• Home
  • Articles
  • Pass Exam Questions Efficiently With CISM Questions (2024) [Q172-Q197]

Pass Exam Questions Efficiently With CISM Questions (2024) [Q172-Q197]

Share

Pass Exam Questions Efficiently With CISM Questions (2024) 

CISM Questions - Truly Beneficial For Your ISACA Exam 


The CISM certification is widely recognized as a benchmark for excellence in the information security management profession. Certified Information Security Manager certification demonstrates that an individual has the knowledge and skills to develop and manage effective information security programs, and that they are committed to maintaining the highest standards of professionalism and ethics in their work.


The CISM certification is a highly respected certification in the field of information security management. It validates the skills and knowledge of professionals in the industry and provides a competitive edge. The CISM exam covers four domains and is designed to test the candidate's understanding of information security governance, risk management and compliance, information security program development and management, and information security incident management. Certified Information Security Manager certification is ideal for professionals who want to advance their careers in the field of information security management and take on leadership roles.

 

NEW QUESTION # 172
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

  • A. The methodology used must be consistent across the organization.
  • B. The methodology must be approved by the chief executive officer.
  • C. Risk assessments must be conducted by certified staff.
  • D. Risk assessments must be reviewed annually.

Answer: A


NEW QUESTION # 173
Which of the following would MOST likely require a business continuity plan to be invoked?

  • A. A hacker holding personally identifiable information hostage
  • B. A distributed denial of service attack on an e-mail server
  • C. An unauthorized visitor discovered in the data center
  • D. An epidemic preventing staff from performing job functions

Answer: B


NEW QUESTION # 174
Which of the following would be MOST useful when illustrating to senior management the status of a recently implemented information security governance framework?

  • A. Periodic testing results
  • B. A threat assessment
  • C. A risk assessment
  • D. A maturity model

Answer: A


NEW QUESTION # 175
The MOST important objective of security awareness training for business staff is to:

  • A. understand intrusion methods
  • B. increase compliance.
  • C. modify behavior
  • D. reduce negative audit findings

Answer: C


NEW QUESTION # 176
From an Information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often related to

  • A. encryption tools and personal data
  • B. website transactions and taxation.
  • C. lack of competition and free trade
  • D. software patches and corporate data

Answer: B


NEW QUESTION # 177
Which of the following features of a library control software package would protect against unauthorized updating of source code?

  • A. Release-to-release comparison of source code
  • B. Date and time stamping of source and object code
  • C. Required approvals at each life cycle step
  • D. Access controls for source libraries

Answer: D

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation/Reference:


NEW QUESTION # 178
Mitigating technology risks to acceptable levels should be based PRIMARILY upon:

  • A. business process reengineering.
  • B. business process requirement.
  • C. information security budget.
  • D. legal and regulatory requirements.

Answer: B


NEW QUESTION # 179
Who can BEST approve plans to implement an information security governance framework?

  • A. Internal auditor
  • B. Information security management
  • C. Steering committee
  • D. Infrastructure management

Answer: C

Explanation:
Explanation
Senior management that is part of the security steering committee is in the best position to approve plans to implement an information security governance framework. An internal auditor is secondary' to the authority and influence of senior management. Information security management should not have the authority to approve the security governance framework. Infrastructure management will not be in the best position since it focuses more on the technologies than on the business.


NEW QUESTION # 180
When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?

  • A. Cost of achieving control objectives
  • B. Number of controls
  • C. Effectiveness of controls
  • D. Test results of controls

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Comparison of cost of achievement of control objectives and corresponding value of assets sought to be protected would provide a sound basis for the information security manager to measure value delivery. Number of controls has no correlation with the value of assets unless the effectiveness of the controls and their cost are also evaluated. Effectiveness of controls has no correlation with the value of assets unless their costs are also evaluated. Test results of controls have no correlation with the value of assets unless the effectiveness of the controls and their cost are also evaluated.


NEW QUESTION # 181
Which of the following activities is used to determine the effect of a disruptive event?

  • A. Business impact analysis (BIA)
  • B. Maximum tolerable downtime assessment
  • C. Incident impact analysis
  • D. Recovery time objective (RTO) analysis

Answer: C

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation


NEW QUESTION # 182
Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of the new security governance framework?

  • A. Executive leadership becomes involved in decisions about information security governance.
  • B. Information security management does not fully accept the responsibility for information security governance.
  • C. Executive leadership views information security governance

Answer: C


NEW QUESTION # 183
An information security manager has been alerted to a possible incident involving a breach at one of the organization's vendors. Which of the following should be done FIRST?

  • A. Discontinue the relationship with the vendor.
  • B. Perform incident eradication.
  • C. Perform incident recovery.
  • D. Engage the incident response team.

Answer: D

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE


NEW QUESTION # 184
A PRIMARY purpose of creating security policies is to:

  • A. define allowable security boundaries.
  • B. implement management's governance strategy.
  • C. communicate management's security expectations.
  • D. establish the way security tasks should be executed.

Answer: D


NEW QUESTION # 185
Which of the following is the MOST important to ensure a successful recovery?

  • A. Recovery location is secure and accessible
  • B. Network alternate links are regularly tested
  • C. Backup media is stored offsite
  • D. More than one hot site is available

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Unless backup media are available, all other preparations become meaningless. Recovery site location and security are important, but would not prevent recovery in a disaster situation. Having a secondary hot site is also important, but not as important as having backup media available. Similarly, alternate data communication lines should be tested regularly and successfully but, again, this is not as critical.


NEW QUESTION # 186
An information security manager has identified multiple areas of compliance risk that could subject the organization to significant penalties regarding the handling of personal data. Which of the following is the manager s BEST course of action?

  • A. Seek human resources advice to make appropriate changes to the information security policy.
  • B. Immediately update the information security policy to address protection of personal data
  • C. Prioritize the risk and present it to senior management.
  • D. Implement information masking controls to hide personal data

Answer: C


NEW QUESTION # 187
Successful implementation of information security governance will FIRST require:

  • A. a computer incident management team.
  • B. updated security policies.
  • C. security awareness training.
  • D. a security architecture.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Updated security policies are required to align management objectives with security procedures; management objectives translate into policy, policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.


NEW QUESTION # 188
Which of the following would be MOST useful to help senior management understand the status of information security compliance?

  • A. Key performance indicators (KPIs)
  • B. Risk assessment results
  • C. Business impact analysis (BIA) results
  • D. Industry benchmarks

Answer: A

Explanation:
Section: INFORMATION SECURITY GOVERNANCE


NEW QUESTION # 189
Which of the following is the MOST important consideration when updating procedures for managing security devices?

  • A. Review and approval of procedures by management
  • B. Updates based on changes in risk, technology, and process
  • C. Notification to management of the procedural changes
  • D. Updates based on the organization's security framework

Answer: D


NEW QUESTION # 190
To implement effective continuous monitoring of IT controls, an information security manager needs to FIRST ensure:

  • A. information assets have been classified.
  • B. periodic scanning of IT systems is in place.
  • C. metrics are communicated to senior management.
  • D. security alerts are centralized.

Answer: A


NEW QUESTION # 191
Which of the following is the PRIMARY objective of an incident response plan?

  • A. To communicate escalation procedures
  • B. To minimize business disruption
  • C. To define roles and responsibilities
  • D. To establish appropriate service level agreements (SLAs)

Answer: B


NEW QUESTION # 192
The systems administrator did not immediately notify the security officer about a malicious attack. An information security manager could prevent this situation by:

  • A. establishing mandatory training of all personnel.
  • B. regularly testing the intrusion detection system (IDS).
  • C. periodically reviewing incident response procedures.
  • D. periodically testing the incident response plans.

Answer: D

Explanation:
Explanation
Security incident response plans should be tested to find any deficiencies and improve existing processes.
Testing the intrusion detection system (IDS) is a good practice but would not have prevented this situation. All personnel need to go through formal training to ensure that they understand the process, tools and methodology involved in handling security incidents. However, testing of the actual plans is more effective in ensuring the process works as intended. Reviewing the response procedures is not enough; the security response plan needs to be tested on a regular basis.


NEW QUESTION # 193
Which of the following needs to be established between an IT service provider and its clients to BEST enable adequate continuity of service in preparation for an outage?

  • A. Server maintenance plans
  • B. Data retention policies
  • C. Reciprocal site agreement
  • D. Recovery time objectives (RTOs)

Answer: D


NEW QUESTION # 194
Which of the following would be the MOST important goal of an information security governance program?

  • A. Effective involvement in business decision making
  • B. Ensuring trust in data
  • C. Total elimination of risk factors
  • D. Review of internal control mechanisms

Answer: B

Explanation:
The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance. Review of internal control mechanisms relates more to auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement in business decision making implies that security needs dictate business needs when, in fact, just the opposite is true. Involvement in decision making is important only to ensure business data integrity so that data can be trusted.


NEW QUESTION # 195
Which of the following is the PRIMARY responsibility of an information security governance committee?

  • A. Reviewing monthly information security metrics
  • B. Reviewing the information security risk register
  • C. Approving changes to the information security strategy
  • D. Discussing upcoming information security projects

Answer: C


NEW QUESTION # 196
The MAIN goal of an information security strategic plan is to:

  • A. establish security governance.
  • B. protect information assets and resources.
  • C. develop a risk assessment plan.
  • D. develop a data protection plan.

Answer: B

Explanation:
The main goal of an information security strategic plan is to protect information assets and resources. Developing a risk assessment plan and H data protection plan, and establishing security governance refer to tools utilized in the security strategic plan that achieve the protection of information assets and resources.


NEW QUESTION # 197
......


ISACA CISM (Certified Information Security Manager) Certification Exam is a globally recognized certification that validates the expertise of information security professionals in managing, designing, and assessing an organization's information security programs. The CISM certification is designed for professionals who are responsible for information security management, such as information security managers, information security officers, and IT security consultants. Certified Information Security Manager certification is issued by ISACA, a leading global professional association that provides knowledge, certifications, and community for information systems professionals.

 

Truly Beneficial For Your ISACA Exam: https://www.actualtestsit.com/ISACA/CISM-exam-prep-dumps.html

Download ISACA CISM Sample Questions: https://drive.google.com/open?id=12dbFT21tXS7UB9qrzPCbl97IzDt5PPEp

Related Articles

more
ISACA CISM Certification Practice Exam