CISM Incident Management Response Certified Practice Exam Set 1

Web server is a financial institution that has been compromised by using super-user account has been isolated, and a proper forensic processes have been followed. The next step would be:


Options are :

  • shut down the server in an organized manner.
  • the server re-construction of the original media and the relevant patches.
  • None
  • insert web server quarantine.
  • the rebuilding of the last verified backup server

Answer : the server re-construction of the original media and the relevant patches.

A root kit was used to capture the detailed accounts receivable information. To ensure the admissibility of evidence, from a legal perspective, when the incident was identified and isolated from the server, the next step would be to:


Options are :

  • None
  • take an image copy of media.
  • Close the accounts receivable system.
  • notify law enforcement.
  • to document the attack occurred.

Answer : take an image copy of media.

When you collect evidence for forensic analysis, it is important to:


Options are :

  • ask do an image copy the IT department.
  • ensuring qualified staff for the task.
  • ensure that law enforcement agencies are present before starting forensic analysis.
  • disconnect from the network and isolate the equipment in question.
  • None

Answer : ensuring qualified staff for the task.

Emergency actions are taken in the early stages of a disaster, the purpose of which is to prevent injury or loss of life, and:


Options are :

  • None
  • while maintaining environmental conditions.
  • Sound activation plan.
  • reducing operational damage.
  • determining the extent of damage to property.

Answer : reducing operational damage.

Possible breach of the organization's IT system is reported by the project manager. What is the first thing Incident Response leader should do?


Options are :

  • None
  • Removes the logon ID
  • Perform a port scan system
  • Validate case
  • To examine the system logs

Answer : Validate case

defining the primary aspect of Recovery Time Objectives (RTOS) for information assets is:


Options are :

  • None
  • needs.
  • regulatory requirements.
  • The economic value.
  • T availability of resources.

Answer : needs.

During a security review of the organization servers in a file server was found to contain confidential human resources (HR) data was available for all user accounts. As a first step, the security manager would be:


Options are :

  • Report this situation the data owner.
  • None
  • train your HR team to properly control the file permissions.
  • delete permissions to the folder that contains the data.
  • copy the sample files as evidence.

Answer : Report this situation the data owner.

The first step in incident response plan is:


Options are :

  • includes the effects of the event to limit the damage.
  • develop response strategies for systematic attacks.
  • notify- suitable individuals.
  • None
  • to confirm the incident.

Answer : to confirm the incident.

Determine how protected happened to the corporate network, a Security Manager logs look different devices. Which of the following BEST easier and correlation are shown in these logs?


Options are :

  • Proxy server
  • None
  • time server
  • the database server
  • Name Server (DNS)

Answer : time server

The primary purpose associated with third-party teams to carry out a post-event analysis of security breaches are:


Options are :

  • get better buy-in security program.
  • None
  • receive support to improve the expertise of third-party teams.
  • learned to identify further enhance the security management process.
  • that independent and objective assessment of the root cause of the events.

Answer : that independent and objective assessment of the root cause of the events.

CISM Information Security Program Management Practice Exam Set 3

Which of the following processes is critical to decide on the prioritization of the business continuity plan?


Options are :

  • None
  • Business impact analysis (BIA)
  • process Map
  • risk assessment
  • vulnerability assessment

Answer : Business impact analysis (BIA)

The organization has learned from a security breach by another company, which uses similar technology. The first thing the information security manager should be done:


Options are :

  • to remind staff that similar security breaches have occurred.
  • None
  • reporting to top management that the organization is not affected.
  • to assess the likelihood of cases were reported to have caused.
  • discontinued vulnerable technology.

Answer : to assess the likelihood of cases were reported to have caused.

The organization has experienced a number of web-based attacks, all of which appear to originate internally. The best course of action is:


Options are :

  • install intrusion detection system (IDS).
  • require strong passwords.
  • None
  • configure a static IP address.
  • implement centralized logging software.

Answer : install intrusion detection system (IDS).

determining which of the following has the highest priority emergency plan?


Options are :

  • critical data
  • None
  • critical infrastructure
  • staff safety,
  • vital records

Answer : staff safety,

CISM Certified Information Security Manager Practice Test Set 4

When designing a technical solution to a disaster recovery site primary factor which must be taken into account is:


Options are :

  • the maximum tolerable outage (MTO).
  • the recovery window.
  • the target service.
  • recovery time objective (RTO).
  • None

Answer : the recovery window.

Which of the following measures should lake place as soon as security breaches reported to the director of information security?


Options are :

  • Confirm the incident
  • to isolate the incident
  • None
  • We will notify stakeholders
  • determine the impact

Answer : Confirm the incident

What is the first measure information security manager should be taken when a company laptop is reported stolen?


Options are :

  • Removes a user account immediately
  • assess the impact of data loss
  • None
  • Update your company's notebook computer inventory
  • Ensuring reporting procedures

Answer : Ensuring reporting procedures

Customer credit card database has been breached by hackers. The first step to deal with this attack should be:


Options are :

  • Confirm the incident
  • notify law enforcement.
  • None
  • announces senior management.
  • to begin containment.

Answer : Confirm the incident

Justify the Earth of an event management team, the security manager would find which of the following would be most effective?


Options are :

  • The potential business benefits from the reduction of the impact of the event
  • Need for constant improvement in the level of security
  • None
  • Estimate the impact of business events in the past
  • Need an independent assessment of the causes of the event

Answer : The potential business benefits from the reduction of the impact of the event

10 years of responding to information security incident, the best way to treat evidence of possible legal action is defined as follows:


Options are :

  • None
  • local regulations.
  • international standards.
  • the organization's security policies.
  • generally accepted best practices.

Answer : local regulations.

CISM Information Risk Management Certification Practice

Which of the following gives BKST confirmation that the business continuity / disaster recovery plan objectives have been achieved?


Options are :

  • Recovery time objective (RTO) is not exceeded testing
  • None
  • Objective testing of business continuity / disaster recovery plan has been consistently
  • Information assets are valued and transferred to the owners of a business continuity plan, disaster recovery plan
  • The recovery point objective (RPO) has proved inadequate in a disaster recovery plan testing

Answer : Recovery time objective (RTO) is not exceeded testing

implementation of priority actions when the server has a virus is:


Options are :

  • to ensure that the virus database files are up to date.
  • None
  • to set up a firewall security weaknesses.
  • isolate the infected server (s) online.
  • identify all potential for infection caused.

Answer : isolate the infected server (s) online.

An intrusion detection system (IDS) would be:


Options are :

  • run continuously
  • None
  • ignore anomalies
  • located online
  • This requires a stable, rarely changed environment

Answer : run continuously

What is the primary objective of the review of post-event Incident Response?


Options are :

  • Adjust the budget provisioning
  • To improve the response process
  • None
  • Make sure that the case is fully documented
  • Keep forensic data

Answer : To improve the response process

Which of the following situations would be of most concern to a Security?


Options are :

  • Audit logs are not taken to production servers
  • The help desk has received a number of results users receive phishing e-mails
  • Login ID ended analyst systems continue to exist in the system
  • Trojan was found to be installed in a portable system administrator
  • None

Answer : Trojan was found to be installed in a portable system administrator

Evidence of a compromised server is a forensic examination of the acquisition. What would be the best source?


Options are :

  • A bit-level copy of all your hard drive data
  • backup servers
  • The last verified backup stored elsewhere
  • None
  • Information volatile memory

Answer : A bit-level copy of all your hard drive data

The database has been compromised by guessing the password for the shared administrative account and confidential customer information was stolen. Security chief was able to detect a breach by analyzing which of the following?


