CISM TEXT (2) (dragged) 6.pdf

Full Transcript

NO.339 The fundamental purpose of establishing security metrics is to:
A. increase return on investment (ROI)
B. provide feedback on control effectiveness
C. adopt security best practices
D. establish security benchmarks
Answer: B

NO.340 An organization has decided to outsource IT operations. Which of the following should be the PRIMARY focus of the
information security manager?
A. Security requirements are included in the vendor contract
B. External security audit results are reviewed.
C. Service level agreements (SLAs) meet operational standards.
D. Business continuity contingency planning is provided
Answer: A

NO.341 Which of the following parties should be responsible for determining access levels to an application that processes
client information?
A. The business client
B. The information security tear
C. The identity and access management team
D. Business unit management
Answer: D

NO.342 Data entry functions for a web-based application have been outsourced to a third-party service provider who will work
from a remote site Which of the following issues would be of GREATEST concern to an information security manager?
A. The application does not use a secure communications protocol
B. The application is configured with restrictive access controls
C. The business process has only one level of error checking
D. Server-based malware protection is not enforced
Answer: B

NO.343 The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training
program is to include:
A. results of exit interviews.
B. previous training sessions.
C. examples of help desk requests.
D. responses to security questionnaires.
Answer: C

NO.344 What should be the FIRST step when an Internet of Things (loT) device in an organization's network is confirmed to
have been hacked?
A. Monitor the network.
B. Perform forensic analysis.
C. Disconnect the device from the network,
D. Escalate to the incident response team

Answer: C

NO.345 What is the PRIMARY benefit to an organization when information security program requirements are aligned with
employment and staffing processes?
A. Security incident reporting procedures are followed.
B. Security staff turnover is reduced.
C. Information assets are classified appropriately.
D. Access is granted based on task requirements.
Answer: D

NO.346 An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the
following is the FIRST step the information security manager should take?
A. Determine which country's information security regulations will be used.
B. Merge the two existing information security programs.
C. Apply the existing information security program to the acquired company.
D. Evaluate the information security laws that apply to the acquired company.
Answer: D

NO.347 A balanced scorecard MOST effectively enables information security:
A. risk management
B. project management
C. governance
D. performance
Answer: C

NO.348 Which of the following tasks should be performed once a disaster recovery plan (DRP) has been developed?
A. Develop the test plan.
B. Analyze the business impact.
C. Define response team roles.
D. Identify recovery time objectives (RTOs).
Answer: A

NO.349 Which of the following BEST supports effective communication during information security incidents7
A. Frequent incident response training sessions
B. Centralized control monitoring capabilities
C. Responsibilities defined within role descriptions
D. Predetermined service level agreements (SLAs)
Answer: D

NO.350 An incident response team has been assembled from a group of experienced individuals, Which type of exercise
would be MOST beneficial for the team at the first drill?
A. Red team exercise
B. Black box penetration test
C. Disaster recovery exercise
D. Tabletop exercise

Answer: D

NO.351 Which of the following is the MOST important criterion when deciding whether to accept residual risk?
A. Cost of replacing the asset
B. Cost of additional mitigation
C. Annual loss expectancy (ALE)
D. Annual rate of occurrence
Answer: A

NO.352 A recovery point objective (RPO) is required in which of the following?
A. Disaster recovery plan (DRP)
B. Information security plan
C. Incident response plan
D. Business continuity plan (BCP)
Answer: A

NO.353 Which of the following is the BEST way for an organization to ensure that incident response teams are properly
prepared?
A. Providing training from third-party forensics firms
B. Obtaining industry certifications for the response team
C. Conducting tabletop exercises appropriate for the organization
D. Documenting multiple scenarios for the organization and response steps
Answer: C

NO.354 Which of the following BEST enables the assignment of risk and control ownership?
A. Aligning to an industry-recognized control framework
B. Adopting a risk management framework
C. Obtaining senior management buy-in
D. Developing an information security strategy
Answer: C

NO.355 Network isolation techniques are immediately implemented after a security breach to: A. preserve evidence as
required for forensics
B. reduce the extent of further damage.
C. allow time for key stakeholder decision making.
D. enforce zero trust architecture principles.
Answer: B

NO.356 Which of the following would provide the MOST effective security outcome in an organizations contract management
process?
A. Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage
B. Ensuring security requirements are defined at the request-for-proposal (RFP) stage
C. Extending security assessment to cover asset disposal on contract termination
D. Extending security assessment to include random penetration testing

Answer: B

NO.357 While classifying information assets an information security manager notices that several production databases do not
have owners assigned to them What is the BEST way to address this situation?
A. Assign responsibility to the database administrator (DBA).
B. Review the databases for sensitive content.
C. Prepare a report of the databases for senior management.
D. Assign the highest classification level to those databases.
Answer: A

NO.358 Which of the following BEST helps to ensure a risk response plan will be developed and executed in a timely manner?
A. Establishing risk metrics
B. Training on risk management procedures
C. Reporting on documented deficiencies
D. Assigning a risk owner
Answer: B

NO.359 Which of the following provides the BEST evidence that a recently established infofmation security program is
effective?
A. The number of reported incidents has increased
B. Regular IT balanced scorecards are communicated.
C. Senior management has reported fewer junk emails.
D. The number of tickets associated with IT incidents have stayed consistent
Answer: A

NO.360 Which of the following should an information security manager do FIRST upon learning that some security hardening
settings may negatively impact future business activity?
A. Perform a risk assessment.
B. Reduce security hardening settings.
C. Inform business management of the risk.
D. Document a security exception.
Answer: A

NO.361 Which of the following is the responsibility of a risk owner?
A. Performing risk assessments to direct risk response
B. Determining the organization's risk appetite
C. Ensuring control effectiveness is monitored
D. Implementing controls to mitigate the risk
Answer: D

NO.362 An information security manager has been notified about a compromised endpoint device Which of the following is the
BEST course of action to prevent further damage?
A. Wipe and reset the endpoint device.
B. Isolate the endpoint device.

C. Power off the endpoint device.
D. Run a virus scan on the endpoint device.
Answer: B

NO.363 Which of the following is the PRIMARY benefit of an information security awareness training program?
A. Influencing human behavior
B. Evaluating organizational security culture
C. Defining risk accountability D. Enforcing security policy
Answer: A

NO.364 Which of the following BEST ensures information security governance is aligned with corporate governance?
A. A security steering committee including IT representation
B. A consistent risk management approach
C. An information security risk register
D. Integration of security reporting into corporate reporting
Answer: D

NO.365 Which of the following BEST enables an organization to transform its culture to support information security?
A. Periodic compliance audits
B. Strong management support
C. Robust technical security controls
D. Incentives for security incident reporting
Answer: B
NO.366 ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the
service provider's data center. Which of the following should the CISO do FIRST?
A. Recommend canceling the outsourcing contract.
B. Request an independent review of the provider's data center.
C. Notify affected customers of the data breach.
D. Determine the extent of the impact to the organization.
Answer: D

NO.367 Which of the following is the MOST critical factor for information security program success?
A. comprehensive risk assessment program for information security
B. The information security manager's knowledge of the business
C. Security staff with appropriate training and adequate resources
D. Ongoing audits and addressing open items
Answer: B

NO.368 Which of the following is the MOST important detail to capture in an organization's risk register?
A. Risk appetite
B. Risk severity level
C. Risk acceptance criteria
D. Risk ownership
Answer: D

NO.369 Which of the following is the BEST course of action if the business activity residual risk is lower than the acceptable
risk level?
A. Monitor the effectiveness of controls
B. Update the risk assessment framework
C. Review the inherent risk level
D. Review the risk probability and impact
Answer: A

NO.370 Which of the following is MOST important to include in monthly information security reports to the board?
A. Trend analysis of security metrics
B. Risk assessment results
C. Root cause analysis of security incidents
D. Threat intelligence
Answer: A

NO.371 Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to
by the appropriate individuals?
A. Skills required for the incident response team
B. A list of external resources to assist with incidents
C. Service level agreements (SLAs)
D. A detailed incident notification process
Answer: D

NO.372 Which of the following messages would be MOST effective in obtaining senior management's commitment to
information security management?
A. Effective security eliminates risk to the business.
B. Adopt a recognized framework with metrics.
C. Security is a business product and not a process.
D. Security supports and protects the business.
Answer: D

NO.373 The PRIMARY advantage of single sign-on (SSO) is that it will:
A. increase efficiency of access management
B. increase the security of related applications.
C. strengthen user passwords.
D. support multiple authentication mechanisms.
Answer: A

NO.374 Which of the following is an information security manager's BEST course of action when a threat intelligence report
indicates a large number of ransomware attacks targeting the industry?
A. Increase the frequency of system backups.
B. Review the mitigating security controls.

C. Notify staff members of the threat.
D. Assess the risk to the organization.
Answer: D

NO.375 Which of the following will ensure confidentiality of content when accessing an email system over the Internet?
A. Multi-factor authentication
B. Digital encryption
C. Data masking
D. Digital signatures
Answer: B

NO.376 Reevaluation of risk is MOST critical when there is:
A. resistance to the implementation of mitigating controls.
B. a management request for updated security reports.
C. a change in security policy.
D. a change in the threat landscape.
Answer: D

NO.377 Which of the following should be the MOST important consideration of business continuity management?
A. Ensuring human safety
B. Identifying critical business processes
C. Ensuring the reliability of backup data
D. Securing critical information assets
Answer: A

NO.378 Relationships between critical systems are BEST understood by
A. evaluating key performance indicators (KPIs)
B. performing a business impact analysis (BIA)
C. developing a system classification scheme
D. evaluating the recovery time objectives (RTOs)
Answer: B

NO.379 An information security manager finds that a soon-to-be deployed online application will increase risk beyond
acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the
information security manager?
A. Instruct IT to deploy controls based on urgent business needs.
B. Present a business case for additional controls to senior management.
C. Solicit bids for compensating control products.
D. Recommend a different application.
Answer: B

NO.380 Reviewing which of the following would be MOST helpful when a new information security manager is developing an
information security strategy for a non-regulated organization?
A. Management's business goals and objectives
B. Strategies of other non-regulated companies
C. Risk assessment results
D. Industry best practices and control recommendations
Answer: A

NO.381 A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control
process. The information security manager's FIRST step in addressing the issue should be to:
A. require that the change be reversed
B. review the change management process
C. perform an analysis of the change
D. report the event to senior management
Answer: C

NO.382 Which of the following events would MOST likely require a revision to the information security program?
A. An increase in industry threat level .
B. A significant increase in reported incidents
C. A change in IT management
D. A merger with another organization
Answer: D

NO.383 Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?
A. Implement a data loss prevention (DLP) system
B. Disable all incoming cloud mail services
C. Conduct awareness training across the organization
D. Require acknowledgment of the acceptable use policy
Answer: C

NO.384 An organization needs to comply with new security incident response requirements. Which of the following should the
information security manager do FIRST?
A. Create a business case for a new incident response plan.
B. Revise the existing incident response plan.
C. Conduct a gap analysis.
D. Assess the impact to the budget
Answer: C

NO.385 Which of the following is the MOST effective way to prevent information security incidents?
A. Implementing a security information and event management (SIEM) tool
B. Implementing a security awareness training program for employees
C. Deploying a consistent incident response approach
D. Deploying intrusion detection tools in the network environment
Answer: B

NO.386 Which of the following sources is MOST useful when planning a business-aligned information security program?
A. Security risk register
B. Information security policy
C. Business impact analysis (BIA)
D. Enterprise architecture (EA)
Answer: C

NO.387 Which of the following should be given the HIGHEST priority during an information security post-incident review?
A. Documenting actions taken in sufficient detail
B. Updating key risk indicators (KRIs)
C. Evaluating the performance of incident response team members
D. Evaluating incident response effectiveness
Answer: D

NO.388 Which of the following service offerings in a typical Infrastructure as a Service (laaS) model will BEST enable a cloud
service provider to assist customers when recovering from a security incident?
A. Availability of web application firewall logs.
B. Capability of online virtual machine analysis
C. Availability of current infrastructure documentation
D. Capability to take a snapshot of virtual machines
Answer: D

NO.389 Which of the following BEST enables the integration of information security governance into corporate governance?
A. Well-decumented information security policies and standards
B. An information security steering committee with business representation
C. Clear lines of authority across the organization
D. Senior management approval of the information security strategy
Answer: B

NO.390 Reverse lookups can be used to prevent successful:
A. denial of service (DoS) attacks
B. session hacking
C. phishing attacks
D. Internet protocol (IP) spoofing
Answer: D

NO.391 Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a
ransomware incident?
A. Lack of encryption for backup data in transit
B. Undefined or undocumented backup retention policies
C. Ineffective alert configurations for backup operations
D. Unavailable or corrupt data backups
Answer: D

NO.392 The effectiveness of an information security governance framework will BEST be enhanced if:
A. consultants review the information security governance framework.
B. a culture of legal and regulatory compliance is promoted by management.
C. risk management is built into operational and strategic activities.
D. IS auditors are empowered to evaluate governance activities
Answer: B

NO.393 Which of the following is the MOST important issue in a penetration test?
A. Having an independent group perform the test
B. Obtaining permission from audit
C. Performing the test without the benefit of any insider knowledge
D. Having a defined goal as well as success and failure criteria
Answer: D

NO.394 Which of the following would be the GREATEST threat posed by a distributed denial of service (DDoS) attack on a
public-facing web server?
A. Execution of unauthorized commands
B. Prevention of authorized access
C. Defacement of website content
D. Unauthorized access to resources
Answer: B

NO.395 An information security manager determines there are a significant number of exceptions to a newly released
industry-required security standard. Which of the following should be done NEXT?
A. Document risk acceptances.
B. Revise the organization's security policy.
C. Assess the consequences of noncompliance.
D. Conduct an information security audit.
Answer: C

NO.396 Which of the following is MOST important when defining how an information security budget should be allocated?
A. Regulatory compliance standards
B. Information security strategy
C. Information security policy
D. Business impact assessment
Answer: B

NO.397 A common drawback of email software packages that provide native encryption of messages is that the encryption:
A. cannot encrypt attachments
B. cannot interoperate across product domains.
C. has an insufficient key length.
D. has no key-recovery mechanism.
Answer: B

NO.398 An incident management team leader sends out a notification that the organization has successfully recovered from a
cyberattack. Which of the following should be done NEXT?
A. Prepare an executive summary for senior management
B. Gather feedback on business impact
C. Conduct a meeting to capture lessons learned.
D. Secure and preserve digital evidence for analysis.
Answer: C

NO.399 Which of the following defines the triggers within a business continuity plan (BCP)?
A. Needs of the organization
B. Disaster recovery plan (DRP)
C. Information security policy
D. Gap analysis
Answer: B

NO.400 Which of the following should be the MOST important consideration when establishing information security policies for
an organization?
A. Job descriptions include requirements to read security policies.
B. The policies are updated annually.
C. Senior management supports the policies.
D. The policies are aligned to industry best practices.
Answer: C

NO.401 In violation of a policy prohibiting the use of cameras at the office, employees have been issued smartphones and
tablet computers with enabled web cameras. Which of the following should be the information security manager's FIRST
course of action?
A. Revise the policy.
B. Perform a root cause analysis.
C. Conduct a risk assessment,
D. Communicate the acceptable use policy.
Answer: C

