CISM Quiz

Description

Quiz on CISM Quiz, created by Christian Haller on 21/06/2014.
Christian Haller
Quiz by Christian Haller, updated more than 1 year ago
Christian Haller
Created by Christian Haller over 10 years ago
2264
0

Resource summary

Question 1

Question
A security strategy is important for an organization PRIMARILY because it provides
Answer
  • basis for determining the best logical security architecture for the organization
  • management intent and direction for security activities
  • provides users guidance on how to operate securely in everyday tasks
  • helps IT auditors ensure compliance

Question 2

Question
The MOST important reason to make sure there is good communication about security throughout the organization is:
Answer
  • to make security more palatable to resistant employees
  • because people are the biggest security risk
  • to inform business units about security strategy
  • to conform to regulations requiring all employees are informed about security

Question 3

Question
The regulatory environment for most organizations mandates a variety of security-related activities. It is MOST important that the information security manager:
Answer
  • rely on corporate counsel to advise which regulations are relevant
  • stay current with all relevant regulations and request legal interpretation
  • involve all impacted departments and treat regulations as just another risk
  • ignore many of the regulations that have no teeth

Question 4

Question
The MOST important consideration in developing security policies is that:
Answer
  • they are based on a threat profile
  • they are complete and no detail is let out
  • management signs off on them
  • all employees read and understand them

Question 5

Question
The PRIMARY security objective in creating good procedures is
Answer
  • to make sure they work as intended
  • that they are unambiguous and meet the standards
  • that they be written in plain language
  • that compliance can be monitored

Question 6

Question
The assignment of roles and responsibilities will be MOST effective if:
Answer
  • there is senior management support
  • the assignments are consistent with proficiencies
  • roles are mapped to required competencies
  • responsibilities are undertaken on a voluntary basis

Question 7

Question
The PRIMARY benefit organizations derive from effective information security governance is:
Answer
  • ensuring appropriate regulatory compliance
  • ensuring acceptable levels of disruption
  • prioritizing allocation of remedial resources
  • maximizing return on security investments

Question 8

Question
From an information security manager’s perspective, the MOST important factors regarding data retention are:
Answer
  • business and regulatory requirements
  • document integrity and destruction
  • media availability and storage
  • data confidentiality and encryption

Question 9

Question
Which role is in the BEST position to review and confirm the appropriateness of a user access list?
Answer
  • data owner
  • information security manager
  • domain administrator
  • business manager

Question 10

Question
In implementing information security governance, the information security manager is PRIMARILY responsible for:
Answer
  • developing the security strategy
  • reviewing the security strategy
  • communicating the security strategy
  • approving the security strategy

Question 11

Question
The overall objective of risk management is to:
Answer
  • eliminate all vulnerabilities, if possible
  • determine the best way to transfer risk
  • reduce risks to an acceptable level
  • implement effective countermeasures

Question 12

Question
The statement „risk = value x vulnerability x threat“ indicates that:
Answer
  • risk can be quantified using annual loss expectancy (ALE)
  • approximate risk can be estimated, provided probability is computed
  • the level of risk is greater when more threats meet more vulnerabilities
  • without knowing value, risk cannot be calculated

Question 13

Question
To address changes in risk, an effective risk management program should:
Answer
  • ensure that continuous monitoring processes are in place
  • establish proper security baselines for all information resources
  • implement a complete data classification process
  • change security policies on a timely basis to address changing risks

Question 14

Question
Information classification is important to properly manage risk PRIMARILY because:
Answer
  • it ensures accountability for information resources as required by roles and responsibilities
  • it is legal requirement under various regulations
  • there is no other way to meet the requirements for availability, integrity and auditability
  • it is used to identify the sensitivity and criticality of information to the organization

Question 15

Question
Vulnerabilities discovered during an assessment should be:
Answer
  • handled as a risk, even though there is no threat
  • prioritized for remediation solely based on impact
  • a basis for analyzing the effectiveness of controls
  • evaluated for threat and impact in addition to cost of mitigation

Question 16

Question
Indemnity (Schadensersatz) agreements can be used to:
Answer
  • ensure an agreed-upon level of service
  • reduce impacts on critical resources
  • transfer responsibility to a third party
  • provide an effective countermeasure to threats

Question 17

Question
Residual risks can be determined by:
Answer
  • determining remaining vulnerabilities after countermeasures are in place
  • a threat analysis
  • a risk assessment
  • transferring all risks

Question 18

Question
Data owners are PRIMARILY responsible for creating risk mitigation strategies to address which of the following areas?
Answer
  • platform security
  • entitlement changes
  • intrusion detection
  • antivirus controls

Question 19

Question
A risk analysis should:
Answer
  • limit the scope to a benchmark of similar companies
  • assume an equal degree of protection for all assets
  • address the potential size and likelihood of loss
  • give more weight to the likelihood vs. the size of the loss

Question 20

Question
Which of the following is BEST for preventing an external attack?
Answer
  • static IP addresses
  • network address translation
  • background checks for temporary employees
  • writing computer logs to removable media

Question 21

Question
Who is in the BEST position to develop the priorities and identify what risks and impacts would occur if there were a loss or corruption of the organization‘s information resources?
Answer
  • internal auditors
  • security management
  • business process owners
  • external regulatory agencies

Question 22

Question
The MOST important single concept for an information security architect to keep in mind is:
Answer
  • plan do check act
  • confidentiality, integrity, availablility
  • prevention, detection, correction
  • tone at the top

Question 23

Question
Which of the following is the BEST method of limiting the impact of vulnerabilities inherent to wireless networks?
Answer
  • require private, key based encryption to connect to the wireless network
  • enable auditing on every host that connects to a wireless network
  • require that every host that connects to this network is have a well tested recovery plan
  • enable auditing on every connection to the wireless network

Question 24

Question
In an environment that practises defense in depth, an Internet application that requires a login for a user to access it would also require which of the following additional controls?
Answer
  • user authentication
  • user audit trails
  • network load balancing
  • network authentication

Question 25

Question
If an information security manager has responsibility for application security review, which of the following additional responsibilities present a conflict of interest in performing the review?
Answer
  • operation system recovery
  • application administration
  • network change control
  • host based intrusion detection

Question 26

Question
Which of the following BEST promotes accountability?
Answer
  • compliance monitoring
  • awareness training
  • secure implementation
  • documented policy

Question 27

Question
Which of the following conclusions render the sentence MOST accurate? Vulnerabilities combined with threats:
Answer
  • always results in damage
  • require controls to avoid damage
  • allow exploits that may cause damage
  • always results in exploits

Question 28

Question
In which state of the systems development life cycle (SDLC) should the information security manager create a list of security issues presented by the functional description of a newly planned system?
Answer
  • feasibility
  • requirements
  • design
  • development

Question 29

Question
What is the FIRST step in designing a secure client server environment?
Answer
  • identify all data access points
  • establish operating system security on all platforms
  • require hard passwords
  • place a firewall between the server and clients

Question 30

Question
What BEST represents the hierarchy of access control strength, from weakest to strongest?
Answer
  • what you have, what you are, what you know
  • what you know, what you have, what you are
  • what you are, what you have, what you know
  • what you are, what you know, what you have information Security Program
Show full summary Hide full summary

Similar

Constitutional Law
jesusreyes88
The First, Second, Third and Fourth Crusades
adam.melling
MCAT Study Plan
Alice McClean
Themes in Pride and Prejudice
laura_botia
The Anatomy of the Heart
Shannan Muskopf
Certification Prep_1
Tonya Franklin
The Cold War: An Overview
Andrea Leyden
PSYA1 - attachment, AQA psychology
T W
Using GoConqr to learn Spanish
Sarah Egan
Photosynthesis and Respiration
Jessica Phillips
2PR101 1.test - 1. část
Nikola Truong