CISM exam

Minimum standards for securing the technical infrastructure should be defined in a security:A . strategy.B . guidelines.C . model.D . architecture.View AnswerAnswer: D Explanation: Minimum standards for securing the technical infrastructure should be defined in a security architecture document. This document defines how components are secured and the security services...

Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?A . Knowledge of information technology platforms, networks and development methodologiesB . Ability to understand and map organizational needs to security technologiesC . Knowledge of the regulatory environment and...

Which of the following are likely to be updated MOST frequently?A . Procedures for hardening database serversB . Standards for password length and complexityC . Policies addressing information security governanceD . Standards for document retention and destructionView AnswerAnswer: A Explanation: Policies and standards should generally be more static and less...

Retention of business records should PRIMARILY be based on:A . business strategy and direction.B . regulatory and legal requirements.C . storage capacity and longevity.D . business ease and value analysis.View AnswerAnswer: B Explanation: Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would...

To achieve effective strategic alignment of security initiatives, it is important that:A . Steering committee leadership be selected by rotation.B . Inputs be obtained and consensus achieved between the major organizational units.C . The business strategy be updated periodically.D . Procedures and standards be approved by all departmental heads.View AnswerAnswer:...

Which of the following would be MOST effective in successfully implementing restrictive password policies?A . Regular password auditsB . Single sign-on systemC . Security awareness programD . Penalties for noncomplianceView AnswerAnswer: C Explanation: To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the...

Senior management commitment and support for information security can BEST be obtained through presentations that:A . use illustrative examples of successful attacks.B . explain the technical risks to the organization.C . evaluate the organization against best security practices.D . tie security risks to key business objectives.View AnswerAnswer: D Explanation: Senior...

Who is ultimately responsible for the organization's information?A . Data custodianB . Chief information security officer (CISO)C . Board of directorsD . Chief information officer (CIO)View AnswerAnswer: C Explanation: The board of directors is ultimately responsible for the organization's information and is tasked with responding to issues that affect its...

Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?A . Chief security officer (CSO)B . Chief operating officer (COO)C . Chief privacy officer (CPO)D . Chief legal counsel (CLC)View AnswerAnswer: B Explanation: The chief...

Which of the following is the MOST important factor when designing information security architecture?A . Technical platform interfacesB . Scalability of the networkC . Development methodologiesD . Stakeholder requirementsView AnswerAnswer: D Explanation: The most important factor for information security is that it advances the interests of the business, as defined...