CISM Incident Management Response Certified Practice Exam Set 2

Which of the following would be the first task in the aftermath of a denial of service attack?


Options are :

  • To make analysis of the effects of break in
  • Restore from a backup stored on servers elsewhere
  • To undertake an assessment to determine the status of the system
  • Isolate screened subnet
  • None

Answer : To undertake an assessment to determine the status of the system

Which of the following terms and conditions represent a significant deficiency, if accompanied by a commercial hot site contract?


Options are :

  • The plant is exposed to a "first come, first served" policy
  • The hot site facility is divided into a number of disaster declarations
  • All equipment is delivered "immediately after the accident, and not on the floor"
  • The equipment can be substituted by equivalent model
  • None

Answer : All equipment is delivered "immediately after the accident, and not on the floor"

Which of the following should be taken, when the security chief discovers that a hacker is a foot print of the network edge?


Options are :

  • Update IDS software to the latest available version
  • None
  • Contact the server trace logging DMZ segment
  • Start the border router connected to the firewall
  • Check the IDS logs and monitor active attacks

Answer : Check the IDS logs and monitor active attacks

Which of the following would mean a violation of the origin of the wood when the backup tape is found evidence of fraud investigations? The tape was:


Options are :

  • handed over to an authorized independent investigators.
  • signed sealed in an envelope and locked safe under dual control.
  • None
  • removed custody of law enforcement investigators.
  • stored in the tape library to the "analysis.

Answer : stored in the tape library to the "analysis.

Which of the following is the most serious exposure automatically updated virus database with information on each desktop on Fridays at 23:00 (23.00.)?


Options are :

  • Most new viruses * signatures are identified on weekends
  • None
  • The systems are vulnerable to new viruses the past week
  • The technical staff is not available to support the operation
  • The success or failure of the update is not known until Monday

Answer : The systems are vulnerable to new viruses the past week

Which of the following is the best way to ensure that all critical production servers utilize updated virus signature database files?


Options are :

  • None
  • Research the latest signature file and compares the console
  • Make sure the date of the last signature files pushed out
  • Use the recently identified a benign virus to test if it is quarantined
  • Check a sample of servers that signature files are current

Answer : Check a sample of servers that signature files are current

CISM Information Security Governance Practice Test Set 1

Computer Incident Response Team (CIRT) manual should contain mainly which of the following documents?


Options are :

  • None
  • Table critical backup files
  • As a result of the evaluation
  • severity criteria
  • Emergency call directory tree

Answer : severity criteria

Isolation and containment measures lor the computer has been compromised and security management is now investigating. What is the most appropriate next step?


Options are :

  • Make a copy of the entire system memory
  • None
  • Start the machine to break remote connections
  • To document the current connections and open Transmission Control Protocol / User Datagram Protocol (TCP / I'DP) ports
  • Run forensics tool for the machine to collect evidence

Answer : Start the machine to break remote connections

The primary purpose of install intrusion detection system (IDS) is detected:


Options are :

  • weaknesses in information security.
  • None
  • models suspicious use.
  • potential attacks on the internal network.
  • how the attack was launched on the web.

Answer : potential attacks on the internal network.

When performing a business impact analysis (BIA), which of the following should be calculated recovery time and cost estimates?


Options are :

  • Business continuity coordinator
  • Business process owners
  • Chief Information security Officer
  • Industry averages benchmarks
  • None

Answer : Business process owners

Unsafe condition response policy should include:


Options are :

  • None
  • critical backup files on inventory.
  • updated call trees.
  • escalation criteria.
  • press release templates.

Answer : escalation criteria.

a desktop computer, which was accompanied by a security authority should be secured as evidence:


Options are :

  • by removing all local user accounts except for one administrator.
  • Copy all files in the operating system (OS) of write-once media.
  • None
  • encrypting local files and downloading the exact copies of a secure server.
  • by disconnecting all power sources from the computer.

Answer : by disconnecting all power sources from the computer.

Which of the following is the most important factor to ensure the success of the event recovery test provided by the seller hot site?


Options are :

  • The equipment is a hot site is identical to the
  • IP addresses are pre
  • Management is actively involved in
  • None
  • The tests are scheduled on weekends

Answer : Management is actively involved in

At the conclusion of the test disaster recovery event, which of the following must be carried out before each departure from the seller hot site facility?


Options are :

  • Deletes the data and software on devices
  • Performs a meeting to evaluate the test
  • Fill in the estimate of a hot site administrator
  • Evaluate the results of all test scripts
  • None

Answer : Deletes the data and software on devices

CISM Certified Information Security Manager Test Practice Mock

When you collect evidence for forensic analysis, it is important to:


Options are :

  • None
  • disconnect from the network and isolate the equipment in question.
  • ensuring qualified staff for the task.
  • ensure that law enforcement agencies are present before starting forensic analysis.
  • ask do an image copy the IT department.

Answer : ensuring qualified staff for the task.

The primary objective of responding to a major security incident is:


Options are :

  • the containment building.
  • restoration
  • tracking.
  • None
  • documentation.

Answer : the containment building.

Which of the following is the most important test whether the return of the event to be successful?


Options are :

  • All systems are reversible Recovery Time Objectives (RTOS)
  • None
  • IT staff fully recovered from the processing infrastructure;
  • Critical business processes are overlapping
  • The only business data files from an offsite storage is used

Answer : Critical business processes are overlapping

Which of the following should be agreed upon first taking up business continuity program?


Options are :

  • None
  • Incremental cost per day is not available systems
  • Location and cost of offsite recovery facilities
  • Composition and mission of individual recovery teams
  • Will pay to rebuild the data processing facilities

Answer : Incremental cost per day is not available systems

The best way to detect and monitor hacker activity without disclosing information assets unnecessary risks is to use:


Options are :

  • firewalls.
  • a screened subnet.
  • None
  • bastion hosts.
  • decoy files.

Answer : decoy files.

The company has a network of branch offices with local file / print servers, and email; each branch separately Agreements hot site. Which of the following would be GRF.ATEST the weakness of the recovery feature?


Options are :

  • The hot site may have to share with other clients
  • None
  • Time-site notification to determine access priority
  • Provider services to companies from all major area
  • Exclusive use of the hot sites is limited to six weeks

Answer : Provider services to companies from all major area

CISM Information Security Program Management Practice Exam Set 4

What is the best way to mitigate network against denial of service (DoS)?


Options are :

  • Uses packet filtering to drop a suspect packages
  • To implement Network Address Translation to make internal addresses nonroutable
  • Make sure that all servers are up-to-date OS patches
  • Implement load balancing targeted Internet devices
  • None

Answer : Uses packet filtering to drop a suspect packages

The organization, which has several data centers has appointed one of its own facilities at the recovery site. Our main concern is:


Options are :

  • the communication between the transmission of data centers.
  • The current processing capacity of the data center loads.
  • synchronization system version of the software versions.
  • None
  • Differences logical security of each center.

Answer : The current processing capacity of the data center loads.

Which of the following is most important to ensure a successful recovery?


Options are :

  • Backups are stored offsite
  • Web links to alternative tested on a regular basis
  • None
  • More than one hot site is available
  • The revival of the location is safe and easy

Answer : Backups are stored offsite

Which of the following actions must be carried out when an online marketing company realizes network attack in progress?


Options are :

  • Shut down all network access points
  • Having a follow-up event logging all
  • None
  • To isolate the affected network segment
  • Dump all event logs to removable media

Answer : To isolate the affected network segment

Justify the Earth of an event management team, the security manager would find which of the following would be most effective?


Options are :

  • Need an independent assessment of the causes of the event
  • None
  • The potential business benefits from the reduction of the impact of the event
  • Need for constant improvement in the level of security
  • Estimate the impact of business events in the past

Answer : The potential business benefits from the reduction of the impact of the event

The best approach in the management of a security incident, in which a successful penetration should be:


Options are :

  • enable continuous business processes in response.
  • Incident Response to examine the process deficiencies.
  • None
  • enable the security group to evaluate the attack profile.
  • allow the case to continue to trace the source.

Answer : enable continuous business processes in response.

CISM Information Security Program Management Practice Exam Set 4

A root kit was used to capture the detailed accounts receivable information. To ensure the admissibility of evidence, from a legal perspective, when the incident was identified and isolated from the server, the next step would be to:


Options are :

  • Close the accounts receivable system.
  • take an image copy of media.
  • None
  • to document the attack occurred
  • notify law enforcement.

Answer : take an image copy of media.

The post-incident review should be carried out case management team to find out:


Options are :

  • the hacker's identity.
  • in affected areas.
  • electronic evidence in this regard.
  • Lessons learned.
  • None

Answer : Lessons learned.

New e-mail virus that uses disguised as an image file with Annex spreading rapidly on the Internet. Which of the following should be carried out as a first response to this threat?


Options are :

  • Block all emails containing image attachments
  • Block incoming Internet e-mail, but allow outgoing mail
  • None
  • Quarantined in connection with all mail servers on the Internet
  • Quarantined all image files on file servers

Answer : Block all emails containing image attachments

Which of the following is most important when deciding where to build an alternative possibility, or subscribe to a third-party hot site?


Options are :

  • None
  • Criticality is due to the business impact analysis (BIA)
  • To pay to build a redundant processing and invocation
  • Infrastructure complexity and sensitivity of the system
  • The cost of the day to lose critical systems and recovery time objectives (RTOS)

Answer : Infrastructure complexity and sensitivity of the system

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions