ExamGecko
Search Search Login
Home Home / Isaca / CISM
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 683 - CISM discussion

Report
Export

Which of the following is an information security manager's BEST course of action when a penetration test reveals a security exposure due to a firewall that is not configured correctly?

A.
Ensure a plan with milestones is developed.
Answers
A.
Ensure a plan with milestones is developed.
B.
Implement a distributed denial of service (DDoS) control.
Answers
B.
Implement a distributed denial of service (DDoS) control.
C.
Engage the incident response team.
Answers
C.
Engage the incident response team.
D.
Define new key performance indicators (KPIs).
Answers
D.
Define new key performance indicators (KPIs).
Suggested answer: A

Explanation:

A penetration test is a proactive way to identify and remediate security vulnerabilities in a network. When a penetration test reveals a security exposure due to a firewall that is not configured correctly, the information security manager's best course of action is to ensure a plan with milestones is developed to address the issue. This plan should include the root cause analysis, the corrective actions, the responsible parties, the deadlines, and the verification methods. This way, the information security manager can ensure that the security exposure is resolved in a timely and effective manner, and that the firewall configuration is aligned with the security policy and the business objectives.

Reference=

CISM Review Manual (Digital Version), page 193: ''The information security manager should ensure that a plan with milestones is developed to address the issues identified during the penetration test.''

How to configure a network firewall: Walkthrough: ''A good network firewall is essential. Learn the basics of configuring a network firewall, including stateful vs. stateless firewalls and access control lists in this episode of Cyber Work Applied.''

Which of the following is the BEST way to evaluate whether the information security program aligns with corporate governance?

A . Survey mid-level management.

B . Analyze industry benchmarks.

C . Conduct a gap analysis.

D . Review internal audit reports.

Show Answer
asked 01/10/2024
Tim Baas
42 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms