CISM Information Security Program Management Practice Exam Set 1

What is the best way to ensure that users comply with the security requirements of the organization password complexity?


Options are :

  • None
  • Are password construction requirements and safety requirements
  • Implement strict sanctions user submission
  • Make it possible to implement the system password configuration (Correct)
  • Require each user to recognize the password requirements

Answer : Make it possible to implement the system password configuration

What is the best way to ensure that all firewall rules and router settings are adequate?


Options are :

  • Daily reporting server for evidence of hacker activity
  • None
  • Regular review of network settings
  • Review Intrusion Detection System (IDS) logs into evidence the attacks
  • Periodically perform penetration tests (Correct)

Answer : Periodically perform penetration tests

Good security procedures would be:


Options are :

  • define the permissible limits of behavior.
  • , the safety of baselines for each platform.
  • None
  • will be updated frequently as new software is released. (Correct)
  • emphasize safety management.

Answer : will be updated frequently as new software is released.

What is the biggest downside to e-mail a password-protected zip files over the Internet? They:


Options are :

  • may be corrupted receiving e-mail server.
  • can be quarantined mail filters. (Correct)
  • decrypted at the firewall.
  • None
  • all using the weak encryption.

Answer : can be quarantined mail filters.

CISM Information Security Governance Practice Test Set 1

Who is ultimately responsible for ensuring that the information is classified, and that protective measures are taken?


Options are :

  • Chief Information security Officer
  • data guardian
  • safety Management Group (Correct)
  • the data owner
  • None

Answer : safety Management Group

Which of the following are the most important individuals include the members of the information security management team?


Options are :

  • Internal audit and corporate legal departments,
  • Throughout the surgery, end-users and IT professionals
  • Information management and key business process owners (Correct)
  • None
  • Direct reported CIO

Answer : Information management and key business process owners

Which of the following is the weakness of signature-based intrusion detection?


Options are :

  • None
  • Attack profiles can be easily faked
  • The greater the number of false positives
  • The new attack methods will be missed (Correct)
  • Long-term search can not miss

Answer : The new attack methods will be missed

Which of the following gives the lifting device ensure that procedures are properly aligned security policy requirements?


Options are :

  • safety statistics
  • standard (Correct)
  • IT governance
  • guidelines
  • None

Answer : standard

Which of the following is the most important measures, while engage in third-party consultants to attack and penetration test?


Options are :

  • Ask for a list of software can be used
  • Clear instructions IT staff
  • To monitor intrusion detection system (IDS) and firewall logs accurately
  • None
  • Establish clear rules of engagement (Correct)

Answer : Establish clear rules of engagement

What is the most appropriate change management procedure for handling emergency changes to the program?


Options are :

  • Documentation is a graduate of approval soon after the change (Correct)
  • Official documents do not need to be filled before the change
  • None
  • Management approval must be obtained before the change
  • The change is follow the same process

Answer : Documentation is a graduate of approval soon after the change

CISM Information Security Program Management Practice Exam Set 4

Which of the following documents should be bes t reference to whether a suitable access control mechanisms critical application?


Options are :

  • User security procedures
  • IT security policy (Correct)
  • regulatory Requirements
  • Business process flow
  • None

Answer : IT security policy

Which of the following best to prevent an employee from using a USB drive to copy files from desktop computers?


Options are :

  • Created under strict access controls to sensitive information
  • None
  • To undertake awareness-raising often with the consequences of a failure
  • Limit the available drive sharing on all computers (Correct)
  • To remove a universal serial bus (USB) ports on all computers

Answer : Limit the available drive sharing on all computers

Documented requirements / procedures for the use of encryption throughout the enterprise primarily:


Options are :

  • to strengthen the encryption tools solutions.
  • define cryp, 0a raphic algorithms and key lengths.
  • define the circumstances in which an encryption policy should be used. (Correct)
  • describe the treatment methods of encryption keys.
  • None

Answer : define the circumstances in which an encryption policy should be used.

What is the most efficient access control method to prevent users from sharing files from unauthorized users?


Options are :

  • Obligatory (Correct)
  • discretionary
  • None
  • Role-based
  • fenced garden

Answer : Obligatory

The primary reason for using indicators to assess the security is:


Options are :

  • None
  • justify budget expenditures.
  • so that even an improvement. (Correct)
  • identify security weaknesses.
  • security awareness.

Answer : so that even an improvement.

Which of the following is most appropriate for the individual, so that new responsibilities were not imported to an existing application in the management of changes?


Options are :

  • information security officer
  • operation Director
  • None
  • system analyzer
  • system user (Correct)

Answer : system user

CISM Information Risk Management Certification

Good security standards should be:


Options are :

  • will be updated frequently as new software is released.
  • None
  • to address the high-level objectives of the organization.
  • to describe the process to communicate violations.
  • to define precise and unambiguous limits. (Correct)

Answer : to define precise and unambiguous limits.

An important trading partner access to internal network is unwilling or unable rehabilitation of serious security exposures in the current environment. Which of the following is the best recommendation?


Options are :

  • Remove all access to the trading until the situation improves
  • To sign a legal agreement to show them all liability for infringement
  • Send periodic reminders to advise them of their noncompliance
  • Set up firewall rules to restrict network traffic from that location (Correct)
  • None

Answer : Set up firewall rules to restrict network traffic from that location

Which of the following is the most appropriate method for the operating system (OS) patches production application servers?


Options are :

  • Batch separation patches often the server upgrade
  • Founded servers automatically download patches
  • None
  • Automatically push patches for servers
  • At first, download the patches on the test machine (Correct)

Answer : At first, download the patches on the test machine

Which of the following presents the greatest risk to information security?


Options are :

  • Security access logs are reviewed within five working days
  • None
  • Security incidents are examined within five working days (Correct)
  • The critical patches are applied within 24 hours of release
  • The virus signature files updates are applied to all servers every day

Answer : Security incidents are examined within five working days

Which of the following is most important to measure the effectiveness of information security awareness program?


Options are :

  • None
  • A smaller number of breaches of the safety reports
  • Quantitative evaluation to ensure understanding of users' (Correct)
  • Increased interest in the target groups on security issues
  • Increased number of breaches of the safety reports

Answer : Quantitative evaluation to ensure understanding of users'

Which of the following is the most immediate consequence is not to tune the newly installed intrusion detection system (IDS), where the threshold is set to a low value?


Options are :

  • None
  • Attack profiles are ignored
  • Active additional questions remain between
  • The number of false positives more (Correct)
  • The number of false negatives more

Answer : The number of false positives more

CISM Certified Information Security Manager

Which of the following is the most appropriate way with a password that opens to protect the confidential file?


Options are :

  • None
  • Out-of-band channels (Correct)
  • Tracing Shipping Road
  • digital signatures
  • Reverse Lookup translation

Answer : Out-of-band channels

Security Manager The strategy has been asked to develop a change management process. What is the first thing in the information security manager should do?


Options are :

  • Establish a change management practices
  • critical systems
  • None
  • Meet stakeholders (Correct)
  • Research on best practices

Answer : Meet stakeholders

Which of the following is the most important process, the security manager needs to negotiate an outsourcing partner of the service provider?


Options are :

  • Encryption between the organization and the service provider
  • Common risk assessment system
  • None
  • Right to an independent security checks (Correct)
  • A legally binding agreement on data privacy

Answer : Right to an independent security checks

Which of the following is the top priority of the issue of possible security compromise a new wireless network?


Options are :

  • None
  • the level of encryption
  • bandwidth
  • signal strength
  • The number of administrators (Correct)

Answer : The number of administrators

Security audit reviews should primarily:


Options are :

  • ensure that audits are cost-effective.
  • None
  • focus on preventive surveillance.
  • ensure the monitoring is technically up to date.
  • e, which guides the work as required. (Correct)

Answer : e, which guides the work as required.

The critical device is delivered to a single user name and password which is required to be shared for multiple users to use the device. Director of security strategy has a role to ensure everyone's access to the device is allowed. Which of the following would be the most effective way to achieve this?


Options are :

  • None
  • To analyze the logs to detect unauthorized access to the
  • Ask the dealer to add multiple user accounts
  • Implement manual procedures, which require the password is reset after each use
  • Allow a separate device that requires proper authentication (Correct)

Answer : Allow a separate device that requires proper authentication

CISM Information Security Governance Certification Test

The emphasis is on change management process is to ensure that the changes are:


Options are :

  • applied.
  • accredited (Correct)
  • None
  • documented
  • tested.

Answer : accredited

Data owners are generally responsible for which of the following?


Options are :

  • None
  • Wander through the application code to production changes
  • determine the level of application security is required (Correct)
  • Applying for emergency changes to application
  • The adoption of security over database records

Answer : determine the level of application security is required

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions