CISM Information Security Program Management Practice Exam Set 4

Which of the following is the first step, where the security should be addressed during the development of the project?


Options are :

  • feasibility (Correct)
  • None
  • Implementation
  • Design
  • Application security testing

Answer : feasibility

When the emergency security patch is received via electronic mail, the patch is a first:


Options are :

  • None
  • validated to ensure its authenticity. (Correct)
  • was charged with isolated test machine.
  • is copied in order to prevent a write-once media.
  • decompiled to check for malicious code.

Answer : validated to ensure its authenticity.

The advantage of using the complete data (white box) approach compared to the blind (black box) approach to penetration testing is that:


Options are :

  • None
  • human intervention, such a test is not required.
  • it simulates the actual situation 1ife external security attack.
  • less time spent on intelligence and information gathering. (Correct)
  • Critical infrastructure information is not revealed to the tester.

Answer : less time spent on intelligence and information gathering.

Which of the following is the best approach to mitigate brute force attacks on user accounts online?


Options are :

  • Implementation of locking policy (Correct)
  • Passwords are stored in encrypted form
  • Strong passwords are changed periodically
  • None
  • user awareness

Answer : Implementation of locking policy

CISM Information Security Program Management Practice Exam Set 3

Which of the following metrics would be most useful in measuring how well your information security monitors in contravention of logs?


Options are :

  • Violation of the log reports produced
  • Penetration trying studied (Correct)
  • None
  • Violation of log entries
  • The frequency of corrective measures

Answer : Penetration trying studied

What is the most cost-effective way to identify new vulnerabilities seller?


Options are :

  • honey pots located in the DMZ
  • Intrusion prevention software
  • Periodic vulnerability assessments carried consultants
  • External vulnerability reporting sources (Correct)
  • None

Answer : External vulnerability reporting sources

The root cause of the successful pass site request forgery (XSRF) attack against application is that sensitive application:


Options are :

  • is mounted non-1egitimate license key.
  • has taken the cookies as the sole authentication mechanism. (Correct)
  • hosted on a server along with other applications
  • use multiple controllers fulfillment of the database to commit to the event.
  • None

Answer : has taken the cookies as the sole authentication mechanism.

The organization that outsourced payroll processing conducted by an independent evaluation of security checks on third-party, a political requirements. Which of the following is the most useful requirement included in the contract?


Options are :

  • Dedicated security manager for monitoring
  • right to inspect (Correct)
  • confidentiality agreement
  • None
  • Proper implementation of the firewall

Answer : right to inspect

The best way to ensure that the security settings for each platform compliance with information security policies and procedures:


Options are :

  • perform penetration testing.
  • implement vendor default settings.
  • link policy independent of the standard.
  • to create security baselines. (Correct)
  • None

Answer : to create security baselines.

Which of the following is the best way to reduce the incidents of employees forwarding spam and chain mails?


Options are :

  • None
  • disciplinary action
  • By setting a low cross-mailbox
  • Acceptable use policy
  • user education (Correct)

Answer : user education

CISM Information Security Program Management Practice Exam Set 5

Which of the following is outsourced IT services critical to ensure the continuous operation of security?


Options are :

  • Part of the safety service
  • Creative education and training concerning the safety of third-party service provider's employees
  • Requests that the third-party service provider to comply with the organization's security policy
  • Regular security checks third-party service provider (Correct)
  • None

Answer : Regular security checks third-party service provider

Web-based business application has been moved to production test. Which of the following is the most important management signoff for this migration?


Options are :

  • network
  • None
  • user (Correct)
  • functions
  • Database

Answer : user

Simple Network Management Protocol v2 often (SNMP v2) used to track networks. Which of the following vulnerabilities il does not always use?


Options are :

  • None
  • Remote buffer overflow
  • Clear text authentication (Correct)
  • Man-in-the-middle attack
  • Cross site scripting

Answer : Clear text authentication

The organization makes a new business partner agreement to visit the customer mailings. What is the most important action that the information security manager to do?


Options are :

  • Due diligence business partner Security Review privacy features
  • None
  • To ensure that the third party is contractually obligated to all the relevant safety requirements (Correct)
  • Ensures that the business partner is an effective business continuity program
  • Speaking to other customers of the business partner check references performance

Answer : To ensure that the third party is contractually obligated to all the relevant safety requirements

The best way to ensure that security policies are followed is:


Options are :

  • to set up an anonymous hotline to inform policy abuse.
  • contain the escalating non-compliance penalties.
  • distribute printed copies of all employees
  • perform periodic compliance reviews. (Correct)
  • None

Answer : perform periodic compliance reviews.

Which of the following is the most appropriate way to ensure that the password strength of a large organization?


Options are :

  • Install the code to capture passwords Periodic Review
  • Sip Some of the users and ask for passwords for review
  • None
  • The standard language security settings for each platform (Correct)
  • Tried to return the multiple passwords weaker values

Answer : The standard language security settings for each platform

CISM Incident Management Response Certified Practice Exam Set 1

The advantage of sending messages steganographic techniques, as opposed to using encryption, is that:


Options are :

  • data reliability is higher transit.
  • The existence of the messages is unknown. (Correct)
  • traffic is sniffed.
  • None
  • required for key sizes are smaller.

Answer : The existence of the messages is unknown.

Which of the following BEST guarantees safety risks should be reassessed, as the changes in application development is done?


Options are :

  • The problem management process
  • None
  • background screening
  • The change control process (Correct)
  • Business impact analysis (BIA)

Answer : The change control process

In a well-controlled environment, which of the following is most likely to lead to the introduction of the weaknesses of security software?


Options are :

  • Backup Files
  • None
  • upgrade hardware
  • Changing the rules on access to (Correct)
  • Location File

Answer : Changing the rules on access to

Which of the following are likely to reduce the chances of unauthorized access to an individual's computer resources by pretending to be an authorized individual needs to have his, her your password?


Options are :

  • None
  • Performing reviews of password resets
  • Implementation of an automated password syntax checking
  • Conducting security awareness programs (Correct)
  • Increasing the frequency of password changes

Answer : Conducting security awareness programs

Which is the best way to measure and prioritize the combined chain associated with any risk for vulnerabilities?


Options are :

  • vulnerability scans
  • None
  • security checks
  • code reviews
  • penetration tests (Correct)

Answer : penetration tests

Which of the following would increase the safety awareness of the organization's employees?


Options are :

  • Constantly Strengthening security (Correct)
  • None
  • By encouraging employees to behave conscious way
  • Distribution of statistics in the field of security incidents
  • Monitoring the amount of events

Answer : Constantly Strengthening security

CISM Information Security Program Management

With the development of the following system life cycle (SDLC) phases are access control and encryption algorithms selected?


Options are :

  • The system's design specifications (Correct)
  • architectural design
  • None
  • software development
  • the design process law

Answer : The system's design specifications

The following, preservation of business records should be based primarily on:


Options are :

  • None
  • regulatory and legal requirements. (Correct)
  • periodic vulnerability assessment.
  • storage capacity and longevity of the device.
  • disputes of the past.

Answer : regulatory and legal requirements.

Which of the following measures is the most effective deterrent disgruntled Stall abuse their rights?


Options are :

  • High-availability systems
  • Multi-layered security strategy
  • A signed acceptable use policy (Correct)
  • None
  • The system audit log monitoring

Answer : A signed acceptable use policy

Which of the following is the best sign that security awareness training programs has been effective?


Options are :

  • More cases are reported (Correct)
  • Most of the employees have completed training
  • None
  • No cases have been reported in three months
  • Employees sign to acknowledge the security policy

Answer : More cases are reported

The most appropriate individual to determine the level of security needed for a specific business application is:


Options are :

  • developer
  • Information Security Manager.
  • None
  • executive team.
  • the owner of the system data. (Correct)

Answer : the owner of the system data.

An effective way to protect applications Structured Query Language (SQL) injection is a weakness:


Options are :

  • set the database listener component.
  • strengthen and purify the client side income. (Correct)
  • None
  • normalized to third normal form of the database schema.
  • so that security updates are updated operating systems.

Answer : strengthen and purify the client side income.

CISM Information Security Governance Practice Test Set 2

Which of the following is generally regarded as an integral part of the security program?


Options are :

  • Automated provisioning access
  • None
  • Role-based access control systems
  • Intrusion prevention systems (IPSS)
  • Security Awareness Training (Correct)

Answer : Security Awareness Training

There is reason to believe that the recently modified web application has allowed unauthorized access. What is the best way to identify the application to the back door?


Options are :

  • vulnerability scanning
  • safety inspection
  • None
  • Black box with a pen test
  • source code review (Correct)

Answer : source code review

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions