CISM exam

A business unit uses e-commerce with a strong password policy. Many customers complain that they cannot remember their password because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST.A . Change the password policy to...

Which of the following is the BEST way to demonstrate to senior management that organizational security practices comply with industry standards?A . Existence of an industry-accepted frameworkB . Up-to-date policy and procedures documentationC . A report on the maturity of controlsD . Results of an independent assessmentView AnswerAnswer: D

A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value c*n be mitigated by:A . generating hash output that is the same size as the original message,B . requiring the recipient to use a different hash algorithm,C ....

Which of the following BEST enables an effective escalation process within an incident response program?A . Dedicated funding for incident managementB . Adequate incident response staffingC . Monitored program metricsD . Defined incident thresholdsView AnswerAnswer: D

During which phase of an incident response process should corrective actions to the response procedure be considered and implemented?A . ReviewB . IdentificationC . EradicationD . ContainmentView AnswerAnswer: A

The PRIMARY purpose of asset valuation for the management of information security is to:A . prioritize risk management activities.B . provide a basis for asset classification.C . determine the value of each assetD . eliminate the least significant assets.View AnswerAnswer: A

An information security manager is concerned that executive management does not su the following is the BEST way to address this situation?A . Revise the information security strategy to meet executive management expectations.B . Escalate noncompliance concerns to the internal audit managerC . Report the risk and status of the...

When using a newly implemented security information and event management (SIEM) infrastructure, which of the following should be considered FIRST?A . EncryptionB . RetentionC . Report distributionD . TuningView AnswerAnswer: D

Which of the following is the BEST way to improve the timely reporting of information security incidents?A . Perform periodic simulations with the incident response team.B . Regularly reassess and update the incident response plan.C . Integrate an intrusion detection system (IDS) in the DMZD . Incorporate security procedures in...

The PRIMARY benefit of integrating information security activities into change management processes is to:A . provide greater accountability for security-related changes In the businessB . protect the organization from unauthorized changes.C . protect the business from collusion and compliance threats.D . ensure required controls are Included in changes.View AnswerAnswer: B