• Home
  • Blogs
  • ISACA CISM Real Exam Questions Test Engine Dumps Training With 417 Questions [Q201-Q225]

ISACA CISM Real Exam Questions Test Engine Dumps Training With 417 Questions [Q201-Q225]

Share

ISACA CISM Real Exam Questions Test Engine Dumps Training With 417 Questions

CISM Actual Questions Answers PDF 100% Cover Real Exam Questions

NEW QUESTION # 201
An information security manager is evaluating the key risk indicators (KRls) for an organization s information security program. Which of the following would be the information security manager s GREATEST concern?

  • A. Undefined thresholds to trigger alerts
  • B. Use of qualitative measures
  • C. Lack of formal KRI approval from IT management
  • D. Multiple KRls for a single control process

Answer: A


NEW QUESTION # 202
Which of the following is the PRIMARY purpose of establishing an information security governance framework?

  • A. To minimize security risks
  • B. To proactively address security objectives
  • C. To enhance business continuity planning
  • D. To reduce security audit issues

Answer: B


NEW QUESTION # 203
What of the following is MOST important to include in an information security policy?

  • A. Best practices
  • B. Baselines
  • C. Maturity levels
  • D. Management objectives

Answer: D

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 204
The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:

  • A. verify the decision with the business units.
  • B. request an audit review.
  • C. check the system's risk analysis.
  • D. recommend update after post implementation review.

Answer: A

Explanation:
Verifying the decision with the business units is the correct answer because it is not the IT function's responsibility to decide whether a new application modifies business processes Choice B does not consider the change in the applications. Choices C and D delay the update.


NEW QUESTION # 205
Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?

  • A. Ability to manage a diverse group of individuals and resources across an organization
  • B. Knowledge of information technology platforms, networks and development methodologies
  • C. Knowledge of the regulatory environment and project management techniques
  • D. Ability to understand and map organizational needs to security technologies

Answer: D

Explanation:
Information security will be properly aligned with the goals of the business only with the ability to understand and map organizational needs to enable security technologies. All of the other choices are important but secondary to meeting business security needs.


NEW QUESTION # 206
An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST?

  • A. Application owners
  • B. Security operations team
  • C. Data owners
  • D. Communications department

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 207
A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:

  • A. when multiple sessions with the same application ID collide, the database locks up.
  • B. the database becomes unavailable if the password of the application ID expires.
  • C. an incident involving unauthorized access to data cannot be tied to a specific user.
  • D. users can gain direct access to the application ID and circumvent data controls.

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 208
Which of the following is generally considered a fundamental component of an information security program?

  • A. Intrusion prevention systems (IPSs)
  • B. Security awareness training
  • C. Automated access provisioning
  • D. Role-based access control systems

Answer: B

Explanation:
Explanation
Without security awareness training, many components of the security program may not be effectively implemented. The other options may or may not be necessary, but are discretionary.


NEW QUESTION # 209
Which of the following presents the GREATEST exposure to internal attack on a network?

  • A. User passwords are not automatically expired
  • B. All network traffic goes through a single switch
  • C. User passwords are encoded but not encrypted
  • D. All users reside on a single internal subnet

Answer: C

Explanation:
Explanation/Reference:
Explanation:
When passwords are sent over the internal network in an encoded format, they can easily be converted to clear text. All passwords should be encrypted to provide adequate security. Not automatically expiring user passwords does create an exposure, but not as great as having unencrypted passwords. Using a single switch or subnet does not present a significant exposure.


NEW QUESTION # 210
Which of the following is an example of a corrective control?

  • A. Diverting incoming traffic upon responding to the denial of service (DoS) attack
  • B. Examining inbound network traffic for viruses
  • C. Filtering network traffic before entering an internal network from outside
  • D. Logging inbound network traffic

Answer: A

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation
Explanation:
Diverting incoming traffic corrects the situation and, therefore, is a corrective control. Choice B is a preventive control. Choices C and D are detective controls.


NEW QUESTION # 211
Which of the following should be done FIRST when implementing a security program?

  • A. Create an information asset inventory.
  • B. Determine the value of information assets.
  • C. Perform a risk analysis
  • D. Implement data encryption.

Answer: C

Explanation:
Performing a risk analysis is the first step when implementing a security program because it helps to identify and prioritize the potential threats and vulnerabilities that may affect the organization's assets, processes, or objectives, and determine their impact and likelihood. Implementing data encryption is not the first step, but rather a possible subsequent step that involves applying a specific security control or technique to protect data from unauthorized access or modification. Creating an information asset inventory is not the first step, but rather a possible subsequent step that involves identifying and classifying the organization's assets based on their value and sensitivity. Determining the value of information assets is not the first step, but rather a possible subsequent step that involves estimating and quantifying the worth of information assets to the organization. Reference: https://www.isaca.org/resources/isaca-journal/issues/2015/volume-6/measuring-the-value-of-information-security-investments https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiveness-of-your-information-security-management-system


NEW QUESTION # 212
An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to:

  • A. immediately advise senior management of the elevated risk.
  • B. increase monitoring activities to provide early detection of intrusion.
  • C. initiate awareness training to counter social engineering.
  • D. perform a comprehensive assessment of the organization's exposure to the hacker's techniques.

Answer: A

Explanation:
Information about possible significant new risks from credible sources should be provided to management along with advice on steps that need to be taken to counter the threat. The security manager should assess the risk, but senior management should be immediately advised. It may be prudent to initiate an awareness campaign subsequent to sounding the alarm if awareness training is not current. Monitoring activities should also be increased.


NEW QUESTION # 213
The PRIMARY reason for using information security metrics is to:

  • A. achieve senior management commitment.
  • B. ensure alignment with corporate requirements.
  • C. monitor the effectiveness of controls.
  • D. adhere to legal and regulatory requirements.

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 214
The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization Which of the following should be done FIRST?

  • A. Re-evaluate the risk
  • B. Implement compensating controls
  • C. Ask the business owner for the new remediation plan
  • D. Inform senior management

Answer: A

Explanation:
The first step when a new vulnerability is identified is to re-evaluate the risk associated with the vulnerability. This may require an update to the risk assessment and the implementation of additional controls. Informing senior management of the vulnerability is important, but should not be the first step. Implementing compensating controls may also be necessary, but again, should not be the first step. Asking the business owner for a remediation plan may be useful, but only after the risk has been re-evaluated.
The information security manager should first re-evaluate the risk posed by the new vulnerability to determine its impact and likelihood. Based on this assessment, appropriate actions can be taken such as informing senior management, implementing compensating controls, or requesting a remediation plan from the business owner. The other choices are possible actions but not necessarily the first one.
A vulnerability is a weakness that can be exploited by an attacker to compromise a system or network2. A vulnerability can affect key data processing systems within an organization if it exposes sensitive information, disrupts business operations, or damages assets2. A vulnerability assessment is a process of identifying and evaluating vulnerabilities and their potential consequences2


NEW QUESTION # 215
When developing a classification method for incidents, the categories MUST be:

  • A. regularly reviewed.
  • B. quantitatively defined.
  • C. assigned to incident handlers.
  • D. specific to situations.

Answer: B


NEW QUESTION # 216
Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:

  • A. are compatible with the provider's own classification.
  • B. are communicated to the provider.
  • C. are stated in the contract.
  • D. exceed those of the outsourcer.

Answer: C

Explanation:
The most effective mechanism to ensure that the organization's security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.


NEW QUESTION # 217
Which of the following is the BEST way for an organization to determine the maturity level of its information security program?

  • A. Track the trending of information security incidents.
  • B. Benchmark the information security policy against industry standards.
  • C. Review the results of information security awareness testing
  • D. Validate the effectiveness of implemented security controls.

Answer: D


NEW QUESTION # 218
A security manager meeting the requirements for the international flow of personal data will need to ensure:

  • A. subject access procedures.
  • B. a data protection registration.
  • C. the agreement of the data subjects.
  • D. a data processing agreement.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Whenever personal data are transferred across national boundaries, the awareness and agreement of the data subjects are required. Choices A, B and D are supplementary data protection requirements that are not key for international data transfer.


NEW QUESTION # 219
Which of the following is MOST important to the success of an information security program?

  • A. Senior management sponsorship
  • B. Adequate start-up budget and staffing
  • C. Achievable goals and objectives
  • D. Security' awareness training

Answer: A

Explanation:
Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Sufficient senior management support is the most important factor for the success of an information security program. Security awareness training, although important, is secondary. Achievable goals and objectives as well as having adequate budgeting and staffing are important factors, but they will not ensure success if senior management support is not present.


NEW QUESTION # 220
An organization's information security manager has been asked to hire a consultant to help assess the maturity level of the organization's information security management. The MOST important element of the request for proposal (RI P) is the:

  • A. sample deliverable.
  • B. past experience of the engagement team.
  • C. references from other organizations.
  • D. methodology used in the assessment.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Methodology illustrates the process and formulates the basis to align expectations and the execution of the assessment. This also provides a picture of what is required of all parties involved in the assessment.
References from other organizations are important, but not as important as the methodology used in the assessment. Past experience of the engagement team is not as important as the methodology used.
Sample deliverables only tell how the assessment is presented, not the process.


NEW QUESTION # 221
What would be the MOST significant security risks when using wireless local area network (LAN) technology?

  • A. Man-in-the-middle attack
  • B. Rogue access point
  • C. Session hijacking
  • D. Spoofing of data packets

Answer: B

Explanation:
A rogue access point masquerades as a legitimate access point The risk is that legitimate users may connect through this access point and have their traffic monitored. All other choices are not dependent on the use of a wireless local area network (LAN) technology.


NEW QUESTION # 222
Which of the following has the MOST influence on the inherent risk of an information asset?

  • A. Business criticality
  • B. Risk tolerance
  • C. Net present value (NPV)
  • D. Return on investment (ROI)

Answer: A

Explanation:
Business criticality is the degree to which an asset is essential to the success of the business and the extent to which its loss or compromise could have a significant impact on the business. Business criticality is one of the main factors that help to determine the inherent risk of an asset, as assets that are more critical to the business tend to have a higher inherent risk.


NEW QUESTION # 223
An unauthorized user gained access to a merchant's database server and customer credit card information.
Which of the following would be the FIRST step to preserve and protect unauthorized intrusion activities?

  • A. Isolate the server from the network.
  • B. Duplicate the hard disk of the server immediately.
  • C. Copy the database log file to a protected server.
  • D. Shut down and power off the server.

Answer: A

Explanation:
Explanation
Isolating the server will prevent further intrusions and protect evidence of intrusion activities left in memory and on the hard drive. Some intrusion activities left in virtual memory may be lost if the system is shut down.
Duplicating the hard disk will only preserve the evidence on the hard disk, not the evidence in virtual memory, and will not prevent further unauthorized access attempts. Copying the database log file to a protected server will not provide sufficient evidence should the organization choose to pursue legal recourse.


NEW QUESTION # 224
An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?

  • A. Perform regular audits on the implementation of critical patches.
  • B. Assess the patch management process
  • C. Evaluate patch management training.
  • D. Monitor and notify IT staff of critical patches

Answer: A


NEW QUESTION # 225
......

TestKingsIT CISM Exam Practice Test Questions: https://exampasspdf.testkingit.com/ISACA/latest-CISM-exam-dumps.html

Related Blogs

more
ISACA CISM Certification Practice Exam