CISM Information Security Program Management

The PRIMARY reason for using metrics to evaluate information security is to:

Options are :

  • enable steady improvement. (Correct)
  • justify budgetary expenditures.
  • identify security weaknesses.
  • raise awareness on security issues.

Answer : enable steady improvement.

Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

Options are :

  • Request a list of the software to be used
  • Establish clear rules of engagement (Correct)
  • Monitor intrusion detection system (IDS) and firewall logs closely
  • Provide clear directions to IT staff

Answer : Establish clear rules of engagement

A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?

Options are :

  • Set up firewall rules restricting network traffic from that location (Correct)
  • Send periodic reminders advising them of their noncompliance
  • Sign a legal agreement assigning them all liability for any breach
  • Remove all trading partner access until the situation improves

Answer : Set up firewall rules restricting network traffic from that location

A critical device is delivered with a single user and password that is required to be shared for multiple users to access the device. An information security manager has been tasked with ensuring all access to the device is authorized. Which of the following would be the MOST efficient means to accomplish this?

Options are :

  • Request the vendor to add multiple user IDs
  • Implement manual procedures that require password change after each use
  • Enable access through a separate device that requires adequate authentication (Correct)
  • Analyze the logs to detect unauthorized access

Answer : Enable access through a separate device that requires adequate authentication

What is the BEST method to confirm that all firewall rules and router configuration settings are adequate?

Options are :

  • Periodic review of network configuration
  • Periodically perform penetration tests (Correct)
  • Daily review of server logs for evidence of hacker activity
  • Review intrusion detection system (IDS) logs for evidence of attacks

Answer : Periodically perform penetration tests

Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements?

Options are :

  • Security metrics
  • Standard (Correct)
  • IT governance
  • Guidelines

Answer : Standard

Which of the following is the MOST appropriate method to protect a password that opens a confidential file?

Options are :

  • Delivery path tracing
  • Digital signatures
  • Out-of-band channels (Correct)
  • Reverse lookup translation

Answer : Out-of-band channels

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

Options are :

  • describe handling procedures of cryptographic keys.
  • define the circumstances where cryptography should be used. (Correct)
  • define cryp,0£raphic algorithms and key lengths.
  • establish the use of cryptographic solutions.

Answer : define the circumstances where cryptography should be used.

Which of the following would present the GREATEST risk to information security?

Options are :

  • Critical patches are applied within 24 hours of their release
  • Security incidents are investigated within five business days (Correct)
  • Security access logs are reviewed within five business days
  • Virus signature files updates are applied to all servers every day

Answer : Security incidents are investigated within five business days

An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

Options are :

  • Meet with stakeholders (Correct)
  • Establish change control procedures
  • Identify critical systems
  • Research best practices

Answer : Meet with stakeholders

Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?

Options are :

  • Automatically push all patches to the servers
  • Initially load the patches on a test machine (Correct)
  • Set up servers to automatically download patches
  • Batch patches into frequent server updates

Answer : Initially load the patches on a test machine

Security audit reviews should PRIMARILY:

Options are :

  • e that controls operate as required. (Correct)
  • focus on preventive controls.
  • ensure that controls are cost-effective.
  • ensure controls are technologically current.

Answer : e that controls operate as required.

What is the BEST way to ensure users comply with organizational security requirements for password complexity?

Options are :

  • Require each user to acknowledge the password requirements
  • Implement strict penalties for user noncompliance
  • Enable system-enforced password configuration (Correct)
  • Include password construction requirements in the security standards

Answer : Enable system-enforced password configuration

What is the MOST appropriate change management procedure for the handling of emergency program changes?

Options are :

  • Documentation is completed with approval soon after the change (Correct)
  • Business management approval must be obtained prior to the change
  • All changes must follow the same process
  • Formal documentation does not need to be completed before the change

Answer : Documentation is completed with approval soon after the change

Which of the following are the MOST important individuals to include as members of an information security steering committee?

Options are :

  • IT management and key business process owners (Correct)
  • Direct reports to the chief information officer
  • Internal audit and corporate legal departments
  • Cross-section of end users and IT professionals

Answer : IT management and key business process owners

Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process?

Options are :

  • Operations manager
  • System user (Correct)
  • Data security officer
  • System analyst

Answer : System user

The PRIMARY focus of the change control process is to ensure that changes are:

Options are :

  • authorized (Correct)
  • documented
  • tested.
  • applied.

Answer : authorized

Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion detection system (IDS) with the threshold set to a low value?

Options are :

  • The number of false positives increases (Correct)
  • The number of false negatives increases
  • Active probing is missed
  • Attack profiles are ignored

Answer : The number of false positives increases

Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?

Options are :

  • Conduct frequent awareness training with noncompliance penalties
  • Disable universal serial bus (USB) ports on all desktop devices
  • Restrict the available drive allocation on all PCs (Correct)
  • Establish strict access controls to sensitive information

Answer : Restrict the available drive allocation on all PCs

Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network?

Options are :

  • Signal strength
  • Number of administrators (Correct)
  • Bandwidth
  • Encryption strength

Answer : Number of administrators

Good information security procedures should:

Options are :

  • underline the importance of security governance.
  • define the allowable limits of behavior.
  • describe security baselines for each platform.
  • be updated frequently as new software is released. (Correct)

Answer : be updated frequently as new software is released.

