CISM Information Security Program Management Practice Exam Set 5

Which of the following is the best approach to improving information security management processes?


Options are :

  • Perform periodic penetration testing.
  • Define and monitor security metrics. (Correct)
  • The survey feedback from the business units.
  • None
  • Conduct periodic security audits.

Answer : Define and monitor security metrics.

The organization's activities staff make payment files to a shared network folder and retrieve files from the payment of staff payment processing. This manual is automated, some months later, this cost-effective controls sought to protect the changes to the file. Which of the following would be the best solution?


Options are :

  • Shared Folder operators signed an agreement pledging not to commit fraudulent activities
  • To design a training program for staff involved in to raise information security awareness
  • The end-user PC to develop the macro program to compare the contents of the sender and the recipient files
  • None
  • Set role-based permissions to the shared folder (Correct)

Answer : Set role-based permissions to the shared folder

Which of the following change management activities would be a clear indication that the normal procedures required for the exam? A large part of the:


Options are :

  • calls for a similar change.
  • emergency change requests. (Correct)
  • None
  • change request postponements.
  • canceled change requests.

Answer : emergency change requests.

As an organization grows, exceptions to security policies which were not originally configured it may be necessary later. In order to ensure effective management of business risks, exceptions to such policies should be:


Options are :

  • . authorized person to the next higher organizational structure. (Correct)
  • formally managed security framework.
  • review and approve the security management.
  • shall be considered at the discretion of the owner of the data.
  • None

Answer : . authorized person to the next higher organizational structure.

CISM Information Security Program Management Practice Exam

Which of the following is the most likely to change the organization's culture to one that is more safety conscious?


Options are :

  • None
  • Periodically party
  • safety Steering
  • Safety awareness campaigns (Correct)
  • Adequate security policies and procedures

Answer : Safety awareness campaigns

The best way to ensure that the external service provider to comply with the organization's security policy is:


Options are :

  • Receive a reply in writing by notifying the provider has read all policies.
  • Conduct periodic reviews of the service provider. (Correct)
  • None
  • Cross-reference policy Service Level Agreement
  • Expressly included in the service provider security policies.

Answer : Conduct periodic reviews of the service provider.

How does an organization know if the new security program for the implementation of their goals?


Options are :

  • Employees are receptive to the changes carried out.
  • None
  • Top management has adopted the program and supports it.
  • Important figures show a reduction in the effects of the incident (Correct)
  • immediately notified case has to be reduced.

Answer : Important figures show a reduction in the effects of the incident

Which of the following would be the most significant safety pharmaceutical plant?


Options are :

  • The unavailability of e-commerce
  • Theft of research and development unit in a portable (Correct)
  • None
  • compromised customer data
  • Theft security tokens

Answer : Theft of research and development unit in a portable

When the security policy, strictly speaking, the effect is the fact that:


Options are :

  • The total cost of security is increasing. (Correct)
  • the need for complex has decreased.
  • they are less to be challenged.
  • they may need to be changed more often.
  • None

Answer : The total cost of security is increasing.

Information Security Director reviewed the access control lists and found that the preferential access granted to the entire department. Which of the following would be the information security manager to do first?


Options are :

  • To establish procedures for the granting of access to emergency
  • None
  • Again and have the appropriate permissions
  • Meet the owners of the data to understand the needs of businesses (Correct)
  • Check out the procedures associated with the administration access

Answer : Meet the owners of the data to understand the needs of businesses

Which of the following would be most appropriate physical security solution for the main entrance of the data center "?


Options are :

  • Mantrap
  • Closed circuit television (CCTV)
  • None
  • Guard
  • biometric lock (Correct)

Answer : biometric lock

CISM Certified Information Security Manager Test

What is the biggest risk when there is an excessive amount of firewall rules?


Options are :

  • Degradation of performance of the entire network
  • One rule can override the second rule in the chain and create a loophole for (Correct)
  • None
  • A firewall can show abnormal behavior and may crash or shut down automatically
  • A firewall does not necessarily support the increasing number of rules due to restrictions

Answer : One rule can override the second rule in the chain and create a loophole for

To ensure that all security procedures are effective and accurate, they must be designed in participation:


Options are :

  • end-users.
  • operational units. (Correct)
  • legal counsel.
  • None
  • audit management.

Answer : operational units.

Which of the following events is usually the highest security impact?


Options are :

  • Merger with another organization (Correct)
  • rewiring network
  • By opening a new office
  • None
  • Changing the Data Center

Answer : Merger with another organization

In organizations where availability is a primary concern, the most critical success factor for the patch management process should:


Options are :

  • Certification validity of the adoption.
  • Testing time window prior to deployment. (Correct)
  • the technical skills of the corresponding group.
  • None
  • automated deployment to all servers.

Answer : Testing time window prior to deployment.

Change management procedures in order to ensure disaster recovery / business continuity plans are kept up-to-date can be best achieved, which of the following?


Options are :

  • Inclusion necessary step in the life-cycle process (Correct)
  • Inspections recovery / contingency plans for disaster
  • None
  • Extensive testing flipped
  • Reconciliation of the results of the annual inventory systems, disaster recovery, business continuity plans

Answer : Inclusion necessary step in the life-cycle process

Business partner factory is a remote read-only access to material inventory forecasting purchase orders. Director of security strategy should primarily be to ensure that:


Options are :

  • service level agreements (SLAs), including a code escrow
  • third-party certification.
  • Analysis of business impact (BIA).
  • effective control of the connection and continuity. (Correct)
  • None

Answer : effective control of the connection and continuity.

CISM Information Risk Management Certification Practice

What is the most important success factor for companies launching a security awareness program?


Options are :

  • Top-down (Correct)
  • Centralized management programs
  • Experience of awareness trainers
  • None
  • sufficient budget

Answer : Top-down

Which of the following would be the best assist in the information security manager to measure the current level of development of security processes against the target space?


Options are :

  • None
  • scorecard
  • CMM (CMM) (Correct)
  • Systems and business security architecture
  • Safety audit reports

Answer : CMM (CMM)

Which of the following should be in place before the black box penetration test starts?


Options are :

  • Unsafe condition response plan
  • None
  • Clearly stated definition of the scope of the (Correct)
  • IT management approval
  • Proper communication and education

Answer : Clearly stated definition of the scope of the

What is the biggest advantage of documented guidelines and procedures with respect to security?


Options are :

  • Ensuring safety requirements and regulatory requirements
  • None
  • In order to ensure consistency of operation of a more stable environment (Correct)
  • Gives detailed instructions on how to do a variety of tasks
  • To ensure re-usability to meet the quality requirements of compliance with

Answer : In order to ensure consistency of operation of a more stable environment

Managing the life cycle of a digital certificate is the role (s):


Options are :

  • as a developer.
  • Administrator.
  • independent from a trusted source. (Correct)
  • the security administrator.
  • None

Answer : independent from a trusted source.

Reduces the possibility of interruptions, the Community shall conclude agreements with several Internet Service Providers (ISP). Which of the following would be the mos t important topic to include?


Options are :

  • Anti-spam services
  • Service Level Agreements (SLAs) (Correct)
  • None
  • The right to inspect clause
  • Intrusion Detection System (IDS) services

Answer : Service Level Agreements (SLAs)

Every resource is the most effective to prevent physical access to tailgating / piggybacking?


Options are :

  • biometric scanners
  • Key card locks
  • awareness training (Correct)
  • Photo identification
  • None

Answer : awareness training

The information security program must focus on:


Options are :

  • best practices in the place of other companies.
  • continuous process improvement.
  • Solutions codified international standards.
  • None
  • key controls identified in the risk assessment. (Correct)

Answer : key controls identified in the risk assessment.

Configuration management plan will be based primarily on input:


Options are :

  • None
  • Chief Information Security Officer.
  • business process owners.
  • security management team.
  • IT management. (Correct)

Answer : IT management.

Which of the following is the best way to preserve the currency and the coverage of security software in the organization?


Options are :

  • None
  • The program management control mechanisms (Correct)
  • Training and certification of information security team
  • Data security magazines and guides
  • The program security architecture and design

Answer : The program management control mechanisms

When a new key business application goes into production, the primary reason to upgrade to the relevant business impact analysis (BIA) and business continuity / disaster recovery plans due to:


Options are :

  • software licenses can be terminated without warning in the future.
  • This is a requirement of security.
  • None
  • SLAs may not otherwise be met (Correct)
  • a list of the asset is retained.

Answer : SLAs may not otherwise be met

In business-critical applications, with shared access to the high privilege of a small group, it is necessary, the best way to carry out an adequate segregation of duties is:


Options are :

  • implement role based access control application. (Correct)
  • None
  • to control the manual procedures to ensure separation of the conflicting tasks.
  • create service accounts that only authorized team members can be used.
  • ensuring access to individual functions can be granted to individual users.

Answer : implement role based access control application.

CISM Information Risk Management Certification

Who should determine the appropriate accounting classification Ledger data located in database server and maintains a database administrator in the IT department?


Options are :

  • Chief Information security Officer
  • None
  • Database administrator (DBA)
  • Finance Department management (Correct)
  • management IT department

Answer : Finance Department management

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions