
100% Passing Guarantee - Brilliant CISM Exam Questions PDF [Jan-2022]
CISM Dumps 2022 - NewISACA CISM Exam Questions
To be able to pass the CISM exam with a high result, you have to learn all the required skills. The domains that are covered in this test are the following:
- Information Security Program Development & Management (27%)
Here, you need to know the methods to align the IS program requirements with those of other business functions, establish effective IS awareness and training programs, as well as design and implement operational IS metrics. As for your practical skills, it is required to know how to establish and maintain the IS program in the alignment with the IS strategy, integrate the IS requirements into the organizational processes, and compile your reports to the key stakeholders.
- Information Security Governance (24%)
For this area, you need to know the techniques that are used to develop the IS strategies, methods to plan and implement the IS governance framework, as well as considerations for communicating with the stakeholders and senior leadership. Besides that, you need to have the skills in integrating IS governance into corporate governance to ensure that all the organizational objectives and goals are supported by the IS program. The potential candidates need to be ready to define and communicate IS responsibilities throughout the organization as well.
- Information Risk Management (30%)
This section will evaluate your knowledge of gap analysis techniques related to IS, risk reporting requirements, and information asset valuation methodologies. You should also know about the methods that can be used to monitor internal and external risk factors. Your skills in identifying regulatory, organizational, legal, and other applicable requirements to manage the risk of noncompliance to acceptable levels as well as monitoring for external and internal factors will be measured.
- Information Security Incident Management (19%)
In this last topic, it is important to have the relevant knowledge of the external and internal incident reporting procedures and requirements, components of an incident response plan, as well as notification and escalation processes. While answering the questions from this domain, you will be tested on whether you are able to establish integration among an incident response plan, disaster recovery plan, and business continuity plan or not. Additionally, you need to have the skills in organizing, training, and equipping the incident response teams to respond to IS incidents in an effective and timely manner.
NEW QUESTION 669
An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?
- A. Inadequate buy-in from system owners to support the policies
- B. Lack of an information security governance framework
- C. Availability of security policy documents on a public website
- D. Lack of training for end users on security policies
Answer: A
NEW QUESTION 670
Which of the following devices should be placed within a DMZ?
- A. Proxy server
- B. Data warehouse server
- C. Application server
- D. Departmental server
Answer: C
Explanation:
Explanation/Reference:
Explanation:
An application server should normally be placed within a demilitarized zone (DMZ) to shield the internal network. Data warehouse and departmental servers may contain confidential or valuable data and should always be placed on the internal network, never on a DMZ that is subject to compromise. A proxy server forms the inner boundary of the DMZ but is not placed within it.
NEW QUESTION 671
Which of the following metrics would be the MOST useful in measuring how well information security is monitoring violation logs?
- A. Penetration attempts investigated
- B. Frequency of corrective actions taken
- C. Violation log reports produced
- D. Violation log entries
Answer: A
Explanation:
Explanation
The most useful metric is one that measures the degree to which complete follow-through has taken place. The quantity of reports, entries on reports and the frequency of corrective actions are not indicative of whether or not investigative action was taken.
NEW QUESTION 672
What is the BEST policy for securing data on mobile universal serial bus (USB) drives?
- A. Limit the use of USB devices
- B. Prohibit employees from copying data to USB devices
- C. Authentication
- D. Encryption
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Encryption provides the most effective protection of data on mobile devices. Authentication on its own is not very secure. Prohibiting employees from copying data to USB devices and limiting the use of USB devices are after the fact.
NEW QUESTION 673
Which of the following steps in conducting a risk assessment should be performed FIRST?
- A. Evaluate key controls
- B. Identify business risks
- C. Identity business assets
- D. Assess vulnerabilities
Answer: C
Explanation:
Risk assessment first requires one to identify the business assets that need to be protected before identifying the threats. The next step is to establish whether those threats represent business risk by identifying the likelihood and effect of occurrence, followed by assessing the vulnerabilities that may affect the security of the asset. This process establishes the control objectives against which key controls can be evaluated.
NEW QUESTION 674
Which of the following guarantees that data in a file have not changed?
- A. Encrypting the file with symmetric encryption
- B. Creating a hash of the file, then comparing the file hashes
- C. Inspecting the modified date of the file
- D. Using stringent access control to prevent unauthorized access
Answer: B
Explanation:
Explanation/Reference:
Explanation:
A hashing algorithm can be used to mathematically ensure that data haven't been changed by hashing a file and comparing the hashes after a suspected change.
