The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

Report findings to key stakeholders.

Recommend additional network segmentation.

Seek an independent opinion to confirm the findings.

Determine alignment with existing regulations.

Report findings to key stakeholders.

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

Ensure a plan with milestones is developed.

Implement a distributed denial of service (DDoS) control.

Engage the incident response team.

Define new key performance indicators (KPIs).

The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

realigns information security objectives to organizational strategy.

relates the investment to the organization's strategic plan.

translates information security policies and standards into business requirements.

articulates management's intent and information security directives in clear language.

realigns information security objectives to organizational strategy.

Which of the following presents the GREATEST challenge to a large multinational organization using an automated identity and access management (1AM) system?

Inaccurate workforce data from human resources (HR)

Staff turnover rates that significantly exceed industry averages

Large number of applications in the organization

Inaccurate workforce data from human resources (HR)

Frequent changes to user roles during employment

When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?

Ensure the incident response policy allows hiring a forensics firm.

Purchase forensic standard operating procedures.

Provide forensics training to the information security team.

Ensure the incident response policy allows hiring a forensics firm.

Retain a forensics firm prior to experiencing an incident.

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

The vendor's proposal aligns with the objectives of the organization.

The vendor's proposal allows for contract modification during technology refresh cycles.

The vendor's proposal aligns with the objectives of the organization.

The vendor's proposal requires the provider to have a business continuity plan (BCP).

The vendor's proposal allows for escrow in the event the third party goes out of business.

A software vendor has announced a zero-day vulnerability that exposes an organization's critical business systems. The vendor has released an emergency patch. Which of the following should be the information security managers PRIMARY concern?

Availability of resources to implement controls

Ability to test the patch prior to deployment

Documentation of patching procedures

Adequacy of the incident response plan

Availability of resources to implement controls

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

Create an information security steering committee.

Implement an information security awareness training program.

Create an information security steering committee.

A business unit recently integrated the organization's new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager's BEST course of action to address this situation?

Continue to enforce the policy.

Conduct a business impact analysis (BIA).

When building support for an information security program, which of the following elements is MOST important?

Identification of existing vulnerabilities

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator (DBA), and application administrator What is the manager's BEST course of action?

Implement monitoring of IT administrator activities.

Automate user provisioning activities.

Maintain strict control over user provisioning activities.

Formally document IT administrator activities.

Implement monitoring of IT administrator activities.

Which of the following is the BEST indicator of an emerging incident?

Customer complaints about lack of website availability

A weakness identified within an organization's information systems

Customer complaints about lack of website availability

A recent security incident at an industry competitor

Attempted patching of systems resulting in errors

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Availability of potential resources

To help users apply appropriate controls related to data privacy regulation, what is MOST important to communicate to the users?

Features of data protection products

Which of the following is the MOST effective way to address an organizations security concerns during contract negotiations with a third party?

Ensure security is involved in the procurement process.

Review the third-party contract with the organization's legal department.

Conduct an information security audit on the third-party vendor.

Communicate security policy with the third-party vendor.

A multinational organization is introducing a security governance framework. The information security manager's concern is that regional security practices differ. Which of the following should be evaluated FIRST?

Training requirements of the framework

A data loss prevention (DLP) tool has flagged personally identifiable information (Pll) during transmission. Which of the following should the information security manager do FIRST?

Validate the scope and impact with the business process owner.

Initiate the incident response plan.

Review and validate the rules within the DLP system.

Escalate the issue to senior management.

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

To determine the desired state of enterprise security

To ensure industry best practices for enterprise security are followed

To establish the minimum level of controls needed

To determine the desired state of enterprise security

To satisfy auditors' recommendations for enterprise security

Which of the following is the PRIMARY reason for executive management to be involved in establishing an enterprise's security management framework?

To determine the desired state of enterprise security

To ensure industry best practices for enterprise security are followed

To establish the minimum level of controls needed

To determine the desired state of enterprise security

To satisfy auditors' recommendations for enterprise security

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Evaluate the impact to the business.

Notify the regulatory agency of the incident.

Evaluate the impact to the business.

Examine firewall logs to identify the attacker.

After logging in to a web application, additional authentication is checked at various application points. Which of the following is the PRIMARY reason for such an approach?

To ensure access rights meet classification requirements

To facilitate the analysis of application logs

To ensure web application availability

To support strong two-factor authentication protocols

Which of the following is a function of the information security steering committee?

Align security strategy with business objectives.

Deliver external communication during incident response.

Align the security framework with security standards.

Align security strategy with business objectives.

Monitor regulatory requirements.

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Review the current risk assessment.

Conduct ransomware awareness training for all staff.

Update indicators of compromise in the security systems.

Review the current risk assessment.

Which of the following metrics would BEST demonstrate the success of a newly implemented information security framework?

An increase in the number of compliant business processes

An increase in the number of identified security incidents

A decrease in the number of security audit findings

A decrease in the number of security policy exceptions

An increase in the number of compliant business processes

Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?

Understanding the impact on existing resources

Assessing how peer organizations using the same technologies have been impacted

Understanding the impact on existing resources

Reviewing vendor contracts and service level agreements (SLAs)

Developing training for end users to familiarize them with the new technology

An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?

Information security threat profile

Information security objectives

An organization's research department plans to apply machine learning algorithms on a large data set containing customer names and purchase history. The risk of personal data leakage is considered high impact. Which of the following is the BEST risk treatment option in this situation?

Mitigate the risk by applying anonymization on the data set.

Accept the risk, as the benefits exceed the potential consequences.

Mitigate the risk by applying anonymization on the data set.

Transfer the risk by purchasing insurance.

Mitigate the risk by encrypting the customer names in the data set.

The PRIMARY purpose of implementing information security governance metrics is to:

guide security towards the desired state.

measure alignment with best practices.

assess operational and program metrics.

guide security towards the desired state.

Which of the following is the MOST effective way to detect information security incidents?

Real-time monitoring of network activity

Implementation of regular security awareness programs

Periodic analysis of security event log records

Threshold settings on key risk indicators (KRIs)

Real-time monitoring of network activity

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

the integrity of evidence is preserved.

forensic investigation software is loaded on the server.

the incident is reported to senior management.

the server is unplugged from power.

Isaca CISM Practice Test 18 - Free Online Exam Prep & Questions

Which of the following should an information security manager do FIRST upon confirming a privileged user's unauthorized modifications to a security application?

Become a Premium Member for full access

Unlock Premium Member

Isaca CISM Practice Test 18

Question

Isaca CISM Practice Tests

Practice Tests