ExamGecko
Home / Isaca / CISM / List of questions
Ask Question

Isaca CISM Practice Test - Questions Answers, Page 34

Add to Whishlist

List of questions

Question 331

Report Export Collapse

A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:

require that the change be reversed
require that the change be reversed
review the change management process
review the change management process
perform an analysis of the change
perform an analysis of the change
report the event to senior management
report the event to senior management
Suggested answer: C
Explanation:

Performing an analysis of the change is the first step in addressing the issue of an IT employee making a change to a firewall rule outside of the change control process because it helps to understand the reason, impact, and risk of the change and to decide whether to approve, reject, or reverse it. Requiring that the change be reversed is not the first step because it may cause more disruption or damage without proper analysis and testing. Reviewing the change management process is not the first step because it does not address the specific issue or incident at hand, but rather focuses on improving the process for future changes. Reporting the event to senior management is not the first step because it does not resolve the issue or incident, but rather escalates it without sufficient information or recommendation.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/change-management-in-the-age-of-digital-transformation https://www.isaca.org/resources/isaca-journal/issues/

asked 01/10/2024
tho nguyen
42 questions

Question 332

Report Export Collapse

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Security risk assessments
Security risk assessments
Lessons learned analysis
Lessons learned analysis
Information security audits
Information security audits
Key performance indicators (KPIs)
Key performance indicators (KPIs)
Suggested answer: B
Explanation:

Lessons learned analysis is the best way to enable an organization to enhance its incident response plan processes and procedures because it helps to identify the strengths and weaknesses of the current plan, capture the feedback and recommendations from the incident responders and stakeholders, and implement the necessary improvements and corrective actions for future incidents. Security risk assessments are not directly related to enhancing the incident response plan, but rather to identifying and evaluating the security risks and controls of the organization. Information security audits are not directly related to enhancing the incident response plan, but rather to verifying and validating the compliance and effectiveness of the security policies and standards of the organization. Key performance indicators (KPIs) are not directly related to enhancing the incident response plan, but rather to measuring and reporting the performance and progress of the security objectives and initiatives of the organization.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-5/incident-response-lessons-learned https://www.isaca.org/resources/isaca-journal/issues/2017/volume-1/security-risk-assessment-for-a-cloud-based-enterprise-resource-planning-system https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/how-to-measure-the-effectiveness-of-information-security-using-iso-27004 https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiveness-of-your-information-security-management-system

asked 01/10/2024
Richard Fedele
40 questions

Question 333

Report Export Collapse

For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:

consistent security.
consistent security.
comprehensive audits
comprehensive audits
a security-aware culture
a security-aware culture
compliance with policy
compliance with policy
Suggested answer: A
Explanation:

Consistent security is the primary reason for integrating the various assurance functions of an organization for the information security manager because it ensures that the security policies and standards are applied uniformly and effectively across different domains, processes, and systems of the organization. Comprehensive audits are not the primary reason for integrating the various assurance functions, but rather a possible outcome or benefit of doing so. A security-aware culture is not the primary reason for integrating the various assurance functions, but rather a desirable state or goal of the organization. Compliance with policy is not the primary reason for integrating the various assurance functions, but rather a basic requirement or expectation of the organization.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/integrating-assurance-functions https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiveness-of-your-information-security-management-system

asked 01/10/2024
brandon landaal
47 questions

Question 334

Report Export Collapse

Which of the following BEST facilitates effective strategic alignment of security initiatives?

The business strategy is periodically updated
The business strategy is periodically updated
Procedures and standards are approved by department heads.
Procedures and standards are approved by department heads.
Periodic security audits are conducted by a third-party.
Periodic security audits are conducted by a third-party.
Organizational units contribute to and agree on priorities
Organizational units contribute to and agree on priorities
Suggested answer: D
Explanation:

Organizational units contribute to and agree on priorities is the best way to facilitate effective strategic alignment of security initiatives because it ensures that the security initiatives are aligned with the business goals and objectives, supported by relevant stakeholders, and prioritized based on risk and value. The business strategy is periodically updated is not sufficient to facilitate effective strategic alignment of security initiatives because it does not involve collaboration or communication between different organizational units. Procedures and standards are approved by department heads is not sufficient to facilitate effective strategic alignment of security initiatives because it does not reflect the strategic direction or vision of the organization. Periodic security audits are conducted by a third-party is not sufficient to facilitate effective strategic alignment of security initiatives because it does not address the planning or implementation of security initiatives.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-2/how-to-align-security-initiatives-with-business-goals-and-objectives https://www.isaca.org/resources/isaca-journal/issues/2015/volume-1/how-to-measure-the-effectiveness-of-information-security-governance

asked 01/10/2024
Martin White
42 questions

Question 335

Report Export Collapse

Which of the following is MOST important for the effective implementation of an information security governance program?

Employees receive customized information security training
Employees receive customized information security training
The program budget is approved and monitored by senior management
The program budget is approved and monitored by senior management
The program goals are communicated and understood by the organization.
The program goals are communicated and understood by the organization.
Information security roles and responsibilities are documented.
Information security roles and responsibilities are documented.
Suggested answer: C
Explanation:

The program goals are communicated and understood by the organization is the most important factor for the effective implementation of an information security governance program because it ensures that the program is aligned with the business objectives and supported by the stakeholders. Employees receive customized information security training is not the most important factor, but rather a means to achieve the program goals and raise awareness among the staff. The program budget is approved and monitored by senior management is not the most important factor, but rather a resource to enable the program activities and measure its performance. Information security roles and responsibilities are documented is not the most important factor, but rather a way to define and assign the program tasks and accountabilities.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2015/volume-1/how-to-measure-the-effectiveness-of-information-security-governance https://www.isaca.org/resources/isaca-journal/issues/2016/volume-2/how-to-align-security-initiatives-with-business-goals-and-objectives

asked 01/10/2024
stefano nicoletti
41 questions

Question 336

Report Export Collapse

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

The information security manager
The information security manager
The service provider that hosts the data
The service provider that hosts the data
The incident response team
The incident response team
The business data owner
The business data owner
Suggested answer: D
Explanation:

The business data owner is accountable for data loss in the event of an information security incident at a third-party provider because they are ultimately responsible for the protection and use of their data, regardless of where it is stored or processed. The information security manager is not accountable for data loss at a third-party provider, but rather responsible for implementing and enforcing the security policies and standards that govern the relationship with the provider. The service provider that hosts the data is not accountable for data loss at their site, but rather liable for any breach of contract or service level agreement that may result from such an incident. The incident response team is not accountable for data loss at a third-party provider, but rather responsible for responding to and managing the incident according to the incident response plan.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-1/data-ownership-and-custodianship-in-the-cloud https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/incident-response-lessons-learned

asked 01/10/2024
Steve Daniels
46 questions

Question 337

Report Export Collapse

Senior management has expressed concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations Which of the following BEST indicates that the information security manager has tuned the system to address this concern?

Increasing false negatives
Increasing false negatives
Decreasing false negatives
Decreasing false negatives
Decreasing false positives
Decreasing false positives
Increasing false positives
Increasing false positives
Suggested answer: C
Explanation:

Decreasing false positives is the best indicator that the information security manager has tuned the system to address senior management's concern that the organization's intrusion prevention system (IPS) may repeatedly disrupt business operations. False positives are alerts generated by the IPS when it mistakenly blocks legitimate traffic or activity, causing disruption or downtime. Decreasing false positives means that the IPS has been configured to reduce such errors and minimize unnecessary interruptions. Increasing false negatives is not a good indicator because it means that the IPS has failed to detect or block malicious traffic or activity, increasing the risk of compromise or damage. Decreasing false negatives is not a good indicator because it does not affect business operations, but rather improves security detection or prevention. Increasing false positives is not a good indicator because it means that the IPS has increased its errors and interruptions, worsening senior management's concern.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/the-value-of-penetration-testing https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/security-scanning-versus-penetration-testing

asked 01/10/2024
Rodolfo Ponce
43 questions

Question 338

Report Export Collapse

Which of the following BEST describes a buffer overflow?

A function is carried out with more data than the function can handle
A function is carried out with more data than the function can handle
A program contains a hidden and unintended function that presents a security risk
A program contains a hidden and unintended function that presents a security risk
Malicious code designed to interfere with normal operations
Malicious code designed to interfere with normal operations
A type of covert channel that captures data
A type of covert channel that captures data
Suggested answer: A
Explanation:

A buffer overflow is a software coding error or vulnerability that occurs when a function is carried out with more data than the function can handle, resulting in adjacent memory locations being overwritten or corrupted by the excess data1.A program contains a hidden and unintended function that presents a security risk is not a buffer overflow, but rather a backdoor2.Malicious code designed to interfere with normal operations is not a buffer overflow, but rather malware3.A type of covert channel that captures data is not a buffer overflow, but rather a keylogger.

Reference:1https://www.fortinet.com/resources/cyberglossary/buffer-overflow2https://www.fortinet.com/resources/cyberglossary/backdoor3https://www.fortinet.com/resources/cyberglossary/malware https://www.fortinet.com/resources/cyberglossary/keylogger

asked 01/10/2024
Steven Reyes
42 questions

Question 339

Report Export Collapse

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense9

A validation of the current firewall rule set
A validation of the current firewall rule set
A port scan of the firewall from an internal source
A port scan of the firewall from an internal source
A ping test from an external source
A ping test from an external source
A simulated denial of service (DoS) attack against the firewall
A simulated denial of service (DoS) attack against the firewall
Suggested answer: A
Explanation:

A validation of the current firewall rule set is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense because it verifies that the firewall rules are consistent, accurate, and effective in allowing or blocking traffic according to the security policies and standards of the organization. A port scan of the firewall from an internal source is not a good method because it does not test the firewall's behavior from an external perspective, which is more relevant for perimeter defense. A ping test from an external source is not a good method because it only tests the firewall's availability and responsiveness, not its security or functionality. A simulated denial of service (DoS) attack against the firewall is not a good method because it only tests the firewall's resilience and performance under high traffic load, not its security or functionality.

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/technical-security-standards-for-information-systems https://www.isaca.org/resources/isaca-journal/issues/2017/volume-2/the-value-of-penetration-testing https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/security-scanning-versus-penetration-testing

asked 01/10/2024
Gabriel Pereira Dias
41 questions

Question 340

Report Export Collapse

Which of the following BEST enables an organization to maintain legally admissible evidence7

Documented processes around forensic records retention
Documented processes around forensic records retention
Robust legal framework with notes of legal actions
Robust legal framework with notes of legal actions
Chain of custody forms with points of contact
Chain of custody forms with points of contact
Forensic personnel training that includes technical actions
Forensic personnel training that includes technical actions
Suggested answer: C
Explanation:

Chain of custody forms with points of contact are the best way to enable an organization to maintain legally admissible evidence because they document the sequence of control, transfer, and analysis of the evidence, and every person who handled it, the dates and times, and the purpose for each action1.They also ensure the authenticity and integrity of the evidence, and prevent tampering or loss1. Documented processes around forensic records retention are not sufficient to maintain legally admissible evidence because they do not track or verify the handling of the evidence. Robust legal framework with notes of legal actions are not sufficient to maintain legally admissible evidence because they do not record or validate the preservation of the evidence.Forensic personnel training that includes technical actions are not sufficient to maintain legally admissible evidence because they do not account or certify the custody of the evidence.

Reference:1https://www.researchgate.net/publication/326079761_Digital_Chain_of_Custody

asked 01/10/2024
bryan calderon
42 questions
Total 801 questions
Go to page: of 81