What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They:

Options are :

  • are decrypted by the firewall.
  • may be quarantined by mail filters. (Correct)
  • may be corrupted by the receiving mail server.
  • all use weak encryption.

Answer : may be quarantined by mail filters.

Which resource is the MOST effective in preventing physical access tailgating/piggybacking?

Options are :

  • Card key door locks
  • Awareness training (Correct)
  • Biometric scanners
  • Photo identification

Answer : Awareness training

When a new key business application goes into production, the PRIMARY reason to update relevant business impact analysis (BIA) and business continuity/disaster recovery plans is because:

Options are :

  • this is a requirement of the security policy.
  • software licenses may expire in the future without warning.
  • the asset inventory must be maintained.
  • service level agreements may not otherwise be met (Correct)

Answer : service level agreements may not otherwise be met

Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?

Options are :

  • Security audit reports
  • Systems and business security architecture
  • Balanced scorecard
  • Capability maturity model (CMM) (Correct)

Answer : Capability maturity model (CMM)

Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:

Options are :

  • are communicated to the provider.
  • exceed those of the outsourcer.
  • are compatible with the provider's own classification.
  • are stated in the contract. (Correct)

Answer : are stated in the contract.

In business critical applications, where shared access to elevated privileges by a small group is necessary, the BEST approach to implement adequate segregation of duties is to:

Options are :

  • enforce manual procedures ensuring separation of conflicting duties.
  • implement role-based access control in the application. (Correct)
  • ensure access to individual functions can be granted to individual users only.
  • create service accounts that can only be used by authorized team members.

Answer : implement role-based access control in the application.

In organizations where availability is a primary concern, the MOST critical success factor of the patch management procedure would be the:

Options are :

  • technical skills of the team responsible.
  • testing time window prior to deployment. (Correct)
  • certification of validity for deployment.
  • automated deployment to all the servers.

Answer : testing time window prior to deployment.

Which of the following is the BEST tool to maintain the currency and coverage of an information security program within an organization?

Options are :

  • Training and certification of the information security team
  • The program's security architecture and design
  • The program's governance oversight mechanisms (Correct)
  • Information security periodicals and manuals

Answer : The program's governance oversight mechanisms

In business-critical applications, user access should be approved by the:

Options are :

  • data custodian.
  • business management.
  • data owner. (Correct)
  • information security manager.

Answer : data owner.

To mitigate a situation where one of the programmers of an application requires access to production data, the information security manager could BEST recommend to.

Options are :

  • perform regular audits of the application.
  • log all of the programmers' activity for review by supervisor (Correct)
  • create a separate account for the programmer as a power user.
  • have the programmer sign a letter accepting full responsibility

Answer : log all of the programmers' activity for review by supervisor

Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to- date can be BEST achieved through which of the following?

Options are :

  • Comprehensive walk-through testing
  • Inclusion as a required step in the system life cycle process (Correct)
  • Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
  • Periodic audits of the disaster recovery/business continuity plans

Answer : Inclusion as a required step in the system life cycle process

When security policies are strictly enforced, the initial impact is that:

Options are :

  • the need for compliance reviews is decreased.
  • the total cost of security is increased. (Correct)
  • they may have to be modified more frequently.
  • they will be less subject to challenge.

Answer : the total cost of security is increased.

What is the GREATEST risk when there is an excessive number of firewall rules?

Options are :

  • The firewall may not support the increasing number of rules due to limitations
  • The firewall may show abnormal behavior and may crash or automatically shut down
  • Performance degradation of the whole network
  • One rule may override another rule in the chain and create a loophole (Correct)

Answer : One rule may override another rule in the chain and create a loophole

Which of the following would be the MOST significant security risk in a pharmaceutical institution?

Options are :

  • Theft of a Research and Development laptop (Correct)
  • Unavailability of online transactions
  • Theft of security tokens
  • Compromised customer information

Answer : Theft of a Research and Development laptop

Which of the following would be the MOST appropriate physical security solution for the main entrance to a data center"?

Options are :

  • Security guard
  • Closed-circuit television (CCTV)
  • Biometric lock (Correct)
  • Mantrap

Answer : Biometric lock

A business partner of a factory has remote read-only access to material inventory to forecast future acquisition orders. An information security manager should PRIMARILY ensure that there is:

Options are :

  • a third-party certification.
  • a business impact analysis (BIA).
  • an effective control over connectivity and continuity. (Correct)
  • a service level agreement (SLA) including code escrow

Answer : an effective control over connectivity and continuity.

To reduce the possibility of service interruptions, an entity enters into contracts with multiple Internet service providers (ISPs). Which of the following would be the MOS T important item to include?

Options are :

  • Intrusion detection system (IDS) services
  • Right to audit clause
  • Spam filtering services
  • Service level agreements (SLAs) (Correct)

Answer : Service level agreements (SLAs)

An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?

Options are :

  • Meet with data owners to understand business needs (Correct)
  • Redefine and implement proper access rights
  • Review the procedures for granting access
  • Establish procedures for granting emergency access

Answer : Meet with data owners to understand business needs

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions