Copiar y Editar

CISM Quiz

Descripción

Test sobre CISM Quiz, creado por Christian Haller el 21/06/2014.
Christian Haller
Test por Christian Haller, actualizado hace más de 1 año
Christian Haller
Creado por Christian Haller hace alrededor de 10 años
2208
0
0

Resumen del Recurso

Pregunta 1

Pregunta
A security strategy is important for an organization PRIMARILY because it provides
Respuesta
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Pregunta 2

Pregunta
The MOST important reason to make sure there is good communication about security throughout the organization is:
Respuesta
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Pregunta 3

Pregunta
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Respuesta
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Pregunta 4

Pregunta
The MOST important consideration in developing security policies is that:
Respuesta
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Pregunta 5

Pregunta
The PRIMARY security objective in creating good procedures is
Respuesta
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Pregunta 6

Pregunta
The assignment of roles and responsibilities will be MOST effective if:
Respuesta
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Pregunta 7

Pregunta
The PRIMARY benefit organizations derive from effective information security governance is:
Respuesta
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Pregunta 8

Pregunta
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Respuesta
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Pregunta 9

Pregunta
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Respuesta
  • data owner
  • information security manager
  • domain administrator
  • business manager

Pregunta 10

Pregunta
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Respuesta
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Pregunta 11

Pregunta
The overall objective of risk management is to:
Respuesta
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Pregunta 12

Pregunta
The statement „risk = value x vulnerability x threat“ indicates that:
Respuesta
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Pregunta 13

Pregunta
To address changes in risk, an effective risk management program should:
Respuesta
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Pregunta 14

Pregunta
Information classification is important to properly manage risk PRIMARILY because:
Respuesta
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Pregunta 15

Pregunta
Vulnerabilities discovered during an assessment should be:
Respuesta
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Pregunta 16

Pregunta
Indemnity (Schadensersatz) agreements can be used to:
Respuesta
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Pregunta 17

Pregunta
Residual risks can be determined by:
Respuesta
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Pregunta 18

Pregunta
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Respuesta
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Pregunta 19

Pregunta
A risk analysis should:
Respuesta
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Pregunta 20

Pregunta
Which of the following is BEST for preventing an external attack?
Respuesta
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Pregunta 21

Pregunta
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Respuesta
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Pregunta 22

Pregunta
The MOST important single concept for an information security architect to keep in mind is:
Respuesta
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Pregunta 23

Pregunta
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Respuesta
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Pregunta 24

Pregunta
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Respuesta
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Pregunta 25

Pregunta
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Respuesta
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Pregunta 26

Pregunta
Which of the following BEST promotes accountability?
Respuesta
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Pregunta 27

Pregunta
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Respuesta
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Pregunta 28

Pregunta
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Respuesta
  • feasibility
  • requirements
  • design
  • development

Pregunta 29

Pregunta
What is the FIRST step in designing a secure client server environment?
Respuesta
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Pregunta 30

Pregunta
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Respuesta
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Goya (1746-1828)
Joaquín Ruiz Abellán
Administracion de recurso de un proyecto
kathyjohanel
El sistema nervioso
crisferroeldeluna
VERB TENSES
cesartorres721
Tipos de Sociedades
Nicolas Omana
TEORÍAS DEL COMERCIO INTERNACIONAL
Yuleni Fkgeghtrhrqwergw
Los Derechos de los niños
marcela_sosa17
=ARTE=...
JL Cadenas
Ficha de libro.
Luis Alberto Barthe Lastra
Historia Interna 1
Sebastián Agüero-SanJuan
Relación del sistema nervioso y reproductivo
Zucy Flores
Explorar la Librería