Cism Information Security Program Development

Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

Options are :

  • Require managers to e-mail security when the user leaves
  • Ensure each individual has signed a security acknowledgement
  • Establish predetermined automatic expiration dates (Correct)
  • Log all account usage and send it to their manager

Answer : Establish predetermined automatic expiration dates

CISM Information Risk Management Certification Test

Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

Options are :

  • Focus only on production servers
  • Do not interrupt production processes (Correct)
  • Follow a linear process for attacks
  • Never use open source tools

Answer : Do not interrupt production processes

Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?

Options are :

  • Authentication
  • Hardening
  • Encryption (Correct)
  • Nonrepudiation

Answer : Encryption

Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

Options are :

  • Use security tokens for authentication
  • Enforce static media access control (MAC) addresses
  • Use https with a server-side certificate
  • Connect through an IPSec VPN (Correct)

Answer : Connect through an IPSec VPN

CISM Information Risk Management Certification

When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?

Options are :

  • Access control should fall back to no synchronized mode (Correct)
  • System logs should record all user activity for later analysis
  • All systems should block new logins until the problem is corrected
  • The firewall should block all inbound traffic during the outage

Answer : Access control should fall back to no synchronized mode

Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?

Options are :

  • Encryption
  • Patching
  • Packet filtering
  • Tuning (Correct)

Answer : Tuning

The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:

Options are :

  • allows passwords to be changed less frequently.
  • eliminates the need for secondary authentication.
  • helps ensure that communications are secure. (Correct)
  • increases security between multi-tier systems.

Answer : helps ensure that communications are secure.

CISM Information Risk Management Certification

Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?

Options are :

  • Internet-facing firewall
  • Boundary router
  • Strong encryption (Correct)
  • Intrusion detection system (IDS)

Answer : Strong encryption

An information security manager uses security metrics to measure the:

Options are :

  • performance of the security baseline.
  • effectiveness of the incident response team.
  • effectiveness of the security risk analysis.
  • performance of the information security program. (Correct)

Answer : performance of the information security program.

What is the BEST defense against a Structured Query Language (SQL) injection attack?

Options are :

  • Regularly updated signature files
  • An intrusion detection system
  • A properly configured firewall
  • Strict controls on input fields (Correct)

Answer : Strict controls on input fields

CISM Information Security Program Management Practice

Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?

Options are :

  • Safeguards over keys (Correct)
  • Configuration of firewalls
  • Strength of encryption algorithms
  • Authentication within application

Answer : Safeguards over keys

In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?

Options are :

  • Digital certificate
  • Digital signature
  • Encryption (Correct)
  • I lashing algorithm

Answer : Encryption

Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?

Options are :

  • Product documentation
  • System overhead (Correct)
  • Available support
  • Ease of installation

Answer : System overhead

CISM Information Risk Management Certification

The MOST important reason that statistical anomaly-based intrusion detection systems (slat IDSs) are less commonly used than signature-based IDSs, is that stat IDSs:

Options are :

  • cause false positives from minor changes to system variables.
  • cannot detect new types of attacks.
  • generate false alarms from varying user or system actions. (Correct)
  • create more overhead than signature-based IDSs.

Answer : generate false alarms from varying user or system actions.

The MOST important success factor to design an effective IT security awareness program is to:

Options are :

  • avoid technical content but give concrete examples.
  • customize the content to the target audience. (Correct)
  • ensure senior management is represented.
  • ensure that all the staff is trained.

Answer : customize the content to the target audience.

Which of the following is the MOST important risk associated with middleware in a clientserver environment?

Options are :

  • System integrity may be affected (Correct)
  • End-user sessions may be hijacked
  • Server patching may be prevented
  • System backups may be incomplete

Answer : System integrity may be affected

CISM Information Security Program Management

An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?

Options are :

  • Results of the latest independent security review
  • Security in storage and transmission of sensitive data (Correct)
  • Security technologies in place at the facility
  • Provider's level of compliance with industry standards

Answer : Security in storage and transmission of sensitive data

Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?

Options are :

  • Change management (Correct)
  • Security baselines
  • Patch management
  • Stress testing

Answer : Change management

Which of the following is MOST effective in protecting against the attack technique known as phishing?

Options are :

  • Firewall blocking rules
  • Up-to-date signature files
  • Security awareness training (Correct)
  • Intrusion detection monitoring

Answer : Security awareness training

Cism Information Security Program Development

Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:

Options are :

  • corporate legal counsel.
  • System developers/analysts.
  • key business process owners. (Correct)
  • corporate internal auditor.

Answer : key business process owners.

Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?

Options are :

  • Security baselines
  • Patch management
  • Stress testing
  • Change management (Correct)

Answer : Change management

CISM Information Security Governance Certified Test

Which of the following is the MOST important item to consider when evaluating products to monitor security across the enterprise?

Options are :

  • Available support
  • Product documentation
  • Ease of installation
  • System overhead (Correct)

Answer : System overhead

Which of the following is the MOST important consideration when securing customer credit card data acquired by a point-of-sale (POS) cash register?

Options are :

  • Hardening
  • Nonrepudiation
  • Encryption (Correct)
  • Authentication

Answer : Encryption

An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an information security manager to know?

Options are :

  • Provider's level of compliance with industry standards
  • Security in storage and transmission of sensitive data (Correct)
  • Security technologies in place at the facility
  • Results of the latest independent security review

Answer : Security in storage and transmission of sensitive data

CISM Certified Information Security Manager Test

Which of the following is the MOST important risk associated with middleware in a clientserver environment?

Options are :

  • System integrity may be affected (Correct)
  • Server patching may be prevented
  • System backups may be incomplete
  • End-user sessions may be hijacked

Answer : System integrity may be affected

An information security manager uses security metrics to measure the:

Options are :

  • effectiveness of the security risk analysis.
  • effectiveness of the incident response team.
  • performance of the security baseline.
  • performance of the information security program. (Correct)

Answer : performance of the information security program.

Which of the following is the MOST important guideline when using software to scan for security exposures within a corporate network?

Options are :

  • Do not interrupt production processes (Correct)
  • Follow a linear process for attacks
  • Focus only on production servers
  • Never use open source tools

Answer : Do not interrupt production processes

CISM Certified Information Security Manager Test Practice Mock

The advantage of Virtual Private Network (VPN) tunneling for remote users is that it:

Options are :

  • allows passwords to be changed less frequently.
  • increases security between multi-tier systems.
  • eliminates the need for secondary authentication.
  • helps ensure that communications are secure. (Correct)

Answer : helps ensure that communications are secure.

What is the BEST defense against a Structured Query Language (SQL) injection attack?

Options are :

  • Regularly updated signature files
  • An intrusion detection system
  • Strict controls on input fields (Correct)
  • A properly configured firewall

Answer : Strict controls on input fields

Which of the following is MOST effective for securing wireless networks as a point of entry into a corporate network?

Options are :

  • Intrusion detection system (IDS)
  • Strong encryption (Correct)
  • Boundary router
  • Internet-facing firewall

Answer : Strong encryption

Cism Information Security Program Development Practice Exam

In the process of deploying a new e-mail system, an information security manager would like to ensure the confidentiality of messages while in transit. Which of the following is the MOST appropriate method to ensure data confidentiality in a new e-mail system implementation?

Options are :

  • Digital certificate
  • Encryption (Correct)
  • Digital signature
  • I lashing algorithm

Answer : Encryption

Primary direction on the impact of compliance with new regulatory requirements that may lead to major application system changes should be obtained from the:

Options are :

  • key business process owners. (Correct)
  • corporate internal auditor.
  • corporate legal counsel.
  • System developers/analysts.

Answer : key business process owners.

Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

Options are :

  • Require managers to e-mail security when the user leaves
  • Ensure each individual has signed a security acknowledgement
  • Establish predetermined automatic expiration dates (Correct)
  • Log all account usage and send it to their manager

Answer : Establish predetermined automatic expiration dates

Cism Information Security Program Development

When a newly installed system for synchronizing passwords across multiple systems and platforms abnormally terminates without warning, which of the following should automatically occur FIRST?

Options are :

  • The firewall should block all inbound traffic during the outage
  • All systems should block new logins until the problem is corrected
  • Access control should fall back to no synchronized mode (Correct)
  • System logs should record all user activity for later analysis

Answer : Access control should fall back to no synchronized mode

Which of the following is the MOST important consideration when implementing an intrusion detection system (IDS)?

Options are :

  • Patching
  • Tuning (Correct)
  • Packet filtering
  • Encryption

Answer : Tuning

The MOST important success factor to design an effective IT security awareness program is to:

Options are :

  • customize the content to the target audience. (Correct)
  • ensure senior management is represented.
  • ensure that all the staff is trained.
  • avoid technical content but give concrete examples.

Answer : customize the content to the target audience.

CISM Information Security Governance Certified

Which of the following practices completely prevents a man-in-the-middle (MitM) attack between two hosts?

Options are :

  • Use security tokens for authentication
  • Connect through an IPSec VPN (Correct)
  • Use https with a server-side certificate
  • Enforce static media access control (MAC) addresses

Answer : Connect through an IPSec VPN

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions