CISM Information Security Program Management Practice Exam Set 3

The following, the best way to ensure that temporary workers do not receive excessive access rights shall be:


Options are :

  • None
  • lattice-based access control.
  • role-based access control. (Correct)
  • mandatory access control.
  • discretionary access control

Answer : role-based access control.

Non-repudiation can be best ensured by using:


Options are :

  • None
  • the delivery path tracing.
  • out-of-hand channels.
  • digital signatures. (Correct)
  • Reverse Lookup translation.

Answer : digital signatures.

Which of the following is the most important management signoff from moving to the order processing system test environment to a production environment?


Options are :

  • Database
  • functions
  • None
  • user (Correct)
  • safety

Answer : user

Help to ensure that the contract staff shall not without permission of sensitive data, data security manager should be a priority to:


Options are :

  • set their account will expire in six months or less.
  • to make sure that they pass the background checks.
  • To prevent the issue of system management roles. (Correct)
  • None
  • to make sure they have been approved by the owner of the data.

Answer : To prevent the issue of system management roles.

CISM Information Security Program Management Practice Exam Set 4

What is the best way to ensure that an intruder successfully penetrates detects the network before significant damage is inflicted?


Options are :

  • None
  • Perform periodic penetration testing
  • To implement the vendor default settings
  • Minimum requirements for the safety of the baselines
  • Install a honeypot network (Correct)

Answer : Install a honeypot network

What is the best way to ensure that all security updates that apply to servers properly documented?


Options are :

  • Trace logs OS patch upgrade the OS vendor guides
  • Review mitigation documentation of key servers
  • Track down the OS patch logs, change management requests (Correct)
  • None
  • To trace the change control requests to the operating system (OS) patch logs

Answer : Track down the OS patch logs, change management requests

Successful social attacks can best be prevented by:


Options are :

  • effective termination procedures.
  • None
  • preemployment screening.
  • close monitoring of user access patterns.
  • periodically education. (Correct)

Answer : periodically education.

Which of the following is likely to increase the difficulty of completely destroy malicious code that can not immediately be determined?


Options are :

  • upgrade hardware
  • Location File
  • None
  • Changing the rules on access to
  • Backup Files (Correct)

Answer : Backup Files

Which of the following areas is most sensitive to the introduction of security weaknesses?


Options are :

  • configuration management (Correct)
  • Tape backup management
  • Incident Response Management
  • database Management
  • None

Answer : configuration management

What is the best way to ensure that contract programmers adhere to the organization's information security policy?


Options are :

  • Reference is made expressly contractors safety requirements
  • Perform periodic security checks of contractors (Correct)
  • None
  • Is contractors applicant a written security policy
  • Create penalties for noncompliance contract agreement

Answer : Perform periodic security checks of contractors

CISM Information Security Program Management Practice Exam Set 3

Information security policies should be:


Options are :

  • None
  • treated with an offense to communicate.
  • can be customized to specific groups, and roles.
  • simple and easy to understand. (Correct)
  • to address vulnerabilities in the corporate network.

Answer : simple and easy to understand.

Which of the following best ensure that management takes ownership of the decision-making process of security?


Options are :

  • Security policy and procedures
  • Annual self-assessment management
  • Safety awareness campaigns
  • safety Steering (Correct)
  • None

Answer : safety Steering

Prior to that third party, attack and penetration test against an organization, the most important thing is to ensure that:


Options are :

  • technical staff have been informed of what to expect.
  • special production servers backups are made.
  • a third party provides a demonstration of the test system.
  • None
  • goals and objectives are clearly defined. (Correct)

Answer : goals and objectives are clearly defined.

Return on capital employed information security can best be assessed through, which of the following?


Options are :

  • safety statistics
  • To support business goals (Correct)
  • process improvement models
  • None
  • safety performance

Answer : To support business goals

Which of the following is most important to a successful good safety management practices?


Options are :

  • management support (Correct)
  • None
  • safety statistics
  • security baselines
  • further education

Answer : management support

Which of the following is the foot of exposure to internal network attack?


Options are :

  • All network traffic passes through a single switch
  • None
  • User passwords are encoded but not encrypted (Correct)
  • User passwords are automatically expired
  • All users are located in one internal subnet

Answer : User passwords are encoded but not encrypted

CISM Information Risk Management Certification

Information security policy should be aligned most closely with:


Options are :

  • generally accepted standards.
  • local laws and regulations.
  • None
  • industry best practices
  • organizational needs. (Correct)

Answer : organizational needs.

Which of the following is the best way to ensure that the enterprise network is adequately protected from external attack?


Options are :

  • None
  • Minimum requirements for the safety of the baselines.
  • Perform periodic penetration testing. (Correct)
  • Implements seller recommended settings.
  • To use an intrusion detection system.

Answer : Perform periodic penetration testing.

Which of the following environments represents the greatest risk to the organization's safety?


Options are :

  • Centrally-managed data switch
  • Enterprise Data Warehouse
  • None
  • Load-balanced by, the web server cluster
  • Locally managed file server (Correct)

Answer : Locally managed file server

When the departmental system is still out of the compliance with the security policy of the password strength requirements, the best action is committed to:


Options are :

  • to make analysis of the impact of quantifiable risks. (Correct)
  • None
  • submit the issue to the Executive Committee.
  • asks the acceptable risk level from senior management.
  • to isolate the system from the rest of the network.

Answer : to make analysis of the impact of quantifiable risks.

Which of the following presents the greatest threat to the security of the enterprise (ERP) system?


Options are :

  • Network traffic through a single switch
  • ad hoc reporting user is not logged in
  • Database security ERP default settings
  • None
  • Operating System (OS) security patches have not been applied (Correct)

Answer : Operating System (OS) security patches have not been applied

Security Awareness training should be provided to new employees:


Options are :

  • During the training the system users.
  • None
  • as well as the personnel department.
  • then, as they are needed.
  • before they have access to the data. (Correct)

Answer : before they have access to the data.

CISM Information Security Governance Practice Test Set 1

The primary objective of safety awareness are:


Options are :

  • None
  • ensure compliance with laws and regulations
  • to ensure that security policies are understood.
  • impact on employees' behavior. (Correct)
  • announces the actions of noncompliance

Answer : impact on employees' behavior.

Security awareness program should be


Options are :

  • to deal with specific groups and roles. (Correct)
  • The present top management point of view.
  • address specific exploits.
  • None
  • to promote security department procedures.

Answer : to deal with specific groups and roles.

Which of the following is the most appropriate individual to implement and maintain the level of security needed for a specific business applications?


Options are :

  • Quality Control Manager
  • None
  • process owner (Correct)
  • Chief Information security Officer
  • system analyzer

Answer : process owner

What is best to protect yourself from harmful activities of the former employees of the following?


Options are :

  • Periodically education
  • Close monitoring of users
  • Preemployment screening
  • termination on actual procedures (Correct)
  • None

Answer : termination on actual procedures

Social engineering scenario, which of the following is likely to reduce the likelihood of unauthorized access to an individual's computer resources?


Options are :

  • Increasing the frequency of password changes
  • Require that passwords are strictly confidential
  • Carry out periodic security awareness programs (Correct)
  • Implementation of the screen masking passwords
  • None

Answer : Carry out periodic security awareness programs

Which of the following represents the primary area of ??performing a penetration test?


Options are :

  • data mining
  • network mapping (Correct)
  • Intrusion Detection System (IDS)
  • None
  • customer Information

Answer : network mapping

CISM Incident Management and Response Practice Exam

The best way to determine whether a deviation-based intrusion detection system (IDS) is installed properly is:


Options are :

  • None
  • Use the honeypot to check for unusual activity.
  • IDS benchmark against peer site.
  • check the configuration of the IDS.
  • to simulate the attack and review the performance of IDS. (Correct)

Answer : to simulate the attack and review the performance of IDS.

The best time to make a penetration test is the following:


Options are :

  • The high turnover of staff systems.
  • None
  • audit reported weaknesses in security controls.
  • various changes in infrastructure are made. (Correct)
  • attempted intrusion has occurred.

Answer : various changes in infrastructure are made.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions