (BCP)
D. Vulnerability management plan
Answer: A

NO.296 Which of the following will have the GREATEST influence on the successful adoption of an information security
governance program?
A. Security policies

B. Control effectiveness
C. Security management processes
D. Organizational culture
Answer: D

NO.297 Which of the following is the BEST approach for governing noncompliance with security requirements?
A. Base mandatory review and exception approvals on residual risk,
B. Require users to acknowledge the acceptable use policy.
C. Require the steering committee to review exception requests.
D. Base mandatory review and exception approvals on inherent risk.
Answer: C

NO.298 When preventive controls to appropriately mitigate risk are not feasible, which of the following is the MOST important
action for the information security manager?
A. Managing the impact
B. Identifying unacceptable risk levels
C. Assessing vulnerabilities
D. Evaluating potential threats
Answer: A

NO.299 What type of control is being implemented when a security information and event management (SIEM) system is
installed?
A. Preventive
B. Deterrent
C. Detective
D. Corrective
Answer: C

NO.300 Which of the following BEST indicates that information assets are classified accurately?
A. Appropriate prioritization of information risk treatment
B. Increased compliance with information security policy
C. Appropriate assignment of information asset owners
D. An accurate and complete information asset catalog
Answer: A

NO.301 Which of the following BEST provides an information security manager with sufficient assurance that a service
provider complies with the organization's information security requirements?
A. Alive demonstration of the third-party supplier's security capabilities
B. The ability to i third-party supplier's IT systems and processes
C. Third-party security control self-assessment (CSA) results
D. An independent review report indicating compliance with industry standards
Answer: D

NO.302 Which of the following is the PRIMARY role of an information security manager in a software development project?
A. To enhance awareness for secure software design
B. To assess and approve the security application architecture

C. To identify noncompliance in the early design stage
D. To identify software security weaknesses
Answer: A

NO.303 Which of the following would be an information security managers PRIMARY challenge when deploying a bring your
own device (BYOD) mobile program in an enterprise?
A. Mobile application control
B. Inconsistent device security
C. Configuration management
D. End user acceptance
Answer: B

NO.304 When collecting admissible evidence, which of the following is the MOST important requirement?
A. Need to know
B. Preserving audit logs
C. Due diligence
D. Chain of custody
Answer: D
NO.305 Following a successful attack, an information security manager should be confident the malware @ continued to
spread at the completion of which incident response phase?
A. Containment
B. Recovery
C. Eradication
D. Identification
Answer: A

NO.306 Implementing the principle of least privilege PRIMARILY requires the identification of:
A. job duties
B. data owners
C. primary risk factors.
D. authentication controls
Answer: A

NO.307 Which of the following is the BEST approach when creating a security policy for a global organization subject to
varying laws and regulations?
A. Incorporate policy statements derived from third-party standards and benchmarks.
B. Adhere to a unique corporate privacy and security standard
C. Establish baseline standards for all locations and add supplemental standards as required
D. Require that all locations comply with a generally accepted set of industry
Answer: C

NO.308 A financial company executive is concerned about recently increasing cyberattacks and needs to take action to reduce
risk. The organization would BEST respond by:
A. increasing budget and staffing levels for the incident response team.
B. implementing an intrusion detection system (IDS).

C. revalidating and mitigating risks to an acceptable level.
D. testing the business continuity plan (BCP).
Answer: C

NO.309 Which of the following is the BEST indication of effective information security governance?
A. Information security is considered the responsibility of the entire information security team.
B. Information security controls are assigned to risk owners.
C. Information security is integrated into corporate governance.
D. Information security governance is based on an external security framework.
Answer: C

NO.310 Which of the following BEST enables staff acceptance of information security policies?
A. Strong senior management support
B. Gomputer-based training
C. Arobust incident response program
D. Adequate security funding
Answer: A

NO.311 Which of the following BEST facilitates effective incident response testing?
A. Including all business units in testing
B. Simulating realistic test scenarios
C. Reviewing test results quarterly
D. Testing after major business changes
Answer: B

NO.312 Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
A. Block IP addresses used by the attacker
B. Redirect the attacker's traffic
C. Disable firewall ports exploited by the attacker.
D. Power off affected servers
Answer: B

NO.313 Which of the following is BEST to include in a business case when the return on investment (ROI) for an information
security initiative is difficult to calculate?
A. Projected Increase in maturity level
B. Estimated reduction in risk
C. Projected costs over time
D. Estimated increase in efficiency
Answer: B

NO.314 Which of the following would BEST help to ensure appropriate security controls are built into software?
A. Integrating security throughout the development process
B. Performing security testing prior to deployment
C. Providing standards for implementation during development activities
D. Providing security training to the software development team
Answer: C

NO.315 In addition to executive sponsorship and business alignment, which of the following is MOST critical for information
security governance?
A. Ownership of security
B. Compliance with policies
C. Auditability of systems
D. Allocation of training resources
Answer: A

NO.316 When investigating an information security incident, details of the incident should be shared:
A. widely to demonstrate positive intent.
B. only with management.
C. only as needed,
D. only with internal audit.

Answer: C
NO.317 An email digital signature will:
A. protect the confidentiality of an email message.
B. verify to recipient the integrity of an email message.
C. automatically correct unauthorized modification of an email message.
D. prevent unauthorized modification of an email message.
Answer: B
NO.318 Which of the following is a PRIMARY benefit of managed security solutions? A. Wider range of capabilities
B. Easier implementation across an organization
C. Greater ability to focus on core business operations
D. Lower cost of operations
Answer: D

NO.319 Which of the following has the GREATEST influence on the successful integration of information security within the
business?
A. Organizational structure and culture
B. Risk tolerance and organizational objectives
C. The desired state of the organization
D. Information security personnel
Answer: A

NO.320 Which of the following is the MOST important reason for obtaining input from risk owners when implementing
controls?
A. To reduce risk mitigation costs
B. To resolve vulnerabilities in enterprise architecture (EA)
C. To manage the risk to an acceptable level
D. To eliminate threats impacting the business
Answer: C

NO.321 Due to changes in an organization's environment, security controls may no longer be adequate. What is the
information security manager's BEST course of action?
A. Review the previous risk assessment and countermeasures.
B. Perform a new risk assessment,
C. Evaluate countermeasures to mitigate new risks.
D. Transfer the new risk to a third party.
Answer: C

NO.322 An organization's marketing department wants to use an online collaboration service, which is not in compliance with
the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk
acceptance should be provided by:
A. the chief risk officer (CRO).
B. business senior management.
C. the information security manager.
D. the compliance officer.
Answer: B

NO.323 In which cloud model does the cloud service buyer assume the MOST security responsibility?
A. Disaster Recovery as a Service (DRaaS)
B. Infrastructure as a Service (laaS)
C. Platform as a Service (PaaS)
D. Software as a Service (SaaS)
Answer: B

NO.324 Which of the following should be the PRIMARY objective of an information security governance framework?
A. Provide a baseline for optimizing the security profile of the organization.
B. Demonstrate senior management commitment.
C. Demonstrate compliance with industry best practices to external stakeholders.
D. Ensure that users comply with the organization's information security policies.
Answer: A

NO.325 When creating an incident response plan, the PRIMARY benefit of establishing a clear definition of a security incident
is that it helps to:
A. the incident response process to stakeholders
B. adequately staff and train incident response teams.
C. develop effective escalation and response procedures.
D. make tabletop testing more effective.
Answer: C

NO.326 When deciding to move to a cloud-based model, the FIRST consideration should be:
A. storage in a shared environment.
B. availability of the data.
C. data classification.
D. physical location of the data.
Answer: C

NO.327 What should be an information security manager's FIRST step when developing a business case for a new intrusion
detection system (IDS) solution?
A. Define the issues to be addressed.
B. Perform a cost-benefit analysis.
C. Calculate the total cost of ownership (TCO).
D. Conduct a feasibility study.
Answer: A

NO.328 An information security manager learns that IT personnel are not adhering to the information security policy because it
creates process inefficiencies. What should the information security manager do FIRST?
A. Conduct user awareness training within the IT function.
B. Propose that IT update information security policies and procedures.
C. Determine the risk related to noncompliance with the policy.
D. Request that internal audit conduct a review of the policy development process,
Answer: C

NO.329 Security administration efforts will be greatly reduced following the deployment of which of the following techniques?
A. Discretionary access control
B. Role-based access control
C. Access control lists
D. Distributed access control
Answer: B

NO.330 A risk owner has accepted a large amount of risk due to the high cost of controls. Which of the following should be the
information security manager's PRIMARY focus in this situation?
A. Establishing a strong ongoing risk monitoring process
B. Presenting the risk profile for approval by the risk owner
C. Conducting an independent review of risk responses
D. Updating the information security standards to include the accepted risk
Answer: A

NO.331 Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential
security breaches?
A. IT system clocks are not synchronized with the centralized logging server.
B. Operating systems are no longer supported by the vendor.
C. The patch management system does not deploy patches in a timely manner.
D. An organization has a decentralized data center that uses cloud services.
Answer: A

NO.332 Which of the following is MOST important to have in place as a basis for developing an effective information security
program that supports the organization's business goals?
A. Metrics to drive the information security program
B. Information security policies
C. A defined security organizational structure

D. An information security strategy
Answer: D

NO.333 Which of the following is the BEST method to ensure compliance with password standards?
A. Implementing password-synchronization software
B. Using password-cracking software
C. Automated enforcement of password syntax rules
D. A user-awareness program
Answer: C

NO.334 Which of the following is MOST important to ensuring information stored by an organization is protected
appropriately?
A. Defining information stewardship roles
B. Defining security asset categorization
C. Assigning information asset ownership
D. Developing a records retention schedule
Answer: C

NO.335 Which of the following BEST enables an information security manager to obtain organizational support for the
implementation of security controls?
A. Conducting periodic vulnerability assessments
B. Communicating business impact analysis (BIA) results
C. Establishing effective stakeholder relationships
D. Defining the organization's risk management framework
Answer: C

NO.336 Which of the following is the BEST justification for making a revision to a password policy?
A. Industry best practice
B. A risk assessment
C. Audit recommendation
D. Vendor recommendation
Answer: B

NO.337 Which of the following is MOST helpful in determining an organization's current capacity to mitigate risks?
A. Capability maturity model
B. Vulnerability assessment
C. IT security risk and exposure
D. Business impact analysis (BIA)
Answer: A

NO.338 When properly implemented, secure transmission protocols protect transactions:
A. from eavesdropping.
B. from denial of service (DoS) attacks.
C. on the client desktop.
D. in the server's database.
Answer: A