CISM exam

Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?A . The framework includes industry-recognized information security best practices.B . The number of security incidents has significantly declinedC . The business has obtained framework certification.D . Objectives in...

Which of the following is the BEST method to defend against social engineering attacks?A . Monitor for unauthorized access attempts and failed logins.B . Employ the use of a web-content filtering solution.C . Communicate guideline to limit information posted to public sitesD . Periodically perform antivirus scans to identify malwareView...

Due lo budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA). Which of the following is the information security manager's BEST course of action?A . Inform the legal department of the deficiencyB . Analyze and report the issue to...

When developing a new application, which of the following is the BEST approach to ensure compliance with security requirements?A . Provide security training for developers.B . Prepare detailed acceptance criteriaC . Adhere to change management processes.D . Perform a security gap analysis.View AnswerAnswer: A

Which of the following would present the GREATEST need to revise information security poll'A . Implementation of a new firewallB . An increase in reported incidentsC . A merger with a competing companyD . Changes in standards and proceduresView AnswerAnswer: C

Which of the following is an information security manager's BEST course of action to address a significant materialized risk that was not prevented by organizational controls?A . Update the business impact analysis (BIA)B . Update the risk register.C . Perform root cause analysis.D . Invoke the incident response plan.View AnswerAnswer:...

Which of the following would be of GREATEST concern to an information security manager when evaluating a cloud service provider (CSP)?A . Security controls offered by the provider are inadequateB . Service level agreements (SLAs) art not well defined.C . Data retention policies may be violated.D . There is no...

Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?A . Average time to resolve an incidentB . Total number of reported incidentsC . Total number of incident responsesD . Average time to respond to an incidentView AnswerAnswer: A

Which of the following is the PRIMARY reason to invoke continuity and recovery plans?A . To achieve service delivery objectivesB . To coordinate with senior managementC . To enforce service level agreements (SLAs)D . To protect corporate networksView AnswerAnswer: A

To gain a clear understanding of the impact that a new regulatory will have on an organization’s security control, an information manager should FIRST.A . Conduct a risk assessmentB . Interview senior managementC . Perform a gap analysisD . Conduct a cost-benefit analysisView AnswerAnswer: C