Options are :

  • Invalid login attempts
  • None
  • simultaneous logins
  • firewall logs
  • Writing rights violations

Answer : Invalid login attempts

Detailed contingency plans should be based primarily on:


Options are :

  • solution, which is preferred.
  • Strategies adopted by top management.
  • account of the different options.
  • strategies covering all applications.
  • None

Answer : Strategies adopted by top management.

The design of a backup strategy that is consistent with the primary return transaction strategy, a factor that must be taken into account are:


Options are :

  • recovery time objective (RTO).
  • the volume of sensitive information.
  • The recovery point objective (RPO).
  • interrupt window
  • None

Answer : The recovery point objective (RPO).

What is the best way to mitigate network against denial of service (DoS)?


Options are :

  • Uses packet filtering to drop a suspect packages
  • Make sure that all servers are up-to-date OS patches
  • To implement Network Address Translation to make internal addresses nonroutable
  • Implement load balancing targeted Internet devices
  • None

Answer : Uses packet filtering to drop a suspect packages

The primary purpose of conducting an internal attack and penetration test as part of the incident response program is to identify:


Options are :

  • weaknesses in the network and server security.
  • a possible attack vectors network perimeter.
  • ways to improve the incident response process.
  • None
  • optimal response to internal hacker attacks.

Answer : weaknesses in the network and server security.

Which of the following are the most important criteria when choosing antivirus software?


Options are :

  • Ability to operate intrusion detection system (IDS) software and firewalls
  • Alarm messages and impact assessment of new viruses
  • Product market share and annual cost savings
  • Easy to maintain, and the frequency of updates
  • None

Answer : Easy to maintain, and the frequency of updates

Why is the "slack space" value of a security chief as pan incident investigation?


Options are :

  • Loose mode includes login information
  • None
  • It offers a flexible space for investigation
  • The loose space is encrypted
  • Hidden data can be stored there

Answer : Hidden data can be stored there

When a large organization discovers that it has been a network probe, which of the following should be taken?


Options are :

  • Keep track of the probe and isolate the affected segment
  • Contact the server trace logging on the affected segment
  • Reboot the router connecting the DMZ firewall
  • Power down all servers located in the DMZ segment
  • None

Answer : Keep track of the probe and isolate the affected segment

CISM Information Security Governance Practice Test Set 1

Which of the following application systems should be the shortest recovery time objective (RTO)?


Options are :

  • None
  • Managing change
  • E-commerce web site
  • Contractor Payroll
  • Fixed asset shares system

Answer : E-commerce web site

Which of the following is the most important factor to ensure the success of the recovery in business during the accident?


Options are :

  • Hot site equipment needs recertified on a regular basis
  • Verkkoredundanssin maintained in a separate providers
  • Detailed technical recovery plans maintained outside
  • None
  • Proper notification criteria specified

Answer : Detailed technical recovery plans maintained outside

Properly tested, which of the following would most effectively support the information security manager in dealing with a security breach?


Options are :

  • None
  • Incident Response Plan
  • disaster survival plan
  • vulnerability management plan
  • Business Continuity Plan

Answer : Incident Response Plan

When an organization uses an automated tool to manage and plans for the continuity of the business of the house, which of the following is your primary concern?


Options are :

  • Broken hyperlinks resources stored elsewhere
  • Monitoring changes in personnel and funds
  • Versioning control plans modified
  • None
  • By ensuring accessibility should a disaster occur

Answer : By ensuring accessibility should a disaster occur

Business continuity policy should include which of the following?


Options are :

  • Critical backup copies of inventory
  • the recovery criteria
  • None
  • Business impact assessment (BIA)
  • Emergency call trees

Answer : the recovery criteria

Which of the following most closely associated with business continuity program?


Options are :

  • None
  • Periodically network layoffs
  • Upgrading to a hot local hardware configuration on a quarterly basis
  • It is confirmed that the detailed technical recovery plans exist
  • By developing recovery time objectives (RTOS) functions vital to

Answer : By developing recovery time objectives (RTOS) functions vital to

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions