ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 79

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 781

Report
Export
Collapse

Which of the following is MOST important for an information security manager to consider when determining whether data should be stored?

A.
Data protection regulations
A.
Data protection regulations
Answers
B.
Data storage limitations
B.
Data storage limitations
Answers
C.
Business requirements
C.
Business requirements
Answers
D.
Type and nature of data
D.
Type and nature of data
Answers
Suggested answer: C

Question 782

Report
Export
Collapse

Which of the following is the MOST important characteristic of an effective information security metric?

A.
The metric expresses residual risk relative to risk tolerance.
A.
The metric expresses residual risk relative to risk tolerance.
Answers
B.
The metric is frequently reported to senior management.
B.
The metric is frequently reported to senior management.
Answers
C.
The metric directly maps to an industry risk management framework.
C.
The metric directly maps to an industry risk management framework.
Answers
D.
The metric compares the organization's inherent risk against its risk appetite.
D.
The metric compares the organization's inherent risk against its risk appetite.
Answers
Suggested answer: A

Question 783

Report
Export
Collapse

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

A.
Assess changes in the risk profile.
A.
Assess changes in the risk profile.
Answers
B.
Activate the disaster recovery plan (DRP).
B.
Activate the disaster recovery plan (DRP).
Answers
C.
Invoke the incident response plan.
C.
Invoke the incident response plan.
Answers
D.
Conduct security awareness training.
D.
Conduct security awareness training.
Answers
Suggested answer: A

Question 784

Report
Export
Collapse

Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?

A.
Align the standards with the organizational policy.
A.
Align the standards with the organizational policy.
Answers
B.
Align the standards with industry best practices.
B.
Align the standards with industry best practices.
Answers
C.
Resolve the discrepancy before developing the standards.
C.
Resolve the discrepancy before developing the standards.
Answers
D.
Perform a cost-benefit analysis of aligning the standards to policy.
D.
Perform a cost-benefit analysis of aligning the standards to policy.
Answers
Suggested answer: C

Explanation:

The Information Security Manager's primary responsibility is to ensure that the organization's information assets are adequately protected. In this scenario, there is a conflict between the approved mobile access policy and industry best practices. Developing security standards based on a flawed policy could lead to significant security vulnerabilities.

Why the other options are not the best course of action:

A . Align the standards with the organizational policy: This would perpetuate the misalignment with best practices, potentially leaving the organization exposed to risks.

B . Align the standards with industry best practices: While this is ideal from a security perspective, it directly contradicts the approved policy, which could create operational and compliance issues.

D . Perform a cost-benefit analysis of aligning the standards to policy: A cost-benefit analysis might be useful at some point, but it does not address the fundamental issue of a policy that is not in line with best practices.

Key CISM Principles Reflected:

Alignment with Organizational Objectives: Security standards and policies should support and enable the organization's business objectives.

Risk Management: Identifying, assessing, and mitigating risks are essential elements of information security management.

Governance: Effective governance ensures that information security activities are aligned with the organization's strategies and objectives.

In summary: The Information Security Manager should proactively engage senior management to highlight the discrepancy between the approved policy and industry best practices. The goal is to revise the policy to ensure it adequately addresses security risks while supporting the organization's objectives. Once the policy is aligned with best practices, the security standards can be developed accordingly.

Question 785

Report
Export
Collapse

Which of the following metrics would provide an accurate measure of an information security program's performance?

A.
A collection of qualitative indicators that accurately measure security exceptions
A.
A collection of qualitative indicators that accurately measure security exceptions
Answers
B.
A combination of qualitative and quantitative trends that enable decision making
B.
A combination of qualitative and quantitative trends that enable decision making
Answers
C.
A collection of quantitative indicators that are compared against industry benchmarks
C.
A collection of quantitative indicators that are compared against industry benchmarks
Answers
D.
A single numeric score derived from various measures assigned to the security program
D.
A single numeric score derived from various measures assigned to the security program
Answers
Suggested answer: A

Question 786

Report
Export
Collapse

Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?

A.
To ensure separation of duties is maintained
A.
To ensure separation of duties is maintained
Answers
B.
To ensure system audit trails are not bypassed
B.
To ensure system audit trails are not bypassed
Answers
C.
To prevent accountability issues
C.
To prevent accountability issues
Answers
D.
To prevent unauthorized user access
D.
To prevent unauthorized user access
Answers
Suggested answer: C

Question 787

Report
Export
Collapse

For event logs to be acceptable for incident investigation, which of the following is the MOST important consideration to establish chain of evidence?

A.
Centralized logging
A.
Centralized logging
Answers
B.
Time clock synchronization
B.
Time clock synchronization
Answers
C.
Available forensic tools
C.
Available forensic tools
Answers
D.
Administrator log access
D.
Administrator log access
Answers
Suggested answer: B

Question 788

Report
Export
Collapse

Which of the following provides the BEST input to determine the level of protection needed for an IT system?

A.
Vulnerability assessment
A.
Vulnerability assessment
Answers
B.
Asset classification
B.
Asset classification
Answers
C.
Threat analysis
C.
Threat analysis
Answers
D.
Internal audit findings
D.
Internal audit findings
Answers
Suggested answer: B

Question 789

Report
Export
Collapse

Identifying which of the following BEST enables a cyberattack to be contained?

A.
The vulnerability exploited by the attack
A.
The vulnerability exploited by the attack
Answers
B.
The segment targeted by the attack
B.
The segment targeted by the attack
Answers
C.
The IP address of the computer that launched the attack
C.
The IP address of the computer that launched the attack
Answers
D.
The threat actor that initiated the attack
D.
The threat actor that initiated the attack
Answers
Suggested answer: B

Question 790

Report
Export
Collapse

Which of the following should be done FIRST when a SIEM flags a potential event?

A.
Validate the event is not a false positive.
A.
Validate the event is not a false positive.
Answers
B.
Initiate the incident response plan.
B.
Initiate the incident response plan.
Answers
C.
Escalate the event to the business owner.
C.
Escalate the event to the business owner.
Answers
D.
Implement compensating controls.
D.
Implement compensating controls.
Answers
Suggested answer: A

Explanation:

The first thing that should be done when a SIEM flags a potential event is A. Validate the event is not a false positive. This is because a false positive is an event that is incorrectly identified as malicious or suspicious by the SIEM, when in fact it is benign or normal. False positives can waste the time and resources of the security team, and reduce the trust and confidence in the SIEM system. Therefore, it is important to verify the accuracy and validity of the event before initiating any further actions, such as incident response, escalation, or compensating controls. Validation can be done by analyzing the event data, comparing it with the baseline or normal behavior, and checking for any anomalies or indicators of compromise.

A false positive is an event that is incorrectly identified as malicious or suspicious by the SIEM, when in fact it is benign or normal. Validation can be done by analyzing the event data, comparing it with the baseline or normal behavior, and checking for any anomalies or indicators of compromise. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 4, Section 4.2.1, page 2091; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 72, page 19

Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms