[Feb 28, 2023] Pass CISM Review Guide, Reliable CISM Test Engine [Q55-Q69]

28 Feb, 2023 By admin CISM, ISACA 0 Comments

[Feb 28, 2023] Pass CISM Review Guide, Reliable CISM Test Engine [Q55-Q69]

4/5 - (2 votes)

[Feb 28, 2023] Pass CISM Review Guide, Reliable CISM Test Engine

CISM Test Engine Practice Test Questions, Exam Dumps

ISACA Certified Information Security Manager CISM Exam

ISACA Certified Information Security Manager CISM Exam is related to Certified Information Security Manager CISM certification. This CISM Exam validates the ability to maintain and establish an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. Candidate must have the ability to manage information risk appropriately and program resources are managed responsibly. It also deals with the ability to ensure that organizational goals and objectives are supported by the information security program communicate managements directives and guide the development of standards, procedures, and guidelines and develop business cases to support investments in information security. Security Managers Industry Leaders and Industry Practitioners usually hold or pursue this certification and you can expect the same job roles after completion of this certification.

QUESTION 55
In business-critical applications, user access should be approved by the:

information security manager.

data owner.

data custodian.

business management.

A data owner is in the best position to validate access rights to users due to their deep understanding of business requirements and of functional implementation within the application. This responsibility should be enforced by the policy. An information security manager will coordinate and execute the implementation of the role-based access control. A data custodian will ensure that proper safeguards are in place to protect the data from unauthorized access; it is not the data custodian’s responsibility to assign access rights. Business management is not. in all cases, the owner of the data.

QUESTION 56
In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?

Update the application security policy.

Implement compensating control.

Submit a waiver for the legacy application.

Perform an application security assessment.

QUESTION 57
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

relates information security policies and standards into business requirements

relates the investment to the organization’s strategic plan.

realigns information security objectives to organizational strategy.

articulates management’s intent and information security directives in clear language.

QUESTION 58
Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

Patch management

Change management

Security baselines

Virus detection

Section: INFORMATION SECURITY PROGRAM DEVELOPMENT
Explanation:
Change management controls the process of introducing changes to systems. This is often the point at which a weakness will be introduced. Patch management involves the correction of software weaknesses and would necessarily follow change management procedures. Security baselines provide minimum recommended settings and do not prevent introduction of control weaknesses. Virus detection is an effective tool but primarily focuses on malicious code from external sources, and only for those applications that are online.

QUESTION 59
Senior management has just accepted the risk of noncompliance with a new regulation. What should the information security manager do NEXT7

Assess the impact of the regulation.

Reassess the organization’s risk tolerance.

Update details within the risk register

Report the decision to the compliance officer.

QUESTION 60
Which of the following provides a sound basis for effective security change management?

Configuration management

Password management

Incident management

Version management

QUESTION 61
Which of the following would present the GREATEST risk to information security?

Virus signature files updates are applied to all servers every day

Security access logs are reviewed within five business days

Critical patches are applied within 24 hours of their release

Security incidents are investigated within five business days

Explanation/Reference:
Explanation:
Security incidents are configured to capture system events that are important from the security perspective; they include incidents also captured in the security access logs and other monitoring tools.
Although, in some instances, they could wait for a few days before they are researched, from the options given this would have the greatest risk to security. Most often, they should be analyzed as soon as possible. Virus signatures should be updated as often as they become available by the vendor, while critical patches should be installed as soon as they are reviewed and tested, which could occur in 24 hours.

QUESTION 62
Regular vulnerability scanning on an organization’s internal network has identified that many user workstations have unpatched versions of software What is the BEST way for the information security manager to help senior management understand the related risk?

Include the impact of the risk as part of regular metrics

Recommend the security steering committee conduct a review

Update the risk assessment at regular intervals

Send regular notifications directly to senior managers

QUESTION 63
The BEST way 10 establish a security baseline is by documenting

a standard of acceptable settings

a framework of operational standards

the desired range of security settings

the organization’s preferred security level.

QUESTION 64
Which of the following devices should be placed within a DMZ?

Proxy server

Application server

Departmental server

Data warehouse server

An application server should normally be placed within a demilitarized zone (DMZ) to shield the internal network. Data warehouse and departmental servers may contain confidential or valuable data and should always be placed on the internal network, never on a DMZ that is subject to compromise. A proxy server forms the inner boundary of the DMZ but is not placed within it.

QUESTION 65
A post-incident review should be conducted by an incident management team to determine:

relevant electronic evidence.

lessons learned.

hacker’s identity.

areas affected.

Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation:
Post-incident reviews are beneficial in determining ways to improve the response process through lessons learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.

QUESTION 66
An organization has an approved bring your own device (BYOD) program. Which of the following is the MOST effective method to enforce application control on personal devices?

Establish a mobile device acceptable use policy.

Implement a mobile device management solution.

Educate users regarding the use of approved applications.

Implement a web application firewall.

Section: INFORMATION SECURITY PROGRAM DEVELOPMENT

QUESTION 67
In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:

international standards.

local regulations.

generally accepted best practices.

organizational security policies.

Legal follow-up will most likely be performed locally where the incident took place; therefore, it is critical that the procedure of treating evidence is in compliance with local regulations. In certain countries, there are strict regulations on what information can be collected. When evidence collected is not in compliance with local regulations, it may not be admissible in court. There are no common regulations to treat computer evidence that are accepted internationally. Generally accepted best practices such as a common chain-of-custody concept may have different implementation in different countries, and thus may not be a good assurance that evidence will be admissible. Local regulations always take precedence over organizational security policies.

QUESTION 68
Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?

Restricting the use of removable media

Applying data classification rules

Following the principle of least privilege

Enforcing penalties for security policy violations

QUESTION 69
Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?

Restrict the available drive allocation on all PCs

Disable universal serial bus (USB) ports on all desktop devices

Conduct frequent awareness training with noncompliance penalties

Establish strict access controls to sensitive information

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Restricting the ability of a PC to allocate new drive letters ensures that universal serial bus (USB) drives or even CD-writers cannot be attached as they would not be recognized by the operating system. Disabling USB ports on all machines is not practical since mice and other peripherals depend on these connections.
Awareness training and sanctions do not prevent copying of information nor do access controls.

Loading …