CISM Information Security Governance Practice Test Set 4

Which of the following are likely to be updated MOST frequently?


Options are :

  • Standards for password length and complexity
  • Policies addressing information security governance
  • Standards for document retention and destruction
  • Procedures for hardening database servers

Answer : Procedures for hardening database servers

Which of the following would be the MOST important goal of an information security governance program?


Options are :

  • Effective involvement in business decision making
  • Total elimination of risk factors
  • Ensuring trust in data
  • Review of internal control mechanisms

Answer : Ensuring trust in data

Which of the following requirements would have the lowest level of priority in information security?


Options are :

  • Privacy
  • Technical
  • Business
  • Regulatory

Answer : Technical

CISM Information Risk Management Certification Test

Which of the following is characteristic of centralized information security management?


Options are :

  • Faster turnaround of requests
  • More expensive to administer
  • More aligned with business unit needs
  • Better adherence to policies

Answer : Better adherence to policies

It is MOST important that information security architecture be aligned with which of the following?


Options are :

  • Information security best practices
  • Information technology plans
  • Industry best practices
  • Business objectives and goals

Answer : Business objectives and goals

Which of the following are seldom changed in response to technological changes?


Options are :

  • Policies
  • .Procedures
  • Guidelines
  • Standards

Answer : Policies

CISM Information Security Program Management

The cost of implementing a security control should not exceed the:


Options are :

  • ost of an incident
  • implementation opportunity costs.
  • annualized loss expectancy.
  • asset value

Answer : asset value

Investments in information security technologies should be based on:


Options are :

  • vulnerability assessments.
  • value analysis
  • audit recommendations.
  • business climate.

Answer : value analysis

Information security governance is PRIMARILY driven by:


Options are :

  • regulatory requirements.
  • technology constraints.
  • litigation potential
  • business strategy.

Answer : business strategy.

Which of the following is MOST likely to be discretionary?


Options are :

  • Procedures
  • Standards
  • Policies
  • Guidelines

Answer : Guidelines

The PRIMARY goal in developing an information security strategy is to:


Options are :

  • establish security metrics and performance monitoring.
  • educate business process owners regarding their duties
  • ensure that legal and regulatory requirements are met
  • support the business objectives of the organization.

Answer : support the business objectives of the organization.

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?


Options are :

  • Change the standard to permit the deployment
  • Perform a risk analysis to quantify the risk
  • Perform research to propose use of a better technology
  • Enforce the existing security standard

Answer : Perform a risk analysis to quantify the risk

CISM Information Risk Management Certification Test

Minimum standards for securing the technical infrastructure should be defined in a security:


Options are :

  • architecture.
  • model
  • guidelines.
  • strategy

Answer : architecture.

Who should be responsible for enforcing access rights to application data?


Options are :

  • Security administrators
  • The security steering committee
  • Business process owners
  • Data owners

Answer : Security administrators

Successful implementation of information security governance will FIRST require:


Options are :

  • a computer incident management team.
  • updated security policies
  • a security architecture.
  • security awareness training

Answer : updated security policies

CISM Information Risk Management Certification

Senior management commitment and support for information security can BEST be obtained through presentations that:


Options are :

  • explain the technical risks to the organization.
  • evaluate the organization against best security practices.
  • use illustrative examples of successful attacks.
  • tie security risks to key business objectives.

Answer : tie security risks to key business objectives.

Which of the following is the MOST important factor when designing information security architecture?


Options are :

  • Stakeholder requirements
  • Development methodologies
  • Scalability of the network
  • Technical platform interfaces

Answer : Stakeholder requirements

Which of the following is MOST appropriate for inclusion in an information security strategy?


Options are :

  • Business controls designated as key controls
  • Firewall rule sets, network defaults and intrusion detection system (IDS) settings
  • Security processes, methods, tools and techniques
  • Budget estimates to acquire specific security tools

Answer : Security processes, methods, tools and techniques

CISM Information Security Program Management Practice Exam Set 2

Which of the following represents the MAJOR focus of privacy regulations


Options are :

  • Human rights protection D.
  • Identifiable personal data
  • Unrestricted data mining
  • Identity theft

Answer : Identifiable personal data

Acceptable levels of information security risk should be determined by:


Options are :

  • security management.
  • legal counsel.
  • die steering committee.
  • external auditors.

Answer : die steering committee.

Relationships among security technologies are BEST defined through which of the following?


Options are :

  • Process improvement models
  • Security architecture
  • Security metrics
  • Network topology

Answer : Security architecture

CISM Information Risk Management Certification Practice

When a security standard conflicts with a business objective, the situation should be resolved by:


Options are :

  • performing a risk analysis
  • performing a risk analysis
  • changing the security standard.
  • changing the business objective

Answer : performing a risk analysis

Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?


Options are :

  • Chief privacy officer (CPO)
  • Chief security officer (CSO)
  • Chief legal counsel (CLC)
  • Chief operating officer (COO)

Answer : Chief operating officer (COO)

Which of the following MOST commonly falls within the scope of an information security governance steering committee?


Options are :

  • Prioritizing information security initiatives
  • Approving access to critical financial systems
  • Interviewing candidates for information security specialist positions
  • Developing content for security awareness programs

Answer : Prioritizing information security initiatives

CISM Information Security Program Management Practice Exam

The MOST important component of a privacy policy is:


Options are :

  • notifications.
  • liabilities.
  • geographic coverage.
  • warranties

Answer : notifications.

Security technologies should be selected PRIMARILY on the basis of their:


Options are :

  • ability to mitigate business risks
  • evaluations in trade publications.
  • use of new and emerging technologies.
  • benefits in comparison to their costs.

Answer : ability to mitigate business risks

Retention of business records should PRIMARILY be based on:


Options are :

  • business strategy and direction.
  • business ease and value analysis.
  • regulatory and legal requirements.
  • storage capacity and longevity

Answer : regulatory and legal requirements.

CISM Information Risk Management Certification Practice Test

Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?


Options are :

  • Better alignment to business unit needs
  • Better adherence to policies
  • More uniformity in quality of service
  • More savings in total operating costs

Answer : Better alignment to business unit needs

The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:


Options are :

  • regulatory and legal requirements.
  • application systems and media.
  • storage capacity and shelf life
  • business strategy and direction.

Answer : application systems and media.

Which of the following roles would represent a conflict of interest for an information security manager?


Options are :

  • Monitoring adherence to physical security controls
  • Evaluation of third parties requesting connectivity
  • Final approval of information security policies
  • Assessment of the adequacy of disaster recovery plans

Answer : Final approval of information security policies

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions