CISM Certified Information Security Manager Practice Test Set 7

Which of the following characteristics is MOST important when looking at prospective candidates
for the role of chief information security officer (CISO)?


Options are :

  • Ability to understand and map organizational needs to security technologies
  • Knowledge of the regulatory environment and project management techniques
  • Knowledge of information technology platforms, networks and development methodologies
  • Ability to manage a diverse group of individuals and resources across an organization

Answer : Ability to understand and map organizational needs to security technologies

CISM Incident Management and Response Practice Exam

It is MOST important that information security architecture be aligned with which of the following?


Options are :

  • Industry best practices
  • Information security best practices
  • Information technology plans
  • Business objectives and goals

Answer : Business objectives and goals

The cost of implementing a security control should not exceed the:


Options are :

  • implementation opportunity costs.
  • cost of an incident.
  • asset value.
  • annualized loss expectancy.

Answer : asset value.

Which of the following situations must be corrected FIRST to ensure successful information
security governance within an organization?


Options are :

  • The data center manager has final signoff on all security projects.
  • The information security oversight committee only meets quarterly.
  • The chief information officer (CIO) approves security policy changes.
  • The information security department has difficulty filling vacancies.

Answer : The data center manager has final signoff on all security projects.

Cism Information Security Program Development Practice

An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:


Options are :

  • bring all locations into conformity with a generally accepted set of industry best practices.
  • bring all locations into conformity with the aggregate requirements of all governmental jurisdictions
  • establish a baseline standard incorporating those requirements that all jurisdictions have in common.
  • establish baseline standards for all locations and add supplemental standards as required

Answer : establish baseline standards for all locations and add supplemental standards as required

Senior management commitment and support for information security can BEST be enhanced
through:


Options are :

  • regular security awareness training for employees.
  • a formal security policy sponsored by the chief executive officer (CEO).
  • periodic review of alignment with business management goals.
  • senior management signoff on the information security strategy.

Answer : periodic review of alignment with business management goals.

Senior management commitment and support for information security will BEST be attained by an
information security manager by emphasizing: 


Options are :

  • the responsibilities of organizational units.
  • organizational risk.
  • security needs.
  • organization wide metrics.

Answer : organizational risk.

Cism Information Security Program Development Practice

Which of the following are likely to be updated MOST frequently?


Options are :

  • Policies addressing information security governance
  • Procedures for hardening database servers
  • Standards for password length and complexity
  • Standards for document retention and destruction

Answer : Procedures for hardening database servers

Which of the following is the MOST appropriate position to sponsor the design and implementation
of a new security infrastructure in a large global enterprise? 


Options are :

  • Chief privacy officer (CPO)
  • Chief operating officer (COO)
  • Chief security officer (CSO)
  • Chief legal counsel (CLC)

Answer : Chief operating officer (COO)

The MOST appropriate role for senior management in supporting information security is the:


Options are :

  • . approval of policy statements and funding.
  • assessment of risks to the organization.
  • . evaluation of vendors offering security products.
  • monitoring adherence to regulatory requirements.

Answer : . approval of policy statements and funding.

CISM Information Security Program Management Practice Exam Set 5

Which of the following are seldom changed in response to technological changes?


Options are :

  • Procedures
  • Standards
  • Policies
  • Guidelines

Answer : Policies

Which of the following would BEST prepare an information security manager for regulatory
reviews?


Options are :

  • Ensure all regulatory inquiries are sanctioned by the legal department
  • Perform self-assessments using regulatory guidelines and reports
  • Assess previous regulatory reports with process owners input
  • Assign an information security administrator as regulatory liaison

Answer : Perform self-assessments using regulatory guidelines and reports

When a security standard conflicts with a business objective, the situation should be resolved by: 


Options are :

  • authorizing a risk acceptance.
  • changing the security standard.
  • performing a risk analysis.
  • changing the business objective.

Answer : performing a risk analysis.

CISM Information Security Governance Certified Test

Which of the following is the MOST important information to include in an information security
standard?


Options are :

  • Author name
  • Initial draft approval date
  • Last review date
  • Creation date

Answer : Last review date

Which of the following would BEST ensure the success of information security governance within
an organization?


Options are :

  • . Security policy training provided to all managers
  • Steering committees approve security projects
  • Security training available to all employees on the intranet
  • Steering committees enforce compliance with laws and regulations

Answer : Steering committees approve security projects

Acceptable levels of information security risk should be determined by:


Options are :

  • die steering committee.
  • . external auditors.
  • legal counsel.
  • security management.

Answer : die steering committee.

Which of the following is the MOST important factor when designing information security
architecture?


Options are :

  • Development methodologies
  • Stakeholder requirements
  • Scalability of the network
  • Technical platform interfaces

Answer : Stakeholder requirements

Developing a successful business case for the acquisition of information security software
products can BEST be assisted by:


Options are :

  • quantifying the cost of control failures.
  • comparing spending against similar organizations
  • assessing the frequency of incidents.
  • calculating return on investment (ROD projections.

Answer : calculating return on investment (ROD projections.

Which of the following requirements would have the lowest level of priority in information security?


Options are :

  • Regulatory
  • Business
  • Technical
  • Privacy

Answer : Technical

CISM Certified Information Security Manager Mock Test

Which of the following represents the MAJOR focus of privacy regulations?


Options are :

  • Identity theft
  • Identifiable personal data
  • Human rights protection D.
  • Unrestricted data mining

Answer : Identifiable personal data

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions