CISM Certified Information Security Manager Practice Test Set 6

Investments in information security technologies should be based on:


Options are :

  • value analysis. (Correct)
  • audit recommendations.
  • business climate.
  • vulnerability assessments.

Answer : value analysis.

Information security projects should be prioritized on the basis of:


Options are :

  • total cost for implementation
  • impact on the organization (Correct)
  • mix of resources required.
  • time required for implementation.

Answer : impact on the organization

The MOST important factor in planning for the long-term retention of electronically stored business
records is to take into account potential changes in:


Options are :

  • application systems and media. (Correct)
  • storage capacity and shelf life
  • regulatory and legal requirements.
  • business strategy and direction.

Answer : application systems and media.

Which of the following would be the MOST important goal of an information security governance
program?


Options are :

  • . Review of internal control mechanisms
  • Ensuring trust in data (Correct)
  • Effective involvement in business decision making
  • Total elimination of risk factors

Answer : Ensuring trust in data

Which of the following is MOST appropriate for inclusion in an information security strategy?


Options are :

  • Business controls designated as key controls
  • Firewall rule sets, network defaults and intrusion detection system (IDS) settings
  • Budget estimates to acquire specific security tools
  • Security processes, methods, tools and techniques (Correct)

Answer : Security processes, methods, tools and techniques

When an organization hires a new information security manager, which of the following goals
should this individual pursue FIRST?


Options are :

  • Assemble an experienced staff
  • Develop a security architecture
  • Benchmark peer organizations
  • Establish good communication with steering committee members (Correct)

Answer : Establish good communication with steering committee members

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?


Options are :

  • Incorporate policy statements provided by regulators
  • Develop a compliance risk assessment
  • Create separate policies to address each regulation
  • Develop policies that meet all mandated requirements (Correct)

Answer : Develop policies that meet all mandated requirements

CISM Information Security Governance Practice Test Set 4

Which of the following is the MOST essential task for a chief information security officer (CISO) to
perform?


Options are :

  • Approve access to critical financial systems
  • Develop an information security strategy paper (Correct)
  • Conduct disaster recovery test exercises
  • Update platform-level security settings

Answer : Develop an information security strategy paper

Which of the following roles would represent a conflict of interest for an information security
manager?


Options are :

  • Monitoring adherence to physical security controls
  • Assessment of the adequacy of disaster recovery plans
  • Final approval of information security policies (Correct)
  • . Evaluation of third parties requesting connectivity

Answer : Final approval of information security policies

A business unit intends to deploy a new technology in a manner that places it in violation of
existing information security standards. What immediate action should an information security
manager take?


Options are :

  • Perform research to propose use of a better technology
  • Perform a risk analysis to quantify the risk (Correct)
  • Change the standard to permit the deployment
  • . Enforce the existing security standard

Answer : Perform a risk analysis to quantify the risk

CISM Information Security Governance Practice Test Set 1

Minimum standards for securing the technical infrastructure should be defined in a security:


Options are :

  • architecture. (Correct)
  • model.
  • strategy
  • guidelines.

Answer : architecture.

Senior management commitment and support for information security can BEST be obtained
through presentations that:


Options are :

  • tie security risks to key business objectives. (Correct)
  • explain the technical risks to the organization.
  • evaluate the organization against best security practices.
  • use illustrative examples of successful attacks.

Answer : tie security risks to key business objectives.

Which of the following should be the FIRST step in developing an information security plan?


Options are :

  • Assess the current levels of security awareness
  • Perform a business impact analysis
  • None of the Above
  • Perform a technical vulnerabilities assessment
  • Analyze the current business strategy (Correct)

Answer : Analyze the current business strategy

CISM Information Security Program Management Test

Security technologies should be selected PRIMARILY on the basis of their:


Options are :

  • use of new and emerging technologies.
  • ability to mitigate business risks. (Correct)
  • benefits in comparison to their costs.
  • evaluations in trade publications.

Answer : ability to mitigate business risks.

The MOST important component of a privacy policy is:


Options are :

  • geographic coverage.
  • notifications. (Correct)
  • warranties.
  • . liabilities.

Answer : notifications.

Which of the following is MOST likely to be discretionary?


Options are :

  • Policies
  • Procedures
  • Standards
  • Guidelines (Correct)

Answer : Guidelines

CISM Information Security Governance Certification

Which of the following is characteristic of decentralized information security management across a
geographically dispersed organization? 


Options are :

  • Better adherence to policies
  • More uniformity in quality of service
  • Better alignment to business unit needs (Correct)
  • More savings in total operating costs

Answer : Better alignment to business unit needs

Relationships among security technologies are BEST defined through which of the following?


Options are :

  • Security metrics
  • Security architecture (Correct)
  • Process improvement models
  • Network topology

Answer : Security architecture

Successful implementation of information security governance will FIRST require: 


Options are :

  • a computer incident management team.
  • a security architecture.
  • security awareness training.
  • updated security policies. (Correct)

Answer : updated security policies.

CISM Information Risk Management Certification Practice Exam

Which of the following individuals would be in the BEST position to sponsor the creation of an
information security steering group? 


Options are :

  • Legal counsel
  • Information security manager
  • Chief operating officer (COO)
  • Internal auditor (Correct)

Answer : Internal auditor

The chief information security officer (CISO) should ideally have a direct reporting relationship to
the:


Options are :

  • head of internal audit.
  • legal counsel.
  • chief operations officer (COO). (Correct)
  • chief technology officer (CTO).

Answer : chief operations officer (COO).

The PRIMARY goal in developing an information security strategy is to:


Options are :

  • educate business process owners regarding their duties
  • establish security metrics and performance monitoring.
  • ensure that legal and regulatory requirements are met
  • support the business objectives of the organization (Correct)

Answer : support the business objectives of the organization

CISM Information Security Program Management Test

Information security governance is PRIMARILY driven by: 


Options are :

  • technology constraints.
  • litigation potential.
  • business strategy. (Correct)
  • regulatory requirements

Answer : business strategy.

Who should be responsible for enforcing access rights to application data?


Options are :

  • The security steering committee
  • Data owners
  • Security administrators (Correct)
  • Business process owners

Answer : Security administrators

Which of the following MOST commonly falls within the scope of an information security
governance steering committee?


Options are :

  • Interviewing candidates for information security specialist positions
  • Developing content for security awareness programs
  • Prioritizing information security initiatives (Correct)
  • Approving access to critical financial systems

Answer : Prioritizing information security initiatives

Which of the following BEST describes an information security manager's role in a
multidisciplinary team that will address a new regulatory requirement regarding operational risk?


Options are :

  • Ensure that all IT risks are identified
  • Demonstrate that IT mitigating controls are in place
  • Evaluate the impact of information security risks (Correct)
  • Suggest new IT controls to mitigate operational risk

Answer : Evaluate the impact of information security risks

Retention of business records should PRIMARILY be based on:


Options are :

  • business ease and value analysis.
  • storage capacity and longevity.
  • business strategy and direction
  • regulatory and legal requirements. (Correct)

Answer : regulatory and legal requirements.

Which of the following is characteristic of centralized information security management?


Options are :

  • Better adherence to policies (Correct)
  • More expensive to administer
  • Faster turnaround of requests
  • More aligned with business unit needs

Answer : Better adherence to policies

CISM Information Security Governance Certification

Which of the following is the MOST important information to include in a strategic plan for
information security?


Options are :

  • information security mission statement
  • Current state and desired future state
  • IT capital investment requirements (Correct)
  • Information security staffing requirements

Answer : IT capital investment requirements

When an information security manager is developing a strategic plan for information security, the
timeline for the plan should be:


Options are :

  • aligned with the IT strategic plan.
  • based on the current rate of technological change.
  • aligned with the business strategy. (Correct)
  • three-to-five years for both hardware and software

Answer : aligned with the business strategy.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions