CISM Quiz

Beschreibung

Quiz am CISM Quiz, erstellt von Christian Haller am 21/06/2014.
Christian Haller
Quiz von Christian Haller, aktualisiert more than 1 year ago
Christian Haller
Erstellt von Christian Haller vor mehr als 10 Jahre
2263
0

Zusammenfassung der Ressource

Frage 1

Frage
A security strategy is important for an organization PRIMARILY because it provides
Antworten
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Frage 2

Frage
The MOST important reason to make sure there is good communication about security throughout the organization is:
Antworten
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Frage 3

Frage
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Antworten
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Frage 4

Frage
The MOST important consideration in developing security policies is that:
Antworten
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Frage 5

Frage
The PRIMARY security objective in creating good procedures is
Antworten
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Frage 6

Frage
The assignment of roles and responsibilities will be MOST effective if:
Antworten
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Frage 7

Frage
The PRIMARY benefit organizations derive from effective information security governance is:
Antworten
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Frage 8

Frage
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Antworten
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Frage 9

Frage
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Antworten
  • data owner
  • information security manager
  • domain administrator
  • business manager

Frage 10

Frage
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Antworten
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Frage 11

Frage
The overall objective of risk management is to:
Antworten
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Frage 12

Frage
The statement „risk = value x vulnerability x threat“ indicates that:
Antworten
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Frage 13

Frage
To address changes in risk, an effective risk management program should:
Antworten
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Frage 14

Frage
Information classification is important to properly manage risk PRIMARILY because:
Antworten
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Frage 15

Frage
Vulnerabilities discovered during an assessment should be:
Antworten
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Frage 16

Frage
Indemnity (Schadensersatz) agreements can be used to:
Antworten
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Frage 17

Frage
Residual risks can be determined by:
Antworten
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Frage 18

Frage
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Antworten
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Frage 19

Frage
A risk analysis should:
Antworten
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Frage 20

Frage
Which of the following is BEST for preventing an external attack?
Antworten
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Frage 21

Frage
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Antworten
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Frage 22

Frage
The MOST important single concept for an information security architect to keep in mind is:
Antworten
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Frage 23

Frage
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Antworten
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Frage 24

Frage
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Antworten
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Frage 25

Frage
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Antworten
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Frage 26

Frage
Which of the following BEST promotes accountability?
Antworten
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Frage 27

Frage
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Antworten
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Frage 28

Frage
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Antworten
  • feasibility
  • requirements
  • design
  • development

Frage 29

Frage
What is the FIRST step in designing a secure client server environment?
Antworten
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Frage 30

Frage
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Antworten
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

PuKW Step 6 Teil 2
Mona Les
PuKW STEP 2 (mögliche Prüfungsfragen/Prüfungsvorbereitung)
frau planlos
Schülern richtig Feedback geben
Laura Overhoff
EVA Prüfungsvorereitung
Anda Muresan
WERB Univie
Sandra S.
Φαρμακολογία 1 Δ
Lampros Dimakopoulos
Vetie - Biochemie
Fioras Hu
Vetie - Pathologie Fragen aus dem A-Skript
Fioras Hu
GPSY PEPS (Antworten während der Bearbeitung)
Mischa Kräutli
AVO 2015 Vetie
Anne Käfer
Vetie Spezielle Pathologie 2022
Alessandro Bertino