NO.402 Management has announced the acquisition of a new company. The information security manager of the parent
company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the
two companies. To BEST address this concern, the information security manager should:
A. review access rights as the acquisition integration occurs.
B. perform a risk assessment of the access rights.
C. escalate concerns for conflicting access rights to management.
D. implement consistent access control standards.
Answer: B

NO.403 While responding to a high-profile security incident, an information security manager observed several deficiencies in
the current incident response plan. When would be the BEST time to update the plan?
A. While responding to the incident
B. During a tabletop exercise

C. During post-incident review
D. After a risk reassessment
Answer: C

NO.404 An organization is close to going live with the implementation of a cloud-based application. Independent penetration
test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to
proceed?
A. Implement the application and request the cloud service provider to fix the vulnerability.
B. Assess whether the vulnerability is within the organization's risk tolerance levels.
C. Commission further penetration tests to validate initial test results,
D. Postpone the implementation until the vulnerability has been fixed.
Answer: D

NO.405 Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program
meets the needs of the business?
A. Risk assessment program
B. Information security awareness training
C. Information security governance D. Information security metrics
Answer: C

NO.406 Which of the following is the BEST method for determining whether a firewall has been configured to provide a
comprehensive perimeter defense9
A. A validation of the current firewall rule set
B. A port scan of the firewall from an internal source
C. A ping test from an external source
D. A simulated denial of service (DoS) attack against the firewall
Answer: A
NO.407 Which of the following is the MOST important factor of a successful information security program?
A. The program follows industry best practices.
B. The program is based on a well-developed strategy.
C. The program is cost-efficient and within budget,
D. The program is focused on risk management.
Answer: D

NO.408 Which of the following is a desired outcome of information security governance?
A. Penetration test
B. Improved risk management
C. Business agility
D. A maturity model
Answer: B

NO.409 An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote
access security.
Which of the following should be given immediate focus?

A. Moving to a zero trust access model
B. Enabling network-level authentication
C. Enhancing cyber response capability
D. Strengthening endpoint security
Answer: D

NO.410 Which of the following should an information security manager do FIRST when a mandatory security standard hinders
the achievement of an identified business objective?
A. Revisit the business objective.
B. Escalate to senior management.
C. Perform a cost-benefit analysis.
D. Recommend risk acceptance.
Answer: B
NO.411 Measuring which of the following is the MOST accurate way to determine the alignment of an information security
strategy with organizational goals?
A. Number of blocked intrusion attempts
B. Number of business cases reviewed by senior management
C. Trends in the number of identified threats to the business
D. Percentage of controls integrated into business processes
Answer: D

NO.412 Which of the following is an information security manager's MOST important course of action when responding to a
major security incident that could disrupt the business?
A. Follow the escalation process.
B. Identify the indicators of compromise.
C. Notify law enforcement.
D. Contact forensic investigators.
Answer: B

NO.413 An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk
associated with critical system outages. Which type of control is being considered?
A. Preventive
B. Corrective
C. Detective
D. Deterrent
Answer: A

NO.414 An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk
landscape. The information security manager has been tasked with leading the IT risk management process. Which of the
following should be given the HIGHEST priority?
A. Identification of risk
B. Analysis of control gaps
C. Design of key risk indicators (KRIs)
D. Selection of risk treatment options
Answer: A

NO.415 The PRIMARY advantage of involving end users in continuity planning is that they:
A. have a better understanding of specific business needs.
B. are more objective than information security management.
C. can see the overall impact to the business.
D. can balance the technical and business risks.
Answer: A

NO.416 When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST
important objective should be:
A. strong encryption
B. regulatory compliance.
C. data availability.
D. security awareness training
Answer: B

NO.417 A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?
A. Review customers' security policies.
B. Conduct a risk assessment to determine security risks and mitigating controls.
C. Develop access control requirements for each system and application.
D. Design single sign-on (SSO) or federated access.
Answer: B