li>have knowledge of security standards.
  • obtain support from other departments.
  • various infrastructure changes are made.
  • report risks in other departments.
  • Answer : various infrastructure changes are made.

    An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:

    Options are :

    Answer : source routing.

    CISM Information Security Program Management Practice Exam

    What is the BEST way to alleviate security team understaffing while retaining the capability in-house?

    Options are :

    Answer : Establish a virtual security team from competent employees across the company

    When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a third-party service provider, the BEST indicator of compliance would be the:

    Options are :

    Answer : access control matrix.

    An organization has implemented an enterprise resource planning (ERP) system used by 500 employees from various departments. Which of the following access control approaches is MOST appropriate?

    Options are :

    Answer : Role-based

    CISM Incident Management and Response Practice

    Which of the following is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)?

    Options are :

    Answer : Awareness training

    What is the MOS T cost-effective means of improving security awareness of staff personnel?

    Options are :

    Answer : User education and training

    The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

    Options are :

    Answer : sustaining the organization's security posture.

    CISM Information Risk Management Certification Practice

    A new port needs to be opened in a perimeter firewall. Which of the following should be the FIRST step before initiating any changes?

    Options are :

    Answer : Prepare an impact assessment report.

    An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?

    Options are :

    Answer : Restrict account access to read only

    Data owners will determine what access and authorizations users will have by:

    Options are :

    Answer : mapping to business needs.

    CISM Information Security Program Management Test

    An information security manager wishing to establish security baselines would:

    Options are :

    Answer : implement the security baselines to establish information security best practices.

    Which of the following is the MAIN objective in contracting with an external company to perform penetration testing?

    Options are :

    Answer : To receive an independent view of security exposures

    What is the BEST way to ensure data protection upon termination of employment?

    Options are :

    Answer : Ensure all logical access is removed

    Cism Information Security Program Development Practice Exam

    Which of the following is the BEST indicator that an effective security control is built into an organization?

    Options are :

    Answer : The monthly service level statistics indicate a minimal impact from security issues

    Recommended Reading

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions