• Home
  • Articles
  • Get Perfect Results with Premium CISM Dumps Updated 417 Questions [Q99-Q124]

Get Perfect Results with Premium CISM Dumps Updated 417 Questions [Q99-Q124]

Share

Get Perfect Results with Premium CISM Dumps Updated 417 Questions

Free CISM Exam Study Guide for the NEW Dumps Test Engine


The CISM certification exam is a computer-based exam that consists of 150 multiple-choice questions. CISM exam is divided into four domains: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Candidates have four hours to complete the exam, and a passing score of 450 out of 800 is required.


The Certified Information Security Manager (CISM) certification is a globally recognized professional certification designed for individuals who manage, design, oversee, and assess enterprise information security programs. Certified Information Security Manager certification is offered by the Information Systems Audit and Control Association (ISACA), which is a non-profit organization that provides knowledge, standards, and certifications for information systems (IS) professionals. The CISM certification is intended to validate an individual’s expertise in information security management, and it is considered one of the most prestigious certifications in the field of information security.

 

NEW QUESTION # 99
Which of the following is the MOST important detail to capture in an organization's risk register?

  • A. Risk appetite
  • B. Risk ownership
  • C. Risk severity level
  • D. Risk acceptance criteria

Answer: B

Explanation:
Risk ownership is the most important detail to capture in an organization's risk register. Risk ownership is the responsibility for managing a risk, including taking corrective action, and should be assigned to a specific individual or team. It is important to note that the risk owner is not necessarily the same as the risk acceptor, who is the individual or team who makes the final decision to accept a risk. Capturing risk ownership in the risk register is important to ensure that risks are actively managed and that the responsible parties are held accountable.


NEW QUESTION # 100
When a significant security breach occurs, what should be reported FIRST to senior management?

  • A. A business case for implementing stronger logical access controls
  • B. An analysis of the impact of similar attacks at other organizations
  • C. A summary of the security logs that illustrates the sequence of events
  • D. An explanation of the incident and corrective action taken

Answer: D

Explanation:
When reporting an incident to senior management, the initial information to be communicated should include an explanation of what happened and how the breach was resolved. A summary of security logs would be too technical to report to senior management. An analysis of the impact of similar attacks and a business case for improving controls would be desirable; however, these would be communicated later in the process.


NEW QUESTION # 101
Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment?

  • A. Operations
  • B. Security
  • C. User
  • D. Database

Answer: C

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
As owners of the system, user management approval would be the most important. Although the signoffs of security, operations and database management may be appropriate, they are secondary to ensuring the new system meets the requirements of the business.


NEW QUESTION # 102
Which of the following is the FIRST task when determining an organization's information security profile?

  • A. Build an asset inventory
  • B. Establish security standards
  • C. Complete a threat assessment
  • D. List administrative privileges

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 103
The FIRST step to create an internal culture that focuses on information security is to:

  • A. actively monitor operations.
  • B. gain the endorsement of executive management.
  • C. implement stronger controls.
  • D. conduct periodic awareness training.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Endorsement of executive management in the form of policies provides direction and awareness. The implementation of stronger controls may lead to circumvention. Awareness training is important, but must be based on policies. Actively monitoring operations will not affect culture at all levels.


NEW QUESTION # 104
Which of the following is the MOST important component of information security governance?

  • A. Approved Information security strategy
  • B. Appropriate information security metrics
  • C. Comprehensive information security awareness program
  • D. Documented information security policies

Answer: B


NEW QUESTION # 105
Which of the following is the BEST reason to initiate a reassessment of current risk?

  • A. Changes to security personnel
  • B. A recent security incident
  • C. Certification requirements
  • D. Follow-up to an audit report

Answer: B

Explanation:
Section: INFORMATION RISK MANAGEMENT


NEW QUESTION # 106
For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?

  • A. Data loss prevention (DLP)
  • B. Containerization solution
  • C. Device certification process
  • D. Acceptable use policy

Answer: B


NEW QUESTION # 107
In a large organization, which of the following is the BEST source for identifying ownership of a PC?

  • A. Domain name server (DNS) records
  • B. User ID register
  • C. Identity management system
  • D. Asset management register

Answer: D


NEW QUESTION # 108
Which of the following is the BEST approach to mitigate online brute-force attacks on user accounts?

  • A. Implementation of lock-out policies
  • B. User awareness
  • C. Strong passwords that are changed periodically
  • D. Passwords stored in encrypted form

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Implementation of account lock-out policies significantly inhibits brute-force attacks. In cases where this is not possible, strong passwords that are changed periodically would be an appropriate choice. Passwords stored in encrypted form will not defeat an online brute-force attack if the password itself is easily guessed.
User awareness would help but is not the best approach of the options given.


NEW QUESTION # 109
Which of the following is MOST helpful to maintain cohesiveness within an organization's information security resource?

  • A. Security gap analysis
  • B. Business impact analysis
  • C. Information security architecture
  • D. Information security steering committee

Answer: C


NEW QUESTION # 110
An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

  • A. Review data architecture.
  • B. Include security requirements in the contract
  • C. Assess security controls.
  • D. Perform a risk assessment

Answer: D

Explanation:
Explanation
The best approach to determine how to protect newly acquired data assets prior to integration is to perform a risk assessment. A risk assessment will identify the various threats and vulnerabilities associated with the data assets and help the organization develop an appropriate security strategy. This risk assessment should include an assessment of the security controls in place to protect the data, a review of the data architecture, and a review of any contractual requirements related to security.


NEW QUESTION # 111
Which of the following is the MOST effective method of preventing deliberate internal security breaches?

  • A. Well-designed firewall system
  • B. Biometric security access control
  • C. Screening prospective employees
  • D. Well-designed intrusion detection system (IDS)

Answer: A

Explanation:
Explanation
Reference
https://www.techrepublic.com/article/strategies-for-preventing-internal-security-breaches-in-a-growing-business


NEW QUESTION # 112
When implementing security controls, an information security manager must PRIMARILY focus on:

  • A. eliminating all vulnerabilities.
  • B. certification from a third party.
  • C. minimizing operational impacts.
  • D. usage by similar organizations.

Answer: C

Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
Security controls must be compatible with business needs. It is not feasible to eliminate all vulnerabilities.
Usage by similar organizations does not guarantee that controls are adequate. Certification by a third party is important, but not a primary concern.


NEW QUESTION # 113
An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:

  • A. document lessons learned.
  • B. prepare for criminal prosecution.
  • C. evaluate the impact.
  • D. update information security policies.

Answer: C

Explanation:
Section: INCIDENT MANAGEMENT AND RESPONSE


NEW QUESTION # 114
An information security manager has been informed of a new vulnerability in an online banking application, and patch to resolve this issue is expected to be released in the next 72 hours. The information security manager's MOST important course of action should be to:

  • A. identify and implement mitigating controls.
  • B. perform a business impact analysis (BIA).
  • C. assess the risk and advise senior management.
  • D. run the application system in offline mode.

Answer: C


NEW QUESTION # 115
Exceptions to a security policy should be approved based PRIMARILY on:

  • A. the number of security incidents.
  • B. risk appetite.
  • C. the external threat probability.
  • D. results of a business impact analysis (BIA).

Answer: D


NEW QUESTION # 116
Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application?

  • A. Business process flow
  • B. User security procedures
  • C. Regulatory requirements
  • D. IT security policy

Answer: D

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
IT management should ensure that mechanisms are implemented in line with IT security policy. Procedures are determined by the policy. A user security procedure does not describe the access control mechanism in place. The business process flow is not relevant to the access control mechanism. The organization's own policy and procedures should take into account regulatory requirements.


NEW QUESTION # 117
The MOST important characteristic of good security policies is that they:

  • A. are aligned with organizational goals.
  • B. state only one general security mandate.
  • C. govern the creation of procedures and guidelines.
  • D. state expectations of IT management.

Answer: A

Explanation:
The most important characteristic of good security policies is that they be aligned with organizational goals. Failure to align policies and goals significantly reduces the value provided by the policies. Stating expectations of IT management omits addressing overall organizational goals and objectives. Stating only one general security mandate is the next best option since policies should be clear; otherwise, policies may be confusing and difficult to understand. Governing the creation of procedures and guidelines is most relevant to information security standards.


NEW QUESTION # 118
Which of the following is the BEST control to minimize the risk associated with loss of information as a result of ransomware exploiting a zero-day vulnerability?

  • A. A data recovery process
  • B. A patch management process
  • C. A security operation center
  • D. A public key infrastructure

Answer: A

Explanation:
Section: INFORMATION RISK MANAGEMENT


NEW QUESTION # 119
Which of the following has the MOST direct impact on the usability of an organization's asset classification program?

  • A. The frequency of updates to the organization's risk register
  • B. The business objectives of the organization
  • C. The granularity of classifications in the hierarchy
  • D. The support of senior management for the classification scheme

Answer: B


NEW QUESTION # 120
In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting business goals and objectives?

  • A. Adopting internationally accepted controls
  • B. Reviewing results of the annual company external audit
  • C. Using the risk management process
  • D. Enforcing strict disciplinary procedures in case of noncompliance

Answer: C


NEW QUESTION # 121
Which of the following are the essential ingredients of a business impact analysis (B1A)?

  • A. Business continuity testing methodology being deployed
  • B. Structure of the crisis management team
  • C. Cost of business outages in a year as a factor of the security budget
  • D. Downtime tolerance, resources and criticality

Answer: D

Explanation:
Explanation
The main purpose of a BIA is to measure the downtime tolerance, associated resources and criticality of a business function. Options B, C and D are all associated with business continuity planning, but are not related to the BIA.


NEW QUESTION # 122
After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

  • A. Gap analysis
  • B. Recent audit results
  • C. Risk heat map
  • D. Balanced scorecard

Answer: D


NEW QUESTION # 123
A business unit uses an e-commerce application with a strong password policy. Many customers complain that they cannot remember their passwords because they are too long and complex. The business unit states it is imperative to improve the customer experience. The information security manager should FIRST:

  • A. evaluate the impact of the customer's experience on business revenue
  • B. research alternative secure methods of identity verification
  • C. change the password policy to improve the customer experience
  • D. recommend implementing two-factor authentication

Answer: B

Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT


NEW QUESTION # 124
......

CISM PDF Dumps Extremely Quick Way Of Preparation: https://itcert-online.newpassleader.com/ISACA/CISM-exam-preparation-materials.html

Related Articles

more
ISACA CISM Certification Practice Exam