ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 44

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
What should an information security manager verify FIRST when reviewing an information asset management program?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Question 431

Report
Export
Collapse

The effectiveness of an incident response team will be GREATEST when:

A.
the incident response team meets on a regular basis to review log files.
A.
the incident response team meets on a regular basis to review log files.
Answers
B.
the incident response team members are trained security personnel.
B.
the incident response team members are trained security personnel.
Answers
C.
the incident response process is updated based on lessons learned.
C.
the incident response process is updated based on lessons learned.
Answers
D.
incidents are identified using a security information and event monitoring {SIEM) system.
D.
incidents are identified using a security information and event monitoring {SIEM) system.
Answers
Suggested answer: C

Question 432

Report
Export
Collapse

When determining an acceptable risk level which of the following is the MOST important consideration?

A.
Threat profiles
A.
Threat profiles
Answers
B.
System criticalities
B.
System criticalities
Answers
C.
Vulnerability scores
C.
Vulnerability scores
Answers
D.
Risk matrices
D.
Risk matrices
Answers
Suggested answer: C

Explanation:

The effectiveness of an incident response team will be greatest when the incident response process is updated based on lessons learned. This ensures that the team can continuously improve its performance and capabilities, and address any gaps or weaknesses identified during previous incidents. Updating the incident response process based on lessons learned also helps to align the process with the changing business and security environment, and to incorporate best practices and standards. Meeting on a regular basis to review log files, having trained security personnel as team members, and using a security information and event monitoring (SIEM) system are all important factors for an incident response team, but they are not sufficient to ensure the effectiveness of the team. Reviewing log files may help to detect and analyze incidents, but it does not guarantee that the team can respond appropriately and efficiently. Having trained security personnel may enhance the skills and knowledge of the team, but it does not ensure that the team can work collaboratively and communicate effectively.Using a SIEM system may facilitate the identification and prioritization of incidents, but it does not ensure that the team can follow the established procedures and protocols.Reference= CISM Review Manual, 16th Edition, page 1361; CISM Review Questions, Answers & Explanations Manual, 10th Edition, page 1492

Question 433

Report
Export
Collapse

Which of the following has the GREATEST impact on efforts to improve an organization's security posture?

A.
Regular reporting to senior management
A.
Regular reporting to senior management
Answers
B.
Supportive tone at the top regarding security
B.
Supportive tone at the top regarding security
Answers
C.
Automation of security controls
C.
Automation of security controls
Answers
D.
Well-documented security policies and procedures
D.
Well-documented security policies and procedures
Answers
Suggested answer: B

Explanation:

The supportive tone at the top regarding security is the greatest impact on efforts to improve an organization's security posture. This means that senior management should demonstrate their commitment and leadership to information security by setting clear goals, allocating adequate resources, communicating effectively, and rewarding good practices.A supportive tone at the top can also influence the culture and behavior of the organization, as well as foster trust and collaboration among stakeholders12.Reference= CISM Review Manual 15th Edition, page 1261; CISM Item Development Guide, page 82

Question 434

Report
Export
Collapse

Which of the following is the MOST effective way to detect security incidents?

A.
Analyze recent security risk assessments.
A.
Analyze recent security risk assessments.
Answers
B.
Analyze security anomalies.
B.
Analyze security anomalies.
Answers
C.
Analyze penetration test results.
C.
Analyze penetration test results.
Answers
D.
Analyze vulnerability assessments.
D.
Analyze vulnerability assessments.
Answers
Suggested answer: B

Explanation:

Analyzing security anomalies is the most effective way to detect security incidents, as it involves comparing the current state of the information system and network with the expected or normal state, and identifying any deviations or irregularities that may indicate a security breach or compromise. Security anomalies can be detected by using various tools and techniques, such as security information and event management (SIEM) systems, intrusion detection and prevention systems (IDS/IPS), log analysis, network traffic analysis, and behavioral analysis. (From CISM Review Manual 15th Edition)

Question 435

Report
Export
Collapse

Which of the following will BEST enable an effective information asset classification process?

A.
Including security requirements in the classification process
A.
Including security requirements in the classification process
Answers
B.
Analyzing audit findings
B.
Analyzing audit findings
Answers
C.
Reviewing the recovery time objective (RTO) requirements of the asset
C.
Reviewing the recovery time objective (RTO) requirements of the asset
Answers
D.
Assigning ownership
D.
Assigning ownership
Answers
Suggested answer: D

Explanation:

Assigning ownership is the best way to enable an effective information asset classification process, as it establishes the authority and responsibility for the information asset and its protection. The owner of the information asset should be involved in the classification process, as they have the best knowledge of the value, sensitivity, and criticality of the asset, as well as the impact of its loss or compromise. The owner should also ensure that the asset is properly labeled, handled, and secured according to its classification level. (From CISM Review Manual 15th Edition)

Question 436

Report
Export
Collapse

Which of the following components of an information security risk assessment is MOST valuable to senior management?

A.
Threat profile
A.
Threat profile
Answers
B.
Residual risk
B.
Residual risk
Answers
C.
Return on investment (ROI)
C.
Return on investment (ROI)
Answers
D.
Mitigation actions
D.
Mitigation actions
Answers
Suggested answer: B

Explanation:

Residual risk is the risk that remains after implementing risk mitigation actions.It is the most valuable component for senior management because it helps them to evaluate the effectiveness and efficiency of risk management and make informed decisions about risk acceptance, transfer or avoidance.Reference= CISM Review Manual, 16th Edition, Chapter 2, Section 2.3.41

Question 437

Report
Export
Collapse

Application data integrity risk is MOST directly addressed by a design that includes:

A.
reconciliation routines such as checksums, hash totals, and record counts.
A.
reconciliation routines such as checksums, hash totals, and record counts.
Answers
B.
strict application of an authorized data dictionary.
B.
strict application of an authorized data dictionary.
Answers
C.
application log requirements such as field-level audit trails and user activity logs.
C.
application log requirements such as field-level audit trails and user activity logs.
Answers
D.
access control technologies such as role-based entitlements.
D.
access control technologies such as role-based entitlements.
Answers
Suggested answer: A

Explanation:

Reconciliation routines are methods to verify the integrity of data by comparing the input and output of a process or a system. They can detect errors, omissions, duplications or unauthorized modifications of data.They are more directly related to data integrity than the other options, which are more concerned with data definition, logging or access control.Reference= CISM Review Manual, 16th Edition, Chapter 3, Section 3.4.21

Question 438

Report
Export
Collapse

When drafting the corporate privacy statement for a public website, which of the following MUST be included?

A.
Limited liability clause
A.
Limited liability clause
Answers
B.
Explanation of information usage
B.
Explanation of information usage
Answers
C.
Information encryption requirements
C.
Information encryption requirements
Answers
D.
Access control requirements
D.
Access control requirements
Answers
Suggested answer: B

Explanation:

A privacy statement should inform the users of the website how their personal information will be collected, used, shared, and protected by the organization.Reference= CISM Review Manual, 16th Edition, Chapter 4, Section 4.2.1.11

Question 439

Report
Export
Collapse

For which of the following is it MOST important that system administrators be restricted to read-only access?

A.
User access log files
A.
User access log files
Answers
B.
Administrator user profiles
B.
Administrator user profiles
Answers
C.
Administrator log files
C.
Administrator log files
Answers
D.
System logging options
D.
System logging options
Answers
Suggested answer: A

Explanation:

User access log files contain records of user activities and actions on the system, which can be used for auditing, monitoring, and investigating purposes.System administrators should not be able to modify or delete these files to ensure their integrity and availability.Reference= CISM Review Manual, 16th Edition, Chapter 3, Section 3.3.2.11

Question 440

Report
Export
Collapse

Which of the following BEST enables an organization to maintain an appropriate security control environment?

A.
Alignment to an industry security framework
A.
Alignment to an industry security framework
Answers
B.
Budgetary support for security
B.
Budgetary support for security
Answers
C.
Periodic employee security training
C.
Periodic employee security training
Answers
D.
Monitoring of the threat landscape
D.
Monitoring of the threat landscape
Answers
Suggested answer: A

Explanation:

Alignment to an industry security framework ensures that the organization adopts best practices and standards for security control implementation and maintenance.Reference= CISM Review Manual, 16th Edition, Domain 1: Information Security Governance, Chapter 1: Establish and Maintain an Information Security Strategy, Section: Information Security Frameworks

Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms