CISM TEXT (2) (dragged).pdf

Full Transcript

CISM TEXT

Certified Information Security Manager
ISACA
V24.35

NO.1 An organization's information security manager is performing a post-incident review of a security incident in which the
following events occurred:
After three hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail
Which of the following could have been prevented by conducting regular incident response testing?
A. Ignored alert messages
B. The server being compromised
C. The brute force attack
D. Stolen data
Answer: A
NO.2 An information security manager is reporting on open items from the risk register to senior management. Which of the
following is MOST important to communicate with regard to these risks?
A. Responsible entities
B. Key risk indicators (KRIS)
C. Compensating controls
D. Potential business impact
Answer: D

NO.3 The PRIMARY purpose for continuous monitoring of security controls is to ensure:
A. control gaps are minimized.
B. system availability.
C. effectiveness of controls.
D. alignment with compliance requirements.
Answer: C

NO.4 How does an incident response team BEST leverage the results of a business impact analysis (BIA)?
A. Assigning restoration priority during incidents
B. Determining total cost of ownership (TCO)
C. Evaluating vendors critical to business recovery
D. Calculating residual risk after the incident recovery phase
Answer: A

NO.5 Following a risk assessment, an organization has made the decision to adopt a bring your own device (BYOD) strategy.
What should the information security manager do NEXT?
A. Develop a personal device policy
B. Implement a mobile device management (MDM) solution
C. Develop training specific to BYOD awareness
D. Define control requirements
Answer: D

NO.6 To help ensure that an information security training program is MOST effective its contents should be
A. focused on information security policy.
B. aligned to business processes
C. based on employees' roles
D. based on recent incidents
Answer: C

NO.7 Which of the following processes BEST supports the evaluation of incident response effectiveness?
A. Root cause analysis
B. Post-incident review
C. Chain of custody
D. Incident logging
Answer: B

NO.8 Which of the following is the BEST option to lower the cost to implement application security controls?
A. Perform security tests in the development environment.
B. Integrate security activities within the development process
C. Perform a risk analysis after project completion.
D. Include standard application security requirements
Answer: B

NO.9 Which of the following is the PRIMARY responsibility of an information security manager in an organization that is
implementing the use of company-owned mobile devices in its operations?
A. Require remote wipe capabilities for devices.
B. Conduct security awareness training.
C. Review and update existing security policies.
D. Enforce passwords and data encryption on the devices.
Answer: C

NO.10 Which of the following metrics BEST measures the effectiveness of an organization's information security program?

A. Increase in risk assessments completed
B. Reduction in information security incidents
C. Return on information security investment
D. Number of information security business cases developed
Answer: C

NO.11 To overcome the perception that security is a hindrance to business activities, it is important for an information security
manager to:
A. rely on senior management to enforce security.
B. promote the relevance and contribution of security.
C. focus on compliance.
D. reiterate the necessity of security.
Answer: B

NO.12 Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
A. Updated security policies
B. Defined security standards
C. Threat intelligence
D. Regular antivirus updates
Answer: B

NO.13 When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision
should be MAINLY driven by:
A. best practices.
B. control framework
C. regulatory requirements.
D. cost-benefit analysis
Answer: C

NO.14 Which of the following BEST determines the allocation of resources during a security incident response?
A. Senior management commitment
B. A business continuity plan (BCP)
C. An established escalation process
D. Defined levels of severity
Answer: D

NO.15 Which of the following should an information security manager do FIRST when creating an organization's disaster
recovery plan (DRP)?
A. Conduct a business impact analysis (BIA)
B. Identify the response and recovery learns.
C. Review the communications plan.
D. Develop response and recovery strategies.
Answer: A

NO.16 Which of the following is the FIRST step to establishing an effective information security program?
A. Conduct a compliance review.
B. Assign accountability.
C. Perform a business impact analysis (BIA).
D. Create a business case.
Answer: D

NO.17 Which of the following would BEST justify continued investment in an information security program?
A. Reduction in residual risk
B. Security framework alignment
C. Speed of implementation
D. Industry peer benchmarking
Answer: A

NO.18 Which of the following has the GREATEST influence on an organization's information security strategy?
A. The organization's risk tolerance
B. The organizational structure
C. Industry security standards
D. Information security awareness
Answer: A

NO.19 Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the
information security program?
A. A capability and maturity assessment
B. Detailed analysis of security program KPIs
C. An information security dashboard
D. An information security risk register
Answer: C

NO.20 An anomaly-based intrusion detection system (IDS) operates by gathering data on:
A. normal network behavior and using it as a baseline lor measuring abnormal activity
B. abnormal network behavior and issuing instructions to the firewall to drop rogue connections
C. abnormal network behavior and using it as a baseline for measuring normal activity
D. attack pattern signatures from historical data
Answer: A

NO.21 If civil litigation is a goal for an organizational response to a security incident, the PRIMARY step should be to:
A. contact law enforcement.
B. document the chain of custody.
C. capture evidence using standard server-backup utilities.
D. reboot affected machines in a secure area to search for evidence.
Answer: B

NO.22 Which of the following is MOST effective in monitoring an organization's existing risk?
A. Periodic updates to risk register

B. Risk management dashboards
C. Security information and event management (SIEM) systems
D. Vulnerability assessment results
Answer: B

NO.23 What is the BEST way to reduce the impact of a successful ransomware attack? A. Perform frequent backups and
store them offline.
B. Purchase or renew cyber insurance policies.
C. Include provisions to pay ransoms ih the information security budget.
D. Monitor the network and provide alerts on intrusions.
Answer: A

NO.24 Which of the following BEST facilitates an information security manager's efforts to obtain senior management
commitment for an information security program?
A. Presenting evidence of inherent risk
B. Reporting the security maturity level
C. Presenting compliance requirements
D. Communicating the residual risk
Answer: C

NO.25 Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA)
process?
A. To facilitate a qualitative risk assessment following the BIA
B. To increase awareness of information security among key stakeholders
C. To ensure the stakeholders providing input own the related risk
D. To obtain input from as many relevant stakeholders as possible
Answer: C

NO.26 Which of the following would BEST enable the timely execution of an incident response plan?
A. The introduction of a decision support tool
B. Definition of trigger events
C. Clearly defined data classification process
D. Centralized service desk
Answer: B

NO.27 Which of the following change management procedures is MOST likely to cause concern to the information security
manager?
A. Fallback processes are tested the weekend before changes are made
B. Users are not notified of scheduled system changes
C. A manual rather than an automated process is used to compare program versions.
D. The development manager migrates programs into production

Answer: D

NO.28 Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?
A. The security strategy is promoted.
B. Fewer security incidents are reported.
C. Security behavior is improved.
D. More security incidents are detected.
Answer: C

NO.29 Which of the following documents should contain the INITIAL prioritization of recovery of services?
A. IT risk analysis
B. Threat assessment
C. Business impact analysis (BIA)
D. Business process map
Answer: C

NO.30 Which of the following is the GREATEST inherent risk when performing a disaster recovery plan (DRP) test?
A. Poor documentation of results and lessons learned
B. Lack of communication to affected users
C. Disruption to the production environment
D. Lack of coordination among departments
Answer: C

NO.31 Which of the following activities is designed to handle a control failure that leads to a breach?
A. Risk assessment
B. Incident management
C. Root cause analysis
D. Vulnerability management
Answer: B

NO.32 A finance department director has decided to outsource the organization's budget application and has identified
potential providers. Which of the following actions should be initiated FIRST by IN information security manager?
A. Determine the required security controls for the new solution
B. Review the disaster recovery plans (DRPs) of the providers
C. Obtain audit reports on the service providers' hosting environment
D. Align the roles of the organization's and the service providers' stats.
Answer: A

NO.33 Which of the following BEST enables the integration of information security governance into corporate governance?
A. Senior management approval of the information security strategy

B. An information security steering committee with business representation
C. Clear lines of authority across the organization
D. Well-decumented information security policies and standards
Answer: B

NO.34 Which of the following is the BEST course of action for an information security manager to align security and business
goals?
A. Conducting a business impact analysis (BIA)
B. Reviewing the business strategy
C. Defining key performance indicators (KPIs)
D. Actively engaging with stakeholders
Answer: D

NO.35 The MOST appropriate time to conduct a disaster recovery test would be after: A. major business processes have
been redesigned.
B. the business continuity plan (BCP) has been updated.
C. the security risk profile has been reviewed
D. noncompliance incidents have been filed.
Answer: A

NO.36 Which of the following is the GREATEST benefit of including incident classification criteria within an incident response
plan?
A. Ability to monitor and control incident management costs
B. More visibility to the impact of disruptions
C. Effective protection of information assets
D. Optimized allocation of recovery resources
Answer: D

NO.37 An organization has multiple data repositories across different departments. The information security manager has
been tasked with creating an enterprise strategy for protecting dat a. Which of the following information security initiatives
should be the HIGHEST priority for the organization?
A. Data masking
B. Data retention strategy
C. Data encryption standards
D. Data loss prevention (DLP)
Answer: C

NO.38 Which of the following is MOST useful to an information security manager when determining the need to escalate an
incident to senior?
A. Incident management procedures
B. Incident management policy
C. System risk assessment
D. Organizational risk register

Answer: D

NO.39 Which of the following would be MOST helpful to identify worst-case disruption scenarios?
A. Business impact analysis (BIA)
B. Business process analysis
C. SWOT analysis
D. Cast-benefit analysis
Answer: A

NO.40 A security incident has been reported within an organization. When should an inforrnation security manager contact the
information owner? After the:
A. incident has been confirmed.
B. incident has been contained.
C. potential incident has been logged.
D. incident has been mitigated.
Answer: A

NO.41 Meeting which of the following security objectives BEST ensures that information is protected against unauthorized
disclosure?
A. Integrity
B. Authenticity
C. Confidentiality
D. Nonrepudiation
Answer: C

NO.42 Which of the following is the MOST important factor in an organization's selection of a key risk indicator (KRI)?
A. Return on investment (ROI)
B. Compliance requirements
C. Target audience
D. Criticality of information
Answer: D

NO.43 Which of the following MUST be established to maintain an effective information security governance framework?
A. Security controls automation
B. Defined security metrics
C. Change management processes
D. Security policy provisions
Answer: D

NO.44 In order to understand an organization's security posture, it is MOST important for an organization's senior leadership
to:
A. evaluate results of the most recent incident response test.
B. review the number of reported security incidents.
C. ensure established security metrics are reported.
D. assess progress of risk mitigation efforts.
Answer: C

NO.45 The BEST way to identify the risk associated with a social engineering attack is to:
A. monitor the intrusion detection system (IDS),
B. review single sign-on (SSO) authentication lags.
C. test user knowledge of information security practices.
D. perform a business risk assessment of the email filtering system.
Answer: C

NO.46 A balanced scorecard MOST effectively enables information security:
A. project management
B. governance.
C. performance.
D. risk management.
Answer: B

NO.47 An online bank identifies a successful network attack in progress. The bank should FIRST: A. isolate the affected
network segment.
B. report the root cause to the board of directors.
C. assess whether personally identifiable information (Pll) is compromised.
D. shut down the entire network.
Answer: A
NO.48 Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an
information security program?
A. Security metrics
B. Security baselines
C. Security incident details
D. Security risk exposure
Answer: A

NO.49 Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory
compliance requirements can be met?
A. Embedding compliance requirements within operational processes
B. Engaging external experts to provide guidance on changes in compliance requirements
C. Performing periodic audits for compliance with legal and regulatory requirements
D. Assigning the operations manager accountability for meeting compliance requirements

Answer: A

NO.50 Which of the following BEST demonstrates the added value of an information security program?
A. Security baselines
B. A gap analysis
C. A SWOT analysis
D. A balanced scorecard
Answer: D

NO.51 Which of the following is the MOST important consideration when determining which type of failover site to employ?
A. Reciprocal agreements
B. Disaster recovery test results
C. Recovery time objectives (RTOs)
D. Data retention requirements
Answer: C

NO.52 Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?
A. Security risk assessments
B. Lessons learned analysis
C. Information security audits
D. Key performance indicators (KPIs)
Answer: B

NO.53 A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has
decided to take no further action related to this risk. The MO ST likely reason for this decision is
A. the risk assessment has not defined the likelihood of occurrence
B. the reported vulnerability has not been validated
C. executive management is not aware of the impact potential
D. the cost of implementing controls exceeds the potential financial losses.
Answer: D

NO.54 An organization has introduced a new bring your own device (BYOD) program. The security manager has determined
that a small number of employees are utilizing free cloud storage services to store company data through their mobile devices.
Which of the following is the MOST effective course of action?
A. Allow the practice to continue temporarily for monitoring purposes.
B. Disable the employees' remote access to company email and data
C. Initiate remote wipe of the devices
D. Assess the business need to provide a secure solution
Answer: D