CISM exam

Which of the following would BEST assist an information security manager in gaining strategic support from executive management?A . Risk analysis specific to the organizationB . Research on trends in global information security breachesC . Rating of the organization s security, based on international standardsD . Annual report of security...

Which of the following will BEST protect an organization against spear phishing?A . Antivirus softwareB . Acceptable use policyC . Email content filteringD . End-user trainingView AnswerAnswer: D

Which of the following is the MOST important consideration when determining the approach for gaining organization-wide acceptance of an information security plan?A . Mature security policyB . Information security roles and responsibilitiesC . Organizational information security awarenessD . Organizational cultureView AnswerAnswer: D

A policy has been established requiting users to install mobile device management (MDM) software on their personal devices. Which of the following would BEST mitigate the risk created by noncompliance with this policy?A . Disabling remote access from the mobile deviceB . Requiring users to sign off on terms and...

Labeling information according to its security classification:A . affects the consequences if information is handled insecurely,B . induces the number and type of counter measures requiredC . enhances the likelihood of people handling information securely,D . reduces the need to identify baseline controls for each classification.View AnswerAnswer: B

Which of the following is the MOST important outcome from vulnerability scanning?A . Prioritization of risksB . Information about steps necessary to hack the systemC . Identification of back doorsD . Verification that systems are property configuredView AnswerAnswer: C

Which of the following is the BEST way to increase the visibility of information security within an organization's culture?A . Requiring cross-functional information security trainingB . Implementing user awareness campaigns for the entire companyC . Publishing an acceptable use policyD . Establishing security policies based on industry standardsView AnswerAnswer: B

Which of the following would contribute MOST to employees' understanding of data handling responsibilities?A . Demonstrating support by senior management of the security programB . Implementing a tailored security awareness training programC . Requiring staff acknowledgement of security policiesD . Labeling documents according to appropriate security classificationView AnswerAnswer: B

As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?A . Determine new factors that could influence the information security strategy.B . Implement the current information security...

When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?A . The security awareness programsB . Firewall logsC . The risk management processesD . Post-incident analysis resultsView AnswerAnswer: D