CISM Certified Information Security Manager

What is the BEST way to ensure that an intruder who successfully penetrates a network will be
detected before significant damage is inflicted?

Options are :

  • Establish minimum security baselines
  • Perform periodic penetration testing
  • Install a honeypot on the network (Correct)
  • Implement vendor default settings

Answer : Install a honeypot on the network

Which of the following presents the GREATEST exposure to internal attack on a network?

Options are :

  • User passwords are not automatically expired
  • User passwords are encoded but not encrypted (Correct)
  • All users reside on a single internal subnet
  • All network traffic goes through a single switch

Answer : User passwords are encoded but not encrypted

What is the BEST way to ensure users comply with organizational security requirements for
password complexity? 

Options are :

  • Implement strict penalties for user noncompliance
  • Enable system-enforced password configuration (Correct)
  • Require each user to acknowledge the password requirements
  • Include password construction requirements in the security standards

Answer : Enable system-enforced password configuration

Information security policies should:

Options are :

  • address corporate network vulnerabilities.
  • be straightforward and easy to understand. (Correct)
  • be customized to specific groups and roles.
  • address the process for communicating a violation.

Answer : be straightforward and easy to understand.

Prior to having a third party perform an attack and penetration test against an organization, the
MOST important action is to ensure that: 

Options are :

  • the technical staff has been briefed on what to expect.
  • the third party provides a demonstration on a test system.
  • goals and objectives are clearly defined. (Correct)
  • special backups of production servers are taken.

Answer : goals and objectives are clearly defined.

What is the BEST method to confirm that all firewall rules and router configuration settings are
adequate?

Options are :

  • Daily review of server logs for evidence of hacker activity
  • Periodically perform penetration tests (Correct)
  • Review intrusion detection system (IDS) logs for evidence of attacks
  • Periodic review of network configuration

Answer : Periodically perform penetration tests

Which of the following will BEST protect against malicious activity by a former employee?

Options are :

  • Effective termination procedures (Correct)
  • Periodic awareness training
  • Close monitoring of users
  • Preemployment screening

Answer : Effective termination procedures

When a departmental system continues to be out of compliance with an information security
policy's password strength requirements, the BEST action to undertake is to: 

Options are :

  • submit the issue to the steering committee.
  • request a risk acceptance from senior management.
  • isolate the system from the rest of the network.
  • conduct an impact analysis to quantify the risks (Correct)

Answer : conduct an impact analysis to quantify the risks

What is the BEST method to verify that all security patches applied to servers were properly
documented?

Options are :

  • Trace OS patch logs to OS vendor's update documentation
  • Trace OS patch logs to change control requests (Correct)
  • Trace change control requests to operating system (OS) patch logs
  • Review change control documentation for key servers

Answer : Trace OS patch logs to change control requests

Good information security standards should:

Options are :

  • address high-level objectives of the organization
  • describe the process for communicating violations.
  • define precise and unambiguous allowable limits. (Correct)
  • be updated frequently as new software is released.

Answer : define precise and unambiguous allowable limits.

Of the following, the BEST method for ensuring that temporary employees do not receive
excessive access rights is:

Options are :

  • mandatory access controls.
  • discretionary access controls.
  • lattice-based access controls.
  • role-based access controls. (Correct)

Answer : role-based access controls.

To help ensure that contract personnel do not obtain unauthorized access to sensitive information,
an information security manager should PRIMARILY:

Options are :

  • set their accounts to expire in six months or less.
  • avoid granting system administration roles. (Correct)
  • ensure their access is approved by the data owner.
  • ensure they successfully pass background checks.

Answer : avoid granting system administration roles.

Which of the following areas is MOST susceptible to the introduction of security weaknesses? 

Options are :

  • Incident response management
  • Database management
  • Configuration management (Correct)
  • Tape backup management

Answer : Configuration management

Which of the following is the MOST important area of focus when examining potential security
compromise of a new wireless network?

Options are :

  • Number of administrators (Correct)
  • Encryption strength
  • Bandwidth
  • Signal strength

Answer : Number of administrators

Which of the following provides the linkage to ensure that procedures are correctly aligned with
information security policy requirements?

Options are :

  • Security metrics
  • IT governance
  • Standards (Correct)
  • Standards

Answer : Standards

Good information security procedures should: 

Options are :

  • describe security baselines for each platform.
  • define the allowable limits of behavior.
  • underline the importance of security governance.
  • be updated frequently as new software is released. (Correct)

Answer : be updated frequently as new software is released.

Which of the following is MOST important to the successful promotion of good security
management practices?

Options are :

  • Security metrics
  • Periodic training
  • Management support (Correct)
  • Security baselines

Answer : Management support

Security audit reviews should PRIMARILY:

Options are :

  • ensure that controls are cost-effective.
  • focus on preventive controls.
  • ensure that controls operate as required. (Correct)
  • ensure controls are technologically current.

Answer : ensure that controls operate as required.

Nonrepudiation can BEST be assured by using: 

Options are :

  • out-of-hand channels.
  • delivery path tracing.
  • digital signatures. (Correct)
  • reverse lookup translation.

Answer : digital signatures.

What is the MOST effective access control method to prevent users from sharing files with
unauthorized users?

Options are :

  • Role-based
  • Discretionary
  • Mandatory (Correct)
  • Walled garden

Answer : Mandatory

Successful social engineering attacks can BEST be prevented through:

Options are :

  • periodic awareness training. (Correct)
  • preemployment screening
  • efficient termination procedures.
  • close monitoring of users' access patterns.

Answer : periodic awareness training.

Which of the following is an inherent weakness of signature-based intrusion detection systems?

Options are :

  • Long duration probing will be missed
  • A higher number of false positives
  • New attack methods will be missed (Correct)
  • Attack profiles can be easily spoofed

Answer : New attack methods will be missed

Which of the following is the MOST appropriate method for deploying operating system (OS)
patches to production application servers?

Options are :

  • Batch patches into frequent server updates
  • Set up servers to automatically download patches
  • Initially load the patches on a test machine (Correct)
  • Automatically push all patches to the servers

Answer : Initially load the patches on a test machine

The PRIMARY reason for using metrics to evaluate information security is to: 

Options are :

  • identify security weaknesses.
  • raise awareness on security issues.
  • justify budgetary expenditures.
  • enable steady improvement. (Correct)

Answer : enable steady improvement.

The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly
installed is to:

Options are :

  • benchmark the IDS against a peer site.
  • audit the configuration of the IDS.
  • simulate an attack and review IDS performance. (Correct)
  • use a honeypot to check for unusual activity.

Answer : simulate an attack and review IDS performance.

What is the BEST way to ensure that contract programmers comply with organizational security
policies?

Options are :

  • Perform periodic security reviews of the contractors (Correct)
  • Explicitly refer to contractors in the security standards
  • Create penalties for noncompliance in the contracting agreement
  • Have the contractors acknowledge in writing the security policies

Answer : Perform periodic security reviews of the contractors

Which of the following is the BEST way to ensure that a corporate network is adequately secured
against external attack?

Options are :

  • Perform periodic penetration testing. (Correct)
  • Establish minimum security baselines.
  • Utilize an intrusion detection system.
  • Implement vendor recommended settings.

Answer : Perform periodic penetration testing.

Data owners are normally responsible for which of the following?

Options are :

  • Applying emergency changes to application data
  • Determining the level of application security required (Correct)
  • Migrating application code changes to production
  • Administering security over database records

Answer : Determining the level of application security required

What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:

Options are :

  • are decrypted by the firewall.
  • all use weak encryption.
  • may be corrupted by the receiving mail server.
  • may be quarantined by mail filters. (Correct)

Answer : may be quarantined by mail filters.

Which of the following is MOST important for measuring the effectiveness of a security awareness
program? 

Options are :

  • Increased number of security violation reports
  • Increased interest in focus groups on security issues
  • A quantitative evaluation to ensure user comprehension (Correct)
  • Reduced number of security violation reports

Answer : A quantitative evaluation to ensure user comprehension

A security awareness program should:

Options are :

  • address specific groups and roles. (Correct)
  • address details on specific exploits.
  • promote security department procedures.
  • present top management's perspective.

Answer : address specific groups and roles.

Which of the following activities is MOST likely to increase the difficulty of totally eradicating
malicious code that is not immediately detected?

Options are :

  • Changing access rules
  • Backing up files (Correct)
  • Applying patches
  • Upgrading hardware

Answer : Backing up files

Which of the following will BEST ensure that management takes ownership of the decision making
process for information security?

Options are :

  • Security awareness campaigns
  • Security- steering committees (Correct)
  • Security policies and procedures
  • Annual self-assessment by management

Answer : Security- steering committees

Which of the following is the MOST important action to take when engaging third-party consultants
to conduct an attack and penetration test?

Options are :

  • Establish clear rules of engagement (Correct)
  • Request a list of the software to be used
  • Provide clear directions to IT staff
  • Monitor intrusion detection system (IDS) and firewall logs closely

Answer : Establish clear rules of engagement

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions