CISM Quiz

Descrição

Quiz sobre CISM Quiz, criado por Christian Haller em 21-06-2014.
Christian Haller
Quiz por Christian Haller, atualizado more than 1 year ago
Christian Haller
Criado por Christian Haller mais de 10 anos atrás
2263
0

Resumo de Recurso

Questão 1

Questão
A security strategy is important for an organization PRIMARILY because it provides
Responda
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Questão 2

Questão
The MOST important reason to make sure there is good communication about security throughout the organization is:
Responda
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Questão 3

Questão
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Responda
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Questão 4

Questão
The MOST important consideration in developing security policies is that:
Responda
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Questão 5

Questão
The PRIMARY security objective in creating good procedures is
Responda
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Questão 6

Questão
The assignment of roles and responsibilities will be MOST effective if:
Responda
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Questão 7

Questão
The PRIMARY benefit organizations derive from effective information security governance is:
Responda
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Questão 8

Questão
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Responda
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Questão 9

Questão
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Responda
  • data owner
  • information security manager
  • domain administrator
  • business manager

Questão 10

Questão
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Responda
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Questão 11

Questão
The overall objective of risk management is to:
Responda
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Questão 12

Questão
The statement „risk = value x vulnerability x threat“ indicates that:
Responda
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Questão 13

Questão
To address changes in risk, an effective risk management program should:
Responda
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Questão 14

Questão
Information classification is important to properly manage risk PRIMARILY because:
Responda
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Questão 15

Questão
Vulnerabilities discovered during an assessment should be:
Responda
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Questão 16

Questão
Indemnity (Schadensersatz) agreements can be used to:
Responda
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Questão 17

Questão
Residual risks can be determined by:
Responda
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Questão 18

Questão
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Responda
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Questão 19

Questão
A risk analysis should:
Responda
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Questão 20

Questão
Which of the following is BEST for preventing an external attack?
Responda
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Questão 21

Questão
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Responda
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Questão 22

Questão
The MOST important single concept for an information security architect to keep in mind is:
Responda
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Questão 23

Questão
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Responda
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Questão 24

Questão
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Responda
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Questão 25

Questão
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Responda
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Questão 26

Questão
Which of the following BEST promotes accountability?
Responda
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Questão 27

Questão
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Responda
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Questão 28

Questão
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Responda
  • feasibility
  • requirements
  • design
  • development

Questão 29

Questão
What is the FIRST step in designing a secure client server environment?
Responda
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Questão 30

Questão
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Responda
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program

Semelhante

Raciocínio Lógico Simulado Concurso
Roberta Souza
Resumo de Biologia - Ciclos da Vida e Evolução
Larissa Guimarães
ORTOGRAFIA - emprego das letras
GoConqr suporte .
Fórmulas de Física para Vestibular
GoConqr suporte .
Física moderna
Vitoria Sefner
DIREITO ADMINISTRATIVO LEI 10.261/68
Joelma Silva
Anatomia Artérias
Filipe Brito
EA-HSG-2012 Questões achadas no app QUIZADA na playstore
carloshenriquetorrez .
Globalização e Revoluções técnico-científicas
João Victor
Nutrição para o Cérebro e a Memória
Joana Meira
Liderança Militar - Exercício 2
Ibsen Rodrigues Maciel