NEW QUESTION 675
The advantage of sending messages using steganographic techniques, as opposed to utilizing encryption, is that:
- A. required key sizes are smaller.
- B. reliability of the data is higher in transit.
- C. traffic cannot be sniffed.
- D. the existence of messages is unknown.
Answer: D
Explanation:
The existence of messages is hidden when using steganography. This is the greatest risk. Keys are relevant for encryption and not for steganography. Sniffing of steganographic traffic is also possible. Option D is not relevant.
NEW QUESTION 676
When building a corporate-wide business continuity plan {BCP), it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of system recovery in the event of a disaster?
- A. Reviewing the business plans of each department
- B. Reviewing each system's key performance indicators (KPIs)
- C. Comparing the recovery point objectives (RPOs)
- D. Evaluating the cost associated with each system's outage
Answer: C
NEW QUESTION 677
Which of the following would BEST address the risk of data leakage?
- A. Incident response procedures
- B. Database integrity checks
- C. File backup procedures
- D. Acceptable use policies
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Acceptable use policies are the best measure for preventing the unauthorized disclosure of confidential information. The other choices do not address confidentiality of information.
NEW QUESTION 678
Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
- A. comparing spending against similar organizations.
- B. assessing the frequency of incidents.
- C. quantifying the cost of control failures.
- D. calculating return on investment (ROD projections.
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Calculating the return on investment (ROD will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.
NEW QUESTION 679
What does a network vulnerability assessment intend to identify?
- A. Misconfiguration and missing updates
- B. Malicious software and spyware
- C. 0-day vulnerabilities
- D. Security design flaws
Answer: A
Explanation:
Section: INFORMATION RISK MANAGEMENT
Explanation:
A network vulnerability assessment intends to identify known vulnerabilities based on common misconfigurations and missing updates. 0-day vulnerabilities by definition are not previously known and therefore are undetectable. Malicious software and spyware are normally addressed through antivirus and antispyware policies. Security design flaws require a deeper level of analysis.
NEW QUESTION 680
Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network?
- A. Authentication within application
- B. Strength of encryption algorithms
- C. Safeguards over keys
- D. Configuration of firewalls
Answer: C
Explanation:
Explanation
If keys are in the wrong hands, documents will be able to be read regardless of where they are on the network.
Choice A is incorrect because firewalls can be perfectly configured, but if the keys make it to the other side, they will not prevent the document from being decrypted. Choice B is incorrect because even easy encryption algorithms require adequate resources to break, whereas encryption keys can be easily used. Choice C is incorrect because the application "front door" controls may be bypassed by accessing data directly.
NEW QUESTION 681
Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
- A. Reboot the border router connected to the firewall
- B. Check IDS logs and monitor for any active attacks
- C. Enable server trace logging on the DMZ segment
- D. Update IDS software to the latest available version
Answer: B
Explanation:
Information security should check the intrusion detection system (IDS) logs and continue to monitor the situation. It would be inappropriate to take any action beyond that. In fact, updating the IDS could create a temporary exposure until the new version can be properly tuned. Rebooting the router and enabling server trace routing would not be warranted.
NEW QUESTION 682
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
- A. Meet with data owners to understand business needs
- B. Redefine and implement proper access rights
- C. Establish procedures for granting emergency access
- D. Review the procedures for granting access
Answer: A
Explanation:
Explanation
An information security manager must understand the business needs that motivated the change prior to taking any unilateral action. Following this, all other choices could be correct depending on the priorities set by the business unit.
NEW QUESTION 683
Which of the following is the BEST way to reduce the risk of a ransomware attack?
- A. Authenticate inbound email and enable strong content filtering
- B. Perform regular backups and validate the restoration process
- C. Perform a network vulnerability assessment.
- D. Confirm backups are not connected to the network.
Answer: B
NEW QUESTION 684
A major trading partner with access to the internal network is unwilling or unable to remediate serious information security exposures within its environment. Which of the following is the BEST recommendation?
- A. Remove all trading partner access until the situation improves
- B. Send periodic reminders advising them of their noncompliance
- C. Sign a legal agreement assigning them all liability for any breach
- D. Set up firewall rules restricting network traffic from that location
Answer: D
Explanation:
Explanation
It is incumbent on an information security manager to see to the protection of their organization's network, but to do so in a manner that does not adversely affect the conduct of business. This can be accomplished by adding specific traffic restrictions for that particular location. Removing all access will likely result in lost business. Agreements and reminders do not protect the integrity of the network.
NEW QUESTION 685
A desktop computer that was involved in a computer security incident should be secured as evidence by:
- A. disconnecting the computer from all power sources.
- B. encrypting local files and uploading exact copies to a secure server.
- C. copying all files using the operating system (OS) to write-once media.
- D. disabling all local user accounts except for one administrator.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
To preserve the integrity of the desktop computer as an item of evidence, it should be immediately disconnected from all sources of power. Any attempt to access the information on the computer by copying, uploading or accessing it remotely changes the operating system (OS) and temporary files on the computer and invalidates it as admissible evidence.
NEW QUESTION 686
Which of the following processes is critical for deciding prioritization of actions in a business continuity plan?
- A. Vulnerability assessment
- B. Business impact analysis (BIA)
- C. Business process mapping
- D. Risk assessment
Answer: B
Explanation:
Explanation/Reference:
Explanation:
A business impact analysis (BIA) provides results, such as impact from a security incident and required response times. The BIA is the most critical process for deciding which part of the information system/ business process should be given prioritization in case of a security incident. Risk assessment is a very important process for the creation of a business continuity plan. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures. but not in the prioritization. As in choice B, a vulnerability assessment provides information regarding the security weaknesses of the system, supporting the risk analysis process. Business process mapping facilitates the creation of the plan by providing mapping guidance on actions after the decision on critical business processes has been made-translating business prioritization to IT prioritization. Business process mapping does not help in making a decision, but in implementing a decision.
NEW QUESTION 687
Conducting a cost-benefit analysis for a security investment is important because it
- A. supports justification for expenditure.
- B. quantifies return on security investment
- C. supports asset classification.
- D. quantifies residual risk
Answer: A
NEW QUESTION 688
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database administrator in the IT department?
- A. IT department management
- B. Database administrator (DBA)
- C. Finance department management
- D. Information security manager
Answer: C
Explanation:
Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Data owners are responsible for determining data classification; in this case, management of the finance department would be the owners of accounting ledger data. The database administrator (DBA) and IT management are the custodians of the data who would apply the appropriate security levels for the classification, while the security manager would act as an advisor and enforcer.
NEW QUESTION 689
An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:
- A. use a qualitative method to assess the risk.
- B. use a quantitative method to assess the risk.
- C. put it in the priority list in order to gain time to collect more data.
- D. ask management to increase staff in order to collect more evidence on severity.
Answer: A
NEW QUESTION 690
When designing an information security quarterly report to management, the MOST important element to be considered should be the:
- A. information security metrics.
- B. knowledge required to analyze each issue.
- C. baseline against which metrics are evaluated.
- D. linkage to business area objectives.
Answer: D
Explanation:
Section: INFORMATION SECURITY GOVERNANCE
Explanation:
The link to business objectives is the most important clement that would be considered by management.
Information security metrics should be put in the context of impact to management objectives. Although important, the security knowledge required would not be the first element to be considered. Baselining against the information security metrics will be considered later in the process.
NEW QUESTION 691
The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:
- A. has implemented cookies as the sole authentication mechanism.
- B. has been installed with a non-1egitimate license key.
- C. uses multiple redirects for completing a data commit transaction.
- D. is hosted on a server along with other applications.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction. XSRF is related to an authentication mechanism, not to redirection. Option C is related to intellectual property rights, not to XSRF vulnerability. Merely hosting multiple applications on the same server is not the root cause of this vulnerability.
NEW QUESTION 692
An organization determines that an end-user has clicked on a malicious link. Which of the following would MOST effectively prevent similar situations from recurring?
- A. Updated security policies
- B. End-user training
- C. Virus protection
- D. End-user access control
Answer: B
NEW QUESTION 693
......
Free CISM braindumps download: https://www.actual4test.com/CISM_examcollection.html
CISM Dumps for Pass Guaranteed - Pass CISM Exam: https://drive.google.com/open?id=1IG2RjjCQ2EnIGo8KpcPbGTW89gmW5RAV