CISM exam

Which of the following is the MOST important to keep in mind when assessing the value of information?A . The potential financial lossB . The cost of recreating the informationC . The cost of insurance coverageD . Regulatory requirementView AnswerAnswer: A Explanation: The potential for financial loss is always a...

An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management? A. Security metrics reports B. Risk assessment reports C. Business impact analysis (BIA) D. Return on security investment reportView AnswerAnswer: B...

How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?A . Give organization standards preference over local regulationsB . Follow local regulations onlyC . Make the organization aware of those standards where local regulations causes conflictsD . Negotiate a local...

When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?A . Compliance with international security standards.B . Use of a two-factor authentication system.C . Existence of...

Which of the following would be the MOST important goal of an information security governance program?A . Review of internal control mechanismsB . Effective involvement in business decision makingC . Total elimination of risk factorsD . Ensuring trust in dataView AnswerAnswer: D Explanation: The development of trust in the integrity...

Relationships among security technologies are BEST defined through which of the following?A . Security metricsB . Network topologyC . Security architectureD . Process improvement modelsView AnswerAnswer: C Explanation: Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain...

What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?A . Risk assessment reportB . Technical evaluation reportC . Business caseD . Budgetary requirementsView AnswerAnswer: C Explanation: The information security manager needs to prioritize the controls based on risk management and the requirements of the...

The MOST important component of a privacy policy is:A . notifications.B . warranties.C . liabilities.D . geographic coverage.View AnswerAnswer: A Explanation: Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more...

Who in an organization has the responsibility for classifying information?A . Data custodianB . Database administratorC . Information security officerD . Data ownerView AnswerAnswer: D Explanation: The data owner has full responsibility over data. The data custodian is responsible for securing the information. The database administrator carries out the technical...

Which of the following roles would represent a conflict of interest for an information security manager?A . Evaluation of third parties requesting connectivityB . Assessment of the adequacy of disaster recovery plansC . Final approval of information security policiesD . Monitoring adherence to physical security controlsView AnswerAnswer: C Explanation: Since...