CISM Quiz

Beschreibung

Quiz am CISM Quiz, erstellt von Christian Haller am 21/06/2014.
Christian Haller
Quiz von Christian Haller, aktualisiert more than 1 year ago
Christian Haller
Erstellt von Christian Haller vor mehr als 10 Jahre
2263
0

Zusammenfassung der Ressource

Frage 1

Frage
A security strategy is important for an organization PRIMARILY because it provides
Antworten
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Frage 2

Frage
The MOST important reason to make sure there is good communication about security throughout the organization is:
Antworten
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Frage 3

Frage
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Antworten
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Frage 4

Frage
The MOST important consideration in developing security policies is that:
Antworten
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Frage 5

Frage
The PRIMARY security objective in creating good procedures is
Antworten
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Frage 6

Frage
The assignment of roles and responsibilities will be MOST effective if:
Antworten
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Frage 7

Frage
The PRIMARY benefit organizations derive from effective information security governance is:
Antworten
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Frage 8

Frage
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Antworten
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Frage 9

Frage
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Antworten
  • data owner
  • information security manager
  • domain administrator
  • business manager

Frage 10

Frage
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Antworten
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Frage 11

Frage
The overall objective of risk management is to:
Antworten
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Frage 12

Frage
The statement „risk = value x vulnerability x threat“ indicates that:
Antworten
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Frage 13

Frage
To address changes in risk, an effective risk management program should:
Antworten
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Frage 14

Frage
Information classification is important to properly manage risk PRIMARILY because:
Antworten
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Frage 15

Frage
Vulnerabilities discovered during an assessment should be:
Antworten
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Frage 16

Frage
Indemnity (Schadensersatz) agreements can be used to:
Antworten
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Frage 17

Frage
Residual risks can be determined by:
Antworten
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Frage 18

Frage
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Antworten
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Frage 19

Frage
A risk analysis should:
Antworten
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Frage 20

Frage
Which of the following is BEST for preventing an external attack?
Antworten
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Frage 21

Frage
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Antworten
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Frage 22

Frage
The MOST important single concept for an information security architect to keep in mind is:
Antworten
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Frage 23

Frage
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Antworten
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Frage 24

Frage
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Antworten
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Frage 25

Frage
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Antworten
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Frage 26

Frage
Which of the following BEST promotes accountability?
Antworten
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Frage 27

Frage
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Antworten
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Frage 28

Frage
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Antworten
  • feasibility
  • requirements
  • design
  • development

Frage 29

Frage
What is the FIRST step in designing a secure client server environment?
Antworten
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Frage 30

Frage
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Antworten
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

American Dream
luisepeters
Lernplan
barbarabfm
Französisch Zeitformen
Salome Guldener
Analytische Geometrie
sonnenblume1997
Order-to-Cash Geschäftsprozess
zok42.com
Französisch Grund- und Aufbauwirtschaft A1-B2 Teil 1
Chiara Braun
Vetie - Pathologie 2016
Fioras Hu
Vetie - Tierzucht & Genetik - Key Learning Questions
Fioras Hu
OEKO UniVie (korrigiert)
Laus Kojka
Vetie Tierseuchen 2018
Schmolli Schmoll
Vetie - spez. Pathologie 2023
Christopher Groß