CISM Quiz

Description

Quiz on CISM Quiz, created by Christian Haller on 21/06/2014.
Christian Haller
Quiz by Christian Haller, updated more than 1 year ago
Christian Haller
Created by Christian Haller over 10 years ago
2263
0

Resource summary

Question 1

Question
A security strategy is important for an organization PRIMARILY because it provides
Answer
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Question 2

Question
The MOST important reason to make sure there is good communication about security throughout the organization is:
Answer
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Question 3

Question
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Answer
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Question 4

Question
The MOST important consideration in developing security policies is that:
Answer
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Question 5

Question
The PRIMARY security objective in creating good procedures is
Answer
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Question 6

Question
The assignment of roles and responsibilities will be MOST effective if:
Answer
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Question 7

Question
The PRIMARY benefit organizations derive from effective information security governance is:
Answer
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Question 8

Question
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Answer
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Question 9

Question
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Answer
  • data owner
  • information security manager
  • domain administrator
  • business manager

Question 10

Question
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Answer
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Question 11

Question
The overall objective of risk management is to:
Answer
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Question 12

Question
The statement „risk = value x vulnerability x threat“ indicates that:
Answer
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Question 13

Question
To address changes in risk, an effective risk management program should:
Answer
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Question 14

Question
Information classification is important to properly manage risk PRIMARILY because:
Answer
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Question 15

Question
Vulnerabilities discovered during an assessment should be:
Answer
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Question 16

Question
Indemnity (Schadensersatz) agreements can be used to:
Answer
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Question 17

Question
Residual risks can be determined by:
Answer
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Question 18

Question
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Answer
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Question 19

Question
A risk analysis should:
Answer
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Question 20

Question
Which of the following is BEST for preventing an external attack?
Answer
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Question 21

Question
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Answer
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Question 22

Question
The MOST important single concept for an information security architect to keep in mind is:
Answer
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Question 23

Question
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Answer
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Question 24

Question
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Answer
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Question 25

Question
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Answer
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Question 26

Question
Which of the following BEST promotes accountability?
Answer
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Question 27

Question
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Answer
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Question 28

Question
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Answer
  • feasibility
  • requirements
  • design
  • development

Question 29

Question
What is the FIRST step in designing a secure client server environment?
Answer
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Question 30

Question
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Answer
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program
Show full summary Hide full summary

Similar

SAMPLING
Elliot O'Leary
River Landscapes
Chima Power
Geography - Case Studies
jacobhatcher97
IB Biology Topic 4 Genetics (SL)
R S
Atomic Structure
dpr898
CCNA Security Final Exam
Maikel Degrande
regular preterite tense conjugation -ar verbs
Pamela Dentler
World War I
Lydia Klein
Preguntas del Pensamiento Matemático
Paola Rodríguez
Část 6.
Gábi Krsková
Family in the park
Eleuterio Caicedo Valencia