Pass4itsure > Isaca > CISM > CISM > CISM Online Practice Questions and Answers

CISM Online Practice Questions and Answers

Questions 4

Which of the following risks would BEST be assessed using qualitative risk assessment techniques?

A. Theft of purchased software

B. Power outage lasting 24 hours

C. Permanent decline in customer confidence

D. Temporary loss of e-mail due to a virus attack

Buy Now
Questions 5

Information security policies should:

A. address corporate network vulnerabilities.

B. address the process for communicating a violation.

C. be straightforward and easy to understand.

D. be customized to specific groups and roles.

Buy Now
Questions 6

The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:

A. enable independent and objective review of the root cause of the incidents.

B. obtain support for enhancing the expertise of the third-party teams.

C. identify lessons learned for further improving the information security management process.

D. obtain better buy-in for the information security program.

Buy Now
Questions 7

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

A. External consultant

B. Information owners

C. Information security manager

D. Business continuity coordinator

Buy Now
Questions 8

An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?

A. Conduct user awareness training within the IT function.

B. Propose that IT update information security policies and procedures.

C. Determine the risk related to noncompliance with the policy.

D. Request that internal audit conduct a review of the policy development process,

Buy Now
Questions 9

Which of the following is the FIRST step to establishing an effective information security program?

A. Conduct a compliance review.

B. Assign accountability.

C. Perform a business impact analysis (BIA).

D. Create a business case.

Buy Now
Questions 10

The BEST way to avoid session hijacking is to use:

A. strong password controls.

B. a firewall.

C. a reverse lookup.

D. a secure protocol.

Buy Now
Questions 11

Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?

A. Standardize secure web development practices

B. Integrate security into the early phases of the development life cycle

C. Incorporate security requirements into job descriptions

D. Implement a tailored security awareness training program

Buy Now
Questions 12

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

A. The third party has not provided evidence of compliance with local regulations where data is generated.

B. The third party does not have an independent assessment of controls available for review.

C. The third party's service level agreement (SLA) does not include guarantees of uptime.

D. The third-party contract does not include an indemnity clause for compensation in the event of a breach.

Buy Now
Questions 13

During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption unauthorized alterations and errors?

A. Password management

B. Version management

C. Change management

D. Configuration management

Buy Now
Exam Code: CISM
Exam Name: Certified Information Security Manager
Last Update: Mar 18, 2024
Questions: 2731
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$45.99

VCE

$49.99

PDF + VCE

